@aigrc/cli 0.1.0 → 0.2.0

package/dist/index.js

@@ -700,59 +700,414 @@ function sanitizeFileName2(name) {
 
 // src/commands/validate.ts
 import { Command as Command4 } from "commander";
-import chalk5 from "chalk";
+import chalk6 from "chalk";
 import ora3 from "ora";
-import path4 from "path";
+import path5 from "path";
 import fs3 from "fs/promises";
+import YAML from "yaml";
 import {
   loadAssetCard,
   classifyRisk,
   validateAssetCard
 } from "@aigrc/core";
+
+// src/utils/exit-codes.ts
+function exit(code) {
+  process.exit(code);
+}
+
+// src/formatters/sarif.ts
+function formatSarif(results, version = "0.1.0") {
+  const sarifResults = [];
+  const artifacts = [];
+  const seenPaths = /* @__PURE__ */ new Set();
+  for (const result of results) {
+    if (!seenPaths.has(result.path)) {
+      seenPaths.add(result.path);
+      artifacts.push({
+        location: {
+          uri: result.path
+        },
+        mimeType: "application/x-yaml"
+      });
+    }
+    if (!result.validation.valid) {
+      for (const error of result.validation.errors) {
+        sarifResults.push({
+          ruleId: "AIGRC001",
+          level: "error",
+          message: {
+            text: error
+          },
+          locations: [
+            {
+              physicalLocation: {
+                artifactLocation: {
+                  uri: result.path
+                }
+              }
+            }
+          ],
+          properties: {
+            cardId: result.card?.id,
+            cardName: result.card?.name
+          }
+        });
+      }
+    } else {
+      sarifResults.push({
+        ruleId: "AIGRC001",
+        level: "none",
+        message: {
+          text: "Asset card validation passed"
+        },
+        locations: [
+          {
+            physicalLocation: {
+              artifactLocation: {
+                uri: result.path
+              }
+            }
+          }
+        ],
+        properties: {
+          cardId: result.card?.id,
+          cardName: result.card?.name,
+          riskLevel: result.card?.classification?.riskLevel
+        }
+      });
+    }
+  }
+  const sarif = {
+    version: "2.1.0",
+    $schema: "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+    runs: [
+      {
+        tool: {
+          driver: {
+            name: "AIGRC",
+            version,
+            informationUri: "https://github.com/aigrc/aigrc",
+            rules: [
+              {
+                id: "AIGRC001",
+                name: "AssetCardValidation",
+                shortDescription: {
+                  text: "Asset card must be valid according to AIGRC schema"
+                },
+                fullDescription: {
+                  text: "Validates asset cards against AIGRC compliance requirements including risk classification, ownership, and regulatory framework mappings."
+                },
+                help: {
+                  text: "Ensure your asset card includes all required fields and follows the AIGRC schema. Run 'aigrc validate --help' for more information."
+                },
+                defaultConfiguration: {
+                  level: "error"
+                }
+              }
+            ]
+          }
+        },
+        results: sarifResults,
+        artifacts
+      }
+    ]
+  };
+  return sarif;
+}
+function sarifToJson(sarif, pretty = true) {
+  return JSON.stringify(sarif, null, pretty ? 2 : 0);
+}
+
+// src/formatters/text.ts
+import chalk5 from "chalk";
+import path4 from "path";
+function printValidationSummary(results) {
+  console.log(chalk5.bold("Validation Summary"));
+  console.log(chalk5.dim("\u2500".repeat(50)));
+  console.log();
+  for (const result of results) {
+    const fileName = path4.basename(result.path);
+    if (!result.validation.valid) {
+      console.log(chalk5.red(`\u2717 ${fileName}`));
+      for (const error of result.validation.errors) {
+        console.log(chalk5.red(`    Error: ${error}`));
+      }
+      if (result.fixed && result.fixedFields && result.fixedFields.length > 0) {
+        console.log(chalk5.yellow(`    Fixed: ${result.fixedFields.join(", ")}`));
