@hatem427/code-guard-ci 3.6.1 → 3.6.3

package/README.md

@@ -1,6 +1,6 @@
 # 🛡️ Code Guardian — Complete Documentation
 
-> **Version:** 2.0.0  
+> **Version:** 3.6.0  
 > **Package:** `@hatem427/code-guard-ci`  
 > **Author:** Hatem Bassem  
 > **License:** MIT
@@ -309,40 +309,26 @@ Code Guardian is designed so that **each tool handles its own domain** with zero
 
 ## 6. CLI Commands
 
-```bash
-# Add a single AI assistant config
-code-guard add-ai cursor       # Generates .cursor/rules/cursor.mdc
-code-guard add-ai copilot      # Generates .github/copilot-instructions.md
-code-guard add-ai claude       # Generates .claude/CLAUDE.md
-code-guard add-ai gemini       # Generates .gemini/GEMINI.md
-code-guard add-ai windsurf     # Generates .windsurf/rules/guidelines.md
-code-guard add-ai junie        # Generates .junie/guidelines.md
-code-guard add-ai antigravity  # Generates AGENTS.md
-code-guard add-ai aider        # Generates .aider.conf.yml
-
-# List all available AI assistant configs
-code-guard list-ai
-```
-
-### npm Scripts (added to your package.json)
-
-After `code-guard init`, these scripts are available:
-
-```bash
-npm run lint                    # ESLint check
-npm run lint:fix                # ESLint auto-fix
-npm run format                  # Prettier format all
-npm run format:check            # Prettier check (no write)
-npm run precommit-check         # Run Code Guardian rules manually
-npm run validate                # Validate structure + naming
-npm run generate-doc            # Generate feature documentation
-npm run generate-pr-checklist   # Generate PR checklist
-npm run set-bypass-password     # Set bypass password
-npm run set-admin-password      # Set admin password
-npm run view-bypass-log         # View bypass audit log
-npm run delete-bypass-logs      # Delete bypass logs (admin only)
-npm run auto-fix                # Auto-fix common issues
-```
+> 📄 **Full command reference:** [COMMANDS.md](COMMANDS.md)
+
+All commands are run via `npx code-guard <command>`. Quick overview:
+
+| Command | Description |
+|---------|-------------|
+| `init` | Full project setup (ESLint, Prettier, Husky, AI configs, …) |
+| `check` | Manually run rule checks (same as pre-commit) |
+| `check-vuln` | 3-layer security audit (npm audit + RetireJS + Grype) |
+| `report` | Open last code quality report in editor |
+| `doc` | Generate feature documentation for current branch |
+| `checklist` | Generate PR checklist from active rules |
+| `validate` | Validate folder structure and file naming |
+| `uninstall` | Remove all generated files (uses manifest) |
+| `add-ai <name>` | Add a single AI assistant config |
+| `list-ai` | List all AI integrations and their status |
+| `version` | Print installed version |
+| `help` | Display usage information |
+
+See [COMMANDS.md](COMMANDS.md) for flags, examples, and the full npm scripts reference.
 
 ---
 

package/config/angular.config.ts

@@ -10,7 +10,6 @@
  *   - RxJS best practices (async pipe, takeUntilDestroyed, signals)
  */
 
-import * as fs from 'fs';
 import { registerRules, Rule } from './guidelines.config';
 
 const angularRules: Rule[] = [
@@ -78,107 +77,6 @@ const angularRules: Rule[] = [
     category: 'Angular Deprecated APIs',
   },
 