+      }
+    } else {
+      console.log(chalk5.green(`\u2713 ${fileName}`));
+      if (result.fixed && result.fixedFields && result.fixedFields.length > 0) {
+        console.log(chalk5.yellow(`    Fixed: ${result.fixedFields.join(", ")}`));
+      }
+      if (result.card && result.classification) {
+        const tierColor = getRiskLevelColor(result.classification.riskLevel);
+        console.log(
+          chalk5.dim("    Risk Level: ") + tierColor(result.classification.riskLevel)
+        );
+        if (result.classification.euAiActCategory) {
+          console.log(
+            chalk5.dim("    EU AI Act: ") + chalk5.yellow(result.classification.euAiActCategory)
+          );
+        }
+      }
+    }
+    console.log();
+  }
+  const valid = results.filter((r) => r.validation.valid).length;
+  const invalid = results.filter((r) => !r.validation.valid).length;
+  const fixed = results.filter((r) => r.fixed).length;
+  console.log(chalk5.dim("\u2500".repeat(50)));
+  console.log(
+    `Total: ${results.length} | ` + chalk5.green(`Valid: ${valid}`) + ` | ` + chalk5.red(`Invalid: ${invalid}`) + (fixed > 0 ? ` | ${chalk5.yellow(`Fixed: ${fixed}`)}` : "")
+  );
+}
+function getRiskLevelColor(level) {
+  switch (level) {
+    case "minimal":
+      return chalk5.green;
+    case "limited":
+      return chalk5.yellow;
+    case "high":
+      return chalk5.red;
+    case "unacceptable":
+      return chalk5.magenta;
+    default:
+      return chalk5.white;
+  }
+}
+
+// src/fixers/auto-fix.ts
+function autoFixAssetCard(card) {
+  const fixedFields = [];
+  const fixedCard = JSON.parse(JSON.stringify(card));
+  if (!fixedCard.metadata?.createdAt) {
+    if (!fixedCard.metadata) {
+      fixedCard.metadata = {
+        createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+        updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        version: "1.0.0"
+      };
+    } else {
+      fixedCard.metadata.createdAt = (/* @__PURE__ */ new Date()).toISOString();
+    }
+    fixedFields.push("metadata.createdAt");
+  } else if (!isValidISODate(fixedCard.metadata.createdAt)) {
+    fixedCard.metadata.createdAt = normalizeDate(fixedCard.metadata.createdAt);
+    fixedFields.push("metadata.createdAt (format)");
+  }
+  if (!fixedCard.metadata?.updatedAt) {
+    if (!fixedCard.metadata) {
+      fixedCard.metadata = {
+        createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+        updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        version: "1.0.0"
+      };
+    } else {
+      fixedCard.metadata.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+    }
+    fixedFields.push("metadata.updatedAt");
+  } else if (!isValidISODate(fixedCard.metadata.updatedAt)) {
+    fixedCard.metadata.updatedAt = normalizeDate(fixedCard.metadata.updatedAt);
+    fixedFields.push("metadata.updatedAt (format)");
+  }
+  if (!fixedCard.metadata?.version) {
+    if (!fixedCard.metadata) {
+      fixedCard.metadata = {
+        createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+        updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        version: "1.0.0"
+      };
+    } else {
+      fixedCard.metadata.version = "1.0.0";
+    }
+    fixedFields.push("metadata.version");
+  }
+  if (fixedCard.classification?.riskLevel) {
+    const normalized = normalizeRiskLevel(fixedCard.classification.riskLevel);
+    if (normalized !== fixedCard.classification.riskLevel) {
+      fixedCard.classification.riskLevel = normalized;
+      fixedFields.push("classification.riskLevel");
+    }
+  }
+  if (fixedCard.classification?.riskFactors?.piiProcessing !== void 0) {
+    const pii = fixedCard.classification.riskFactors.piiProcessing;
+    if (typeof pii === "boolean") {
+      fixedCard.classification.riskFactors.piiProcessing = pii ? "yes" : "no";
+      fixedFields.push("classification.riskFactors.piiProcessing");
+    }
+  }
+  if (!fixedCard.id) {
+    fixedCard.id = generateId(fixedCard.name);
+    fixedFields.push("id");
+  }
+  if (!fixedCard.name) {
+    fixedCard.name = "Unnamed Asset";
+    fixedFields.push("name");
+  }
+  if (!fixedCard.description) {
+    fixedCard.description = "No description provided";
+    fixedFields.push("description");
+  }
+  if (!fixedCard.classification) {
+    fixedCard.classification = {
+      riskLevel: "minimal",
+      riskFactors: {
+        autonomousDecisions: false,
+        customerFacing: false,
+        toolExecution: false,
+        externalDataAccess: false,
+        piiProcessing: "unknown",
+        highStakesDecisions: false
+      }
+    };
+    fixedFields.push("classification");
+  }
+  if (!fixedCard.classification.riskFactors) {
+    fixedCard.classification.riskFactors = {
+      autonomousDecisions: false,
+      customerFacing: false,
+      toolExecution: false,
+      externalDataAccess: false,
+      piiProcessing: "unknown",
+      highStakesDecisions: false
+    };
+    fixedFields.push("classification.riskFactors");
+  }
+  return {
+    fixed: fixedFields.length > 0,
+    fixedFields,
+    card: fixedCard
+  };
+}
+function isValidISODate(dateStr) {
+  const iso8601Regex = /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d{3})?Z?$/;
+  if (!iso8601Regex.test(dateStr)) {
+    return false;
+  }
+  const date = new Date(dateStr);
+  return !isNaN(date.getTime());
+}
+function normalizeDate(dateStr) {
+  const date = new Date(dateStr);
+  if (isNaN(date.getTime())) {
+    return (/* @__PURE__ */ new Date()).toISOString();
+  }
+  return date.toISOString();
+}
+function normalizeRiskLevel(level) {
+  const normalized = level.toLowerCase().trim();
+  const validLevels = ["minimal", "limited", "high", "unacceptable"];
+  if (validLevels.includes(normalized)) {
+    return normalized;
+  }
+  const mappings = {
+    low: "minimal",
+    medium: "limited",
+    critical: "unacceptable",
+    extreme: "unacceptable",
+    none: "minimal"
+  };
+  return mappings[normalized] || "minimal";
+}
+function generateId(name) {
+  return name.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "").substring(0, 50);
+}
+
+// src/commands/validate.ts
 var DEFAULT_CARDS_DIR3 = ".aigrc/cards";
-var validateCommand = new Command4("validate").description("Validate asset cards against compliance requirements").argument("[path]", "Path to asset card or cards directory").option("-s, --strict", "Fail on warnings as well as errors").option("-o, --output <format>", "Output format (text, json)", "text").option("-a, --all", "Validate all cards in the cards directory").action(async (cardPath, options) => {
+var validateCommand = new Command4("validate").description("Validate asset cards against compliance requirements").argument("[path]", "Path to asset card or cards directory").option("-s, --strict", "Fail on warnings as well as errors").option("-o, --output <format>", "Output format (text, json, sarif)", "text").option("-a, --all", "Validate all cards in the cards directory").option("--fix", "Automatically fix common issues").option("--dry-run", "Preview fixes without saving (requires --fix)").option("--output-file <path>", "Write output to file instead of stdout").action(async (cardPath, options) => {
   await runValidate(cardPath, options);
 });
 async function runValidate(cardPath, options) {
-  if (options.output === "text") {
+  if (options.dryRun && !options.fix) {
+    if (options.output === "text") {
+      console.error(chalk6.red("Error: --dry-run requires --fix"));
+    } else {
+      console.error(JSON.stringify({ error: "--dry-run requires --fix" }));
+    }
+    exit(2 /* INVALID_ARGUMENTS */);
+  }
+  if (options.output === "text" && !options.outputFile) {
     printHeader();
   }
   const cardsToValidate = [];
   if (options.all || !cardPath) {
-    const cardsDir = path4.join(process.cwd(), DEFAULT_CARDS_DIR3);
+    const cardsDir = path5.join(process.cwd(), DEFAULT_CARDS_DIR3);
     try {
       const files = await fs3.readdir(cardsDir);
       const yamlFiles = files.filter((f) => f.endsWith(".yaml") || f.endsWith(".yml"));
       for (const file of yamlFiles) {
-        cardsToValidate.push(path4.join(cardsDir, file));
+        cardsToValidate.push(path5.join(cardsDir, file));