-  // ── Template best practices ────────────────────────────────────────────
-
-  {
-    id: 'angular-no-function-in-template',
-    label: 'No function calls in templates',
-    description:
-      'Avoid calling functions in Angular templates — they run on every change detection cycle. Use pipes, computed signals, or memoized getters instead.',
-    severity: 'error',
-    fileExtensions: ['html'],
-    pattern: null,
-    customCheck: (file) => {
-      const violations: Array<{ line: number | null; message: string }> = [];
-
-      // ── 1. Discover signals declared in the companion .ts component file ────
-      //
-      // Angular signals (signal, computed, toSignal, input, output, viewChild,
-      // contentChild, model) are read by calling them as functions — e.g.
-      // loading() — which looks identical to a regular method call in a template.
-      // We resolve the companion TypeScript file and extract every identifier
-      // that is assigned to a signal factory so we can whitelist those calls.
-      const signalNames = new Set<string>();
-      const tsFilePath = file.absolutePath.replace(/\.html$/, '.ts');
-      try {
-        if (fs.existsSync(tsFilePath)) {
-          const tsContent = fs.readFileSync(tsFilePath, 'utf-8');
-          // Matches class field assignments like:
-          //   loading = signal(false)
-          //   readonly isReady = computed(() => ...)
-          //   data = toSignal(obs$)
-          //   name = input('')  /  name = input.required<string>()
-          //   clicked = output()  /  el = viewChild('ref')  /  val = model(0)
-          const signalDeclPattern =
-            /\b(\w+)\s*=\s*(?:signal|computed|toSignal|input(?:\.required)?|output(?:Required)?|viewChild(?:Required)?|viewChildren|contentChild(?:Required)?|contentChildren|model)\s*[(<]/g;
-          let m: RegExpExecArray | null;
-          while ((m = signalDeclPattern.exec(tsContent)) !== null) {
-            signalNames.add(m[1]);
-          }
-        }
-      } catch {
-        // If the companion file cannot be read, fall back to no signal awareness.
-      }
-
-      // ── 2. Helper: returns true when every function call in the expression
-      //    is either a known signal read or an Angular built-in ($any, $event). ──
-      const ANGULAR_BUILTINS = new Set(['$any', '$event']);
-      const allCallsAreSafe = (expression: string): boolean => {
-        // Without signal metadata we cannot safely whitelist anything.
-        if (signalNames.size === 0) return false;
-        const callPattern = /\b(\w+)\s*\(/g;
-        let m: RegExpExecArray | null;
-        while ((m = callPattern.exec(expression)) !== null) {
-          if (!signalNames.has(m[1]) && !ANGULAR_BUILTINS.has(m[1])) {
-            return false;
-          }
-        }
-        return true;
-      };
-
-      // ── 3. Scan each line ────────────────────────────────────────────────────
-      const interpolationRegex = /\{\{[^}]*\w+\s*\([^)]*\)[^}]*\}\}/g;
-      // Property binding regex — excludes event bindings such as (click), (submit) …
-      const propertyBindingRegex =
-        /\[(?!click|submit|keyup|keydown|change|input|focus|blur)\w+\]\s*=\s*"([^"]*)"/g;
-
-      for (let i = 0; i < file.lines.length; i++) {
-        const line = file.lines[i];
-        const trimmed = line.trim();
-
-        // ── Interpolation: {{ expr() }} ─────────────────────────────────────
-        interpolationRegex.lastIndex = 0;
-        if (interpolationRegex.test(line)) {
-          // Pipes like {{ value | date }} are always safe.
-          if (!trimmed.includes(' | ') && !allCallsAreSafe(trimmed)) {
-            violations.push({
-              line: i + 1,
-              message: `Function call in interpolation: "${trimmed}". Use a pipe or computed signal instead.`,
-            });
-          }
-        }
-
-        // ── Property bindings: [prop]="expr()" ──────────────────────────────
-        propertyBindingRegex.lastIndex = 0;
-        let match: RegExpExecArray | null;
-        while ((match = propertyBindingRegex.exec(line)) !== null) {
-          const expression = match[1]; // content between the quotes
-          if (/\w+\s*\(/.test(expression) && !allCallsAreSafe(expression)) {
-            violations.push({
-              line: i + 1,
-              message: `Function call in property binding: "${trimmed}". Use a signal or computed signal instead.`,
-            });
-            break; // one violation per line is enough
-          }
-        }
-      }
-
-      return violations;
-    },
-    applicableTo: ['angular'],
-    category: 'Angular Templates',
-  },
-
   // ── RxJS best practices ────────────────────────────────────────────────
 