       }
-    } catch {
-      if (options.output === "text") {
-        console.log(chalk5.yellow("No cards directory found."));
-        console.log(chalk5.dim(`Expected: ${cardsDir}`));
-        console.log(chalk5.dim("Run `aigrc init` to initialize AIGRC."));
+    } catch (error) {
+      if (options.output === "text" && !options.outputFile) {
+        console.log(chalk6.yellow("No cards directory found."));
+        console.log(chalk6.dim(`Expected: ${cardsDir}`));
+        console.log(chalk6.dim("Run `aigrc init` to initialize AIGRC."));
       } else {
-        console.log(JSON.stringify({ error: "No cards directory found" }));
+        const output = JSON.stringify({ error: "No cards directory found" });
+        if (options.outputFile) {
+          await fs3.writeFile(options.outputFile, output);
+        } else {
+          console.log(output);
+        }
       }
-      process.exit(1);
+      exit(4 /* FILE_NOT_FOUND */);
     }
   } else {
-    cardsToValidate.push(path4.resolve(process.cwd(), cardPath));
+    const resolvedPath = path5.resolve(process.cwd(), cardPath);
+    try {
+      await fs3.access(resolvedPath);
+      cardsToValidate.push(resolvedPath);
+    } catch {
+      if (options.output === "text" && !options.outputFile) {
+        console.log(chalk6.red(`Error: File not found: ${cardPath}`));
+      } else {
+        const output = JSON.stringify({ error: `File not found: ${cardPath}` });
+        if (options.outputFile) {
+          await fs3.writeFile(options.outputFile, output);
+        } else {
+          console.log(output);
+        }
+      }
+      exit(4 /* FILE_NOT_FOUND */);
+    }
   }
   if (cardsToValidate.length === 0) {
-    if (options.output === "text") {
-      console.log(chalk5.yellow("No asset cards found to validate."));
+    if (options.output === "text" && !options.outputFile) {
+      console.log(chalk6.yellow("No asset cards found to validate."));
     } else {
-      console.log(JSON.stringify({ error: "No asset cards found" }));
+      const output = JSON.stringify({ error: "No asset cards found" });
+      if (options.outputFile) {
+        await fs3.writeFile(options.outputFile, output);
+      } else {
+        console.log(output);
+      }
     }
-    process.exit(1);
+    exit(4 /* FILE_NOT_FOUND */);
   }
   const results = [];
   let hasErrors = false;
   for (const cardFile of cardsToValidate) {
-    const spinner = options.output === "text" ? ora3(`Validating ${path4.basename(cardFile)}...`).start() : void 0;
+    const spinner = options.output === "text" && !options.outputFile ? ora3(`Validating ${path5.basename(cardFile)}...`).start() : void 0;
     try {
-      const card = loadAssetCard(cardFile);
+      let card = loadAssetCard(cardFile);
+      let fixed = false;
+      let fixedFields = [];
+      if (options.fix) {
+        const fixResult = autoFixAssetCard(card);
+        if (fixResult.fixed) {
+          fixed = true;
+          fixedFields = fixResult.fixedFields;
+          card = fixResult.card;
+          if (!options.dryRun) {
+            const yamlContent = YAML.stringify(card);
+            await fs3.writeFile(cardFile, yamlContent, "utf-8");
+          }
+        }
+      }
       const validation = validateAssetCard(card);
       const classification = classifyRisk(card.classification.riskFactors);
       results.push({
@@ -762,13 +1117,17 @@ async function runValidate(cardPath, options) {
           valid: validation.valid,
           errors: validation.errors ?? []
         },
-        classification
+        classification,
+        fixed,
+        fixedFields
       });
       if (!validation.valid) {
         hasErrors = true;
-        spinner?.fail(`${path4.basename(cardFile)}: Invalid`);
+        spinner?.fail(`${path5.basename(cardFile)}: Invalid`);
+      } else if (fixed) {
+        spinner?.succeed(`${path5.basename(cardFile)}: Valid (fixed ${fixedFields.length} issues)`);
       } else {
-        spinner?.succeed(`${path4.basename(cardFile)}: Valid`);
+        spinner?.succeed(`${path5.basename(cardFile)}: Valid`);
       }
     } catch (error) {
       hasErrors = true;
@@ -780,76 +1139,93 @@ async function runValidate(cardPath, options) {
           errors: [errorMessage]
         }
       });
-      spinner?.fail(`${path4.basename(cardFile)}: Parse error`);
+      spinner?.fail(`${path5.basename(cardFile)}: Parse error`);
     }
   }
-  if (options.output === "json") {
-    console.log(JSON.stringify({ results }, null, 2));
-  } else {
-    console.log();
-    printValidationSummary(results);
-  }
+  await outputResults(results, options);
   if (hasErrors) {
-    process.exit(1);
+    exit(3 /* VALIDATION_ERRORS */);
   }
+  exit(0 /* SUCCESS */);
 }
-function printValidationSummary(results) {
-  console.log(chalk5.bold("Validation Summary"));
-  console.log(chalk5.dim("\u2500".repeat(50)));
-  console.log();
+async function outputResults(results, options) {
+  let output;
+  switch (options.output) {
+    case "sarif": {
+      const sarif = formatSarif(results);
+      output = sarifToJson(sarif);
+      break;
+    }
+    case "json": {
+      output = JSON.stringify({ results }, null, 2);
+      break;
+    }
+    case "text":
+    default: {
+      if (options.outputFile) {
+        output = formatTextOutput(results);
+      } else {
+        console.log();
+        printValidationSummary(results);
+        return;
+      }
+    }
+  }
+  if (options.outputFile) {
+    await fs3.writeFile(options.outputFile, output, "utf-8");
+    if (options.output === "text") {
+      console.log(chalk6.green(`\u2713 Output written to ${options.outputFile}`));
+    }
+  } else {
+    console.log(output);
+  }
+}
+function formatTextOutput(results) {
+  const lines = [];
+  lines.push("Validation Summary");
+  lines.push("\u2500".repeat(50));
+  lines.push("");
   for (const result of results) {
-    const fileName = path4.basename(result.path);
+    const fileName = path5.basename(result.path);
     if (!result.validation.valid) {
-      console.log(chalk5.red(`\u2717 ${fileName}`));
+      lines.push(`\u2717 ${fileName}`);
       for (const error of result.validation.errors) {
-        console.log(chalk5.red(`    Error: ${error}`));
+        lines.push(`    Error: ${error}`);
       }
     } else {
-      console.log(chalk5.green(`\u2713 ${fileName}`));
+      lines.push(`\u2713 ${fileName}`);
+      if (result.fixed && result.fixedFields && result.fixedFields.length > 0) {
+        lines.push(`    Fixed: ${result.fixedFields.join(", ")}`);
+      }
       if (result.card && result.classification) {
-        const tierColor = getRiskLevelColor(result.classification.riskLevel);
-        console.log(
-          chalk5.dim("    Risk Level: ") + tierColor(result.classification.riskLevel)
-        );
+        lines.push(`    Risk Level: ${result.classification.riskLevel}`);
         if (result.classification.euAiActCategory) {
-          console.log(
-            chalk5.dim("    EU AI Act: ") + chalk5.yellow(result.classification.euAiActCategory)
-          );
+          lines.push(`    EU AI Act: ${result.classification.euAiActCategory}`);
         }
       }
     }
-    console.log();
+    lines.push("");
   }
   const valid = results.filter((r) => r.validation.valid).length;
   const invalid = results.filter((r) => !r.validation.valid).length;
-  console.log(chalk5.dim("\u2500".repeat(50)));
-  console.log(
-    `Total: ${results.length} | ` + chalk5.green(`Valid: ${valid}`) + ` | ` + chalk5.red(`Invalid: ${invalid}`)
+  const fixed = results.filter((r) => r.fixed).length;
+  lines.push("\u2500".repeat(50));
+  lines.push(
+    `Total: ${results.length} | Valid: ${valid} | Invalid: ${invalid}` + (fixed > 0 ? ` | Fixed: ${fixed}` : "")
   );
-}
-function getRiskLevelColor(level) {
-  switch (level) {
-    case "minimal":
-      return chalk5.green;
-    case "limited":
-      return chalk5.yellow;
-    case "high":
-      return chalk5.red;
-    case "unacceptable":
-      return chalk5.magenta;
-    default:
-      return chalk5.white;
-  }
+  return lines.join("\n");
 }
 
 // src/commands/status.ts
 import { Command as Command5 } from "commander";
-import chalk6 from "chalk";