   {

package/dist/config/angular.config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"angular.config.d.ts","sourceRoot":"","sources":["../../config/angular.config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,EAAiB,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAE1D,QAAA,MAAM,YAAY,EAAE,IAAI,EAkXvB,CAAC;AAKF,OAAO,EAAE,YAAY,EAAE,CAAC"}
+{"version":3,"file":"angular.config.d.ts","sourceRoot":"","sources":["../../config/angular.config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAiB,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAE1D,QAAA,MAAM,YAAY,EAAE,IAAI,EA6QvB,CAAC;AAKF,OAAO,EAAE,YAAY,EAAE,CAAC"}

package/dist/config/angular.config.js

@@ -10,42 +10,8 @@
  *   - Function calls in templates
  *   - RxJS best practices (async pipe, takeUntilDestroyed, signals)
  */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.angularRules = void 0;
-const fs = __importStar(require("fs"));
 const guidelines_config_1 = require("./guidelines.config");
 const angularRules = [
     // ── Lifecycle ──────────────────────────────────────────────────────────
@@ -101,97 +67,6 @@ const angularRules = [
         applicableTo: ['angular'],
         category: 'Angular Deprecated APIs',
     },
-    // ── Template best practices ────────────────────────────────────────────
-    {
-        id: 'angular-no-function-in-template',
-        label: 'No function calls in templates',
-        description: 'Avoid calling functions in Angular templates — they run on every change detection cycle. Use pipes, computed signals, or memoized getters instead.',
-        severity: 'error',
-        fileExtensions: ['html'],
-        pattern: null,
-        customCheck: (file) => {
-            const violations = [];
-            // ── 1. Discover signals declared in the companion .ts component file ────
-            //
-            // Angular signals (signal, computed, toSignal, input, output, viewChild,
-            // contentChild, model) are read by calling them as functions — e.g.
-            // loading() — which looks identical to a regular method call in a template.
-            // We resolve the companion TypeScript file and extract every identifier
-            // that is assigned to a signal factory so we can whitelist those calls.
-            const signalNames = new Set();
-            const tsFilePath = file.absolutePath.replace(/\.html$/, '.ts');
-            try {
-                if (fs.existsSync(tsFilePath)) {
-                    const tsContent = fs.readFileSync(tsFilePath, 'utf-8');
-                    // Matches class field assignments like:
-                    //   loading = signal(false)
-                    //   readonly isReady = computed(() => ...)
-                    //   data = toSignal(obs$)
-                    //   name = input('')  /  name = input.required<string>()
-                    //   clicked = output()  /  el = viewChild('ref')  /  val = model(0)
-                    const signalDeclPattern = /\b(\w+)\s*=\s*(?:signal|computed|toSignal|input(?:\.required)?|output(?:Required)?|viewChild(?:Required)?|viewChildren|contentChild(?:Required)?|contentChildren|model)\s*[(<]/g;
-                    let m;
-                    while ((m = signalDeclPattern.exec(tsContent)) !== null) {