-import path5 from "path";
+import chalk7 from "chalk";
+import path6 from "path";
 import fs4 from "fs/promises";
 import {
   loadAssetCard as loadAssetCard2,
-  classifyRisk as classifyRisk2
+  classifyRisk as classifyRisk2,
+  extractGoldenThreadComponents,
+  verifyGoldenThreadHashSync
 } from "@aigrc/core";
 var DEFAULT_CARDS_DIR4 = ".aigrc/cards";
 var DEFAULT_CONFIG_FILE2 = ".aigrc.yaml";
@@ -861,14 +1237,14 @@ async function runStatus(options) {
   if (options.output === "text") {
     printHeader();
   }
-  const configPath = path5.join(cwd, DEFAULT_CONFIG_FILE2);
-  const cardsDir = path5.join(cwd, DEFAULT_CARDS_DIR4);
+  const configPath = path6.join(cwd, DEFAULT_CONFIG_FILE2);
+  const cardsDir = path6.join(cwd, DEFAULT_CARDS_DIR4);
   const configExists = await fileExists2(configPath);
   const cardsDirExists = await directoryExists(cardsDir);
   if (!configExists && !cardsDirExists) {
     if (options.output === "text") {
-      console.log(chalk6.yellow("AIGRC is not initialized in this directory."));
-      console.log(chalk6.dim("\nRun `aigrc init` to get started."));
+      console.log(chalk7.yellow("AIGRC is not initialized in this directory."));
+      console.log(chalk7.dim("\nRun `aigrc init` to get started."));
     } else {
       console.log(JSON.stringify({ initialized: false }));
     }
@@ -881,7 +1257,7 @@ async function runStatus(options) {
       const yamlFiles = files.filter((f) => f.endsWith(".yaml") || f.endsWith(".yml"));
       for (const file of yamlFiles) {
         try {
-          const filePath = path5.join(cardsDir, file);
+          const filePath = path6.join(cardsDir, file);
           const card = loadAssetCard2(filePath);
           const classification = classifyRisk2(card.classification.riskFactors);
           cards.push({ path: filePath, card, classification });
@@ -912,19 +1288,21 @@ async function runStatus(options) {
     );
     return;
   }
-  console.log(chalk6.bold("AIGRC Status"));
-  console.log(chalk6.dim("\u2500".repeat(50)));
+  console.log(chalk7.bold("AIGRC Status"));
+  console.log(chalk7.dim("\u2500".repeat(50)));
   console.log();
-  console.log(chalk6.dim("Config:"), configExists ? chalk6.green("\u2713") : chalk6.red("\u2717"), configPath);
-  console.log(chalk6.dim("Cards:"), cardsDirExists ? chalk6.green("\u2713") : chalk6.red("\u2717"), cardsDir);
+  console.log(chalk7.dim("Config:"), configExists ? chalk7.green("\u2713") : chalk7.red("\u2717"), configPath);
+  console.log(chalk7.dim("Cards:"), cardsDirExists ? chalk7.green("\u2713") : chalk7.red("\u2717"), cardsDir);
+  console.log();
+  printGoldenThreadStatus(cards);
   console.log();
   if (cards.length === 0) {
-    console.log(chalk6.yellow("No asset cards registered."));
-    console.log(chalk6.dim("\nRun `aigrc init` or `aigrc register` to create an asset card."));
+    console.log(chalk7.yellow("No asset cards registered."));
+    console.log(chalk7.dim("\nRun `aigrc init` or `aigrc register` to create an asset card."));
     return;
   }
-  console.log(chalk6.bold(`Registered Assets (${cards.length})`));
-  console.log(chalk6.dim("\u2500".repeat(50)));
+  console.log(chalk7.bold(`Registered Assets (${cards.length})`));
+  console.log(chalk7.dim("\u2500".repeat(50)));
   console.log();
   const byLevel = groupByRiskLevel(cards);
   for (const level of ["unacceptable", "high", "limited", "minimal"]) {
@@ -934,18 +1312,18 @@ async function runStatus(options) {
     console.log(levelColor(`${level.toUpperCase()} (${levelCards.length})`));
     console.log();
     for (const { card, classification } of levelCards) {
-      console.log(`  ${chalk6.bold(card.name)}`);
-      console.log(chalk6.dim(`    ID: ${card.id}`));
-      console.log(chalk6.dim(`    Risk Level: ${classification.riskLevel}`));
+      console.log(`  ${chalk7.bold(card.name)}`);
+      console.log(chalk7.dim(`    ID: ${card.id}`));
+      console.log(chalk7.dim(`    Risk Level: ${classification.riskLevel}`));
       if (classification.euAiActCategory) {
-        console.log(chalk6.dim(`    EU AI Act: `) + chalk6.yellow(classification.euAiActCategory));