-                        signalNames.add(m[1]);
-                    }
-                }
-            }
-            catch {
-                // If the companion file cannot be read, fall back to no signal awareness.
-            }
-            // ── 2. Helper: returns true when every function call in the expression
-            //    is either a known signal read or an Angular built-in ($any, $event). ──
-            const ANGULAR_BUILTINS = new Set(['$any', '$event']);
-            const allCallsAreSafe = (expression) => {
-                // Without signal metadata we cannot safely whitelist anything.
-                if (signalNames.size === 0)
-                    return false;
-                const callPattern = /\b(\w+)\s*\(/g;
-                let m;
-                while ((m = callPattern.exec(expression)) !== null) {
-                    if (!signalNames.has(m[1]) && !ANGULAR_BUILTINS.has(m[1])) {
-                        return false;
-                    }
-                }
-                return true;
-            };
-            // ── 3. Scan each line ────────────────────────────────────────────────────
-            const interpolationRegex = /\{\{[^}]*\w+\s*\([^)]*\)[^}]*\}\}/g;
-            // Property binding regex — excludes event bindings such as (click), (submit) …
-            const propertyBindingRegex = /\[(?!click|submit|keyup|keydown|change|input|focus|blur)\w+\]\s*=\s*"([^"]*)"/g;
-            for (let i = 0; i < file.lines.length; i++) {
-                const line = file.lines[i];
-                const trimmed = line.trim();
-                // ── Interpolation: {{ expr() }} ─────────────────────────────────────
-                interpolationRegex.lastIndex = 0;
-                if (interpolationRegex.test(line)) {
-                    // Pipes like {{ value | date }} are always safe.
-                    if (!trimmed.includes(' | ') && !allCallsAreSafe(trimmed)) {
-                        violations.push({
-                            line: i + 1,
-                            message: `Function call in interpolation: "${trimmed}". Use a pipe or computed signal instead.`,
-                        });
-                    }
-                }
-                // ── Property bindings: [prop]="expr()" ──────────────────────────────
-                propertyBindingRegex.lastIndex = 0;
-                let match;
-                while ((match = propertyBindingRegex.exec(line)) !== null) {
-                    const expression = match[1]; // content between the quotes
-                    if (/\w+\s*\(/.test(expression) && !allCallsAreSafe(expression)) {
-                        violations.push({
-                            line: i + 1,
-                            message: `Function call in property binding: "${trimmed}". Use a signal or computed signal instead.`,
-                        });
-                        break; // one violation per line is enough
-                    }
-                }
-            }
-            return violations;
-        },
-        applicableTo: ['angular'],
-        category: 'Angular Templates',
-    },
     // ── RxJS best practices ────────────────────────────────────────────────
     {
         id: 'angular-use-async-pipe',

package/dist/config/angular.config.js.map

@@ -1 +1 @@
-{"version":3,"file":"angular.config.js","sourceRoot":"","sources":["../../config/angular.config.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,2DAA0D;AAE1D,MAAM,YAAY,GAAW;IAC3B,0EAA0E;IAE1E,IAAI;IACJ,+BAA+B;IAC/B,uDAAuD;IACvD,iBAAiB;IACjB,yKAAyK;IACzK,yBAAyB;IACzB,4BAA4B;IAC5B,oCAAoC;IACpC,+BAA+B;IAC/B,mCAAmC;IACnC,KAAK;IAEL,0EAA0E;IAE1E;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,cAAc;QACrB,WAAW,EACT,+FAA+F;QACjG,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC;QACrD,OAAO,EAAE,YAAY;QACrB,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,yBAAyB;KACpC;IAED;QACE,EAAE,EAAE,0BAA0B;QAC9B,KAAK,EAAE,iDAAiD;QACxD,WAAW,EACT,wJAAwJ;QAC1J,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,eAAe;QACxB,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,yBAAyB;KACpC;IAED;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,gDAAgD;QACvD,WAAW,EACT,wHAAwH;QAC1H,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC;QAC9B,OAAO,EAAE,cAAc;QACvB,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,yBAAyB;KACpC;IAED;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,gDAAgD;QACvD,WAAW,EACT,+EAA+E;QACjF,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC;QAC9B,OAAO,EAAE,cAAc;QACvB,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,yBAAyB;KACpC;IAED,0EAA0E;IAE1E;QACE,EAAE,EAAE,iCAAiC;QACrC,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,oJAAoJ;QACtJ,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,CAAC,MAAM,CAAC;QACxB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,MAAM,UAAU,GAAoD,EAAE,CAAC;YAEvE,2EAA2E;YAC3E,EAAE;YACF,yEAAyE;YACzE,oEAAoE;YACpE,4EAA4E;YAC5E,wEAAwE;YACxE,wEAAwE;YACxE,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;YACtC,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAC/D,IAAI,CAAC;gBACH,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC9B,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;oBACvD,wCAAwC;oBACxC,4BAA4B;oBAC5B,2CAA2C;oBAC3C,0BAA0B;oBAC1B,yDAAyD;oBACzD,oEAAoE;oBACpE,MAAM,iBAAiB,GACrB,iLAAiL,CAAC;oBACpL,IAAI,CAAyB,CAAC;oBAC9B,OAAO,CAAC,CAAC,GAAG,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;wBACxD,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBACxB,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,0EAA0E;YAC5E,CAAC;YAED,wEAAwE;YACxE,6EAA6E;YAC7E,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YACrD,MAAM,eAAe,GAAG,CAAC,UAAkB,EAAW,EAAE;gBACtD,+DAA+D;gBAC/D,IAAI,WAAW,CAAC,IAAI,KAAK,CAAC;oBAAE,OAAO,KAAK,CAAC;gBACzC,MAAM,WAAW,GAAG,eAAe,CAAC;gBACpC,IAAI,CAAyB,CAAC;gBAC9B,OAAO,CAAC,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBACnD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;wBAC1D,OAAO,KAAK,CAAC;oBACf,CAAC;gBACH,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC,CAAC;YAEF,4EAA4E;YAC5E,MAAM,kBAAkB,GAAG,oCAAoC,CAAC;YAChE,+EAA+E;YAC/E,MAAM,oBAAoB,GACxB,gFAAgF,CAAC;YAEnF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAE5B,uEAAuE;gBACvE,kBAAkB,CAAC,SAAS,GAAG,CAAC,CAAC;gBACjC,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAClC,iDAAiD;oBACjD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;wBAC1D,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,OAAO,EAAE,oCAAoC,OAAO,2CAA2C;yBAChG,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAED,uEAAuE;gBACvE,oBAAoB,CAAC,SAAS,GAAG,CAAC,CAAC;gBACnC,IAAI,KAA6B,CAAC;gBAClC,OAAO,CAAC,KAAK,GAAG,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBAC1D,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,6BAA6B;oBAC1D,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,EAAE,CAAC;wBAChE,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,OAAO,EAAE,uCAAuC,OAAO,6CAA6C;yBACrG,CAAC,CAAC;wBACH,MAAM,CAAC,mCAAmC;oBAC5C,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,mBAAmB;KAC9B;IAED,0EAA0E;IAE1E;QACE,EAAE,EAAE,wBAAwB;QAC5B,KAAK,EAAE,0DAA0D;QACjE,WAAW,EACT,iIAAiI;QACnI,QAAQ,EAAE,MAAM;QAChB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,mBAAmB;QAC5B,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,MAAM;KACjB;IAED;QACE,EAAE,EAAE,gCAAgC;QACpC,KAAK,EAAE,4CAA4C;QACnD,WAAW,EACT,+GAA+G;QACjH,