+        console.log(chalk7.dim(`    EU AI Act: `) + chalk7.yellow(classification.euAiActCategory));
       }
       if (card.ownership?.owner) {
-        console.log(chalk6.dim(`    Owner: ${card.ownership.owner.name} <${card.ownership.owner.email}>`));
+        console.log(chalk7.dim(`    Owner: ${card.ownership.owner.name} <${card.ownership.owner.email}>`));
       }
       const activeRisks = getActiveRiskFactors(card);
       if (activeRisks.length > 0) {
-        console.log(chalk6.dim(`    Risks: `) + activeRisks.join(", "));
+        console.log(chalk7.dim(`    Risks: `) + activeRisks.join(", "));
       }
       console.log();
     }
@@ -964,17 +1342,17 @@ function groupByRiskLevel(cards) {
   return byLevel;
 }
 function printStatusSummary(cards) {
-  console.log(chalk6.dim("\u2500".repeat(50)));
+  console.log(chalk7.dim("\u2500".repeat(50)));
   const minimal = cards.filter((c) => c.classification.riskLevel === "minimal").length;
   const limited = cards.filter((c) => c.classification.riskLevel === "limited").length;
   const high = cards.filter((c) => c.classification.riskLevel === "high").length;
   const unacceptable = cards.filter((c) => c.classification.riskLevel === "unacceptable").length;
   console.log(
-    `Total: ${cards.length} | ` + chalk6.green(`Minimal: ${minimal}`) + ` | ` + chalk6.yellow(`Limited: ${limited}`) + ` | ` + chalk6.red(`High: ${high}`) + ` | ` + chalk6.magenta(`Unacceptable: ${unacceptable}`)
+    `Total: ${cards.length} | ` + chalk7.green(`Minimal: ${minimal}`) + ` | ` + chalk7.yellow(`Limited: ${limited}`) + ` | ` + chalk7.red(`High: ${high}`) + ` | ` + chalk7.magenta(`Unacceptable: ${unacceptable}`)
   );
   if (high > 0 || unacceptable > 0) {
     console.log();
-    console.log(chalk6.yellow("\u26A0 High-risk assets detected. Review compliance requirements."));
+    console.log(chalk7.yellow("\u26A0 High-risk assets detected. Review compliance requirements."));
   }
 }
 function getActiveRiskFactors(card) {
@@ -992,15 +1370,15 @@ function getActiveRiskFactors(card) {
 function getRiskLevelColor2(level) {
   switch (level) {
     case "minimal":
-      return chalk6.green;
+      return chalk7.green;
     case "limited":
-      return chalk6.yellow;
+      return chalk7.yellow;
     case "high":
-      return chalk6.red;
+      return chalk7.red;
     case "unacceptable":
-      return chalk6.magenta;
+      return chalk7.magenta;
     default:
-      return chalk6.white;
+      return chalk7.white;
   }
 }
 async function fileExists2(filePath) {
@@ -1019,6 +1397,41 @@ async function directoryExists(dirPath) {
     return false;
   }
 }
+function printGoldenThreadStatus(cards) {
+  const cardsWithGoldenThread = cards.filter((c) => {
+    const components = extractGoldenThreadComponents(c.card);
+    return components && c.card.golden_thread?.hash;
+  });
+  if (cardsWithGoldenThread.length === 0) {
+    return;
+  }
+  console.log(chalk7.bold("Golden Thread"));
+  console.log(chalk7.dim("\u2500".repeat(50)));
+  console.log();
+  for (const { card } of cardsWithGoldenThread) {
+    const components = extractGoldenThreadComponents(card);
+    if (!components || !card.golden_thread?.hash) continue;
+    console.log(chalk7.bold(card.name));
+    console.log(chalk7.dim(`  Hash: ${card.golden_thread.hash}`));
+    try {
+      const verification = verifyGoldenThreadHashSync(components, card.golden_thread.hash);
+      if (verification.verified) {
+        console.log(chalk7.dim("  Status: ") + chalk7.green("\u2713 Verified"));
+      } else {
+        console.log(chalk7.dim("  Status: ") + chalk7.red("\u2717 Verification Failed"));
+        if (verification.mismatch_reason) {
+          console.log(chalk7.dim("  Reason: ") + chalk7.yellow(verification.mismatch_reason));
+        }
+      }
+    } catch (error) {
+      console.log(chalk7.dim("  Status: ") + chalk7.red("\u2717 Error"));
+    }
+    if (card.golden_thread?.signature) {
+      console.log(chalk7.dim("  Signature: ") + chalk7.green("\u2713 RSA-SHA256"));
+    }
+    console.log();
+  }
+}
 export {
   initCommand,
   registerCommand,