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,MAAM,UAAU,GAAoD,EAAE,CAAC;YAEvE,uDAAuD;YACvD,IACE,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACpC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACpC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EACrC,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,MAAM,YAAY,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC3D,MAAM,qBAAqB,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;YAC1E,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAE3F,IAAI,YAAY,IAAI,CAAC,qBAAqB,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC5D,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,IAAI;oBACV,OAAO,EACL,wHAAwH;iBAC3H,CAAC,CAAC;YACL,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,MAAM;KACjB;IAED;QACE,EAAE,EAAE,wBAAwB;QAC5B,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4HAA4H;QAC9H,QAAQ,EAAE,MAAM;QAChB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,iEAAiE;YACjE,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;YACpE,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAEzF,IAAI,kBAAkB,IAAI,CAAC,SAAS,EAAE,CAAC;gBACrC,OAAO;oBACL;wBACE,IAAI,EAAE,IAAI;wBACV,OAAO,EACL,sHAAsH;qBACzH;iBACF,CAAC;YACJ,CAAC;YAED,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,iBAAiB;KAC5B;IAED,2EAA2E;IAE3E;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,+CAA+C;QACtD,WAAW,EACT,mKAAmK;QACrK,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,MAAM,UAAU,GAAoD,EAAE,CAAC;YAEvE,uDAAuD;YACvD,IACE,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACpC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACpC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EACrC,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,6DAA6D;YAC7D,+FAA+F;YAC/F,MAAM,kBAAkB,GAAG,2EAA2E,CAAC;YAEvG,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,uBAAuB;gBACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3C,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;wBAC3C,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,OAAO,EACL,sGAAsG;yBACzG,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,8BAA8B;KACzC;IAED,0EAA0E;IAE1E;QACE,EAAE,EAAE,iCAAiC;QACrC,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,sHAAsH;QACxH,QAAQ,EAAE,MAAM;QAChB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,mDAAmD;QAC5D,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,aAAa;KACxB;IAED;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,yBAAyB;QAChC,WAAW,EACT,qGAAqG;QACvG,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,MAAM,CAAC;QACxB,OAAO,EAAE,wCAAwC;QACjD,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,aAAa;KACxB;IAED;QACE,EAAE,EAAE,2BAA2B;QAC/B,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,2FAA2F;QAC7F,QAAQ,EAAE,MAAM;QAChB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,mDAAmD;QAC5D,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,aAAa;KACxB;IAED,0EAA0E;IAE1E,IAAI;IACJ,yCAAyC;IACzC,2CAA2C;IAC3C,iBAAiB;IACjB,8GAA8G;IAC9G,sBAAsB;IACtB,4BAA4B;IAC5B,wEAAwE;IACxE,+BAA+B;IAC/B,gCAAgC;IAChC,KAAK;IAEL;QACE,EAAE,EAAE,0BAA0B;QAC9B,KAAK,EAAE,iCAAiC;QACxC,WAAW,EACT,iFAAiF;QACnF,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,YAAY;KACvB;IAED;QACE,EAAE,EAAE,wBAAwB;QAC5B,KAAK,EAAE,2BAA2B;QAClC,WAAW,EACT,4FAA4F;QAC9F,QAAQ,EAAE,MAAM;QAChB,cAAc,EAAE,CAAC,MAAM,CAAC;QACxB,OAAO,EAAE,IAAI;QACb,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,aAAa;KACxB;IAED,8GAA8G;CAC/G,CAAC;AAKO,oCAAY;AAHrB,sCAAsC;AACtC,IAAA,iCAAa,EAAC,SAAS,EAAE,YAAY,CAAC,CAAC"}
+{"version":3,"file":"angular.config.js","sourceRoot":"","sources":["../../config/angular.config.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAEH,2DAA0D;AAE1D,MAAM,YAAY,GAAW;IAC3B,0EAA0E;IAE1E,IAAI;IACJ,+BAA+B;IAC/B,uDAAuD;IACvD,iBAAiB;IACjB,yKAAyK;IACzK,yBAAyB;IACzB,4BAA4B;IAC5B,oCAAoC;IACpC,+BAA+B;IAC/B,mCAAmC;IACnC,KAAK;IAEL,0EAA0E;IAE1E;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,cAAc;QACrB,WAAW,EACT,+FAA+F;QACjG,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC;QACrD,OAAO,EAAE,YAAY;QACrB,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,yBAAyB;KACpC;IAED;QACE,EAAE,EAAE,0BAA0B;QAC9B,KAAK,EAAE,iDAAiD;QACxD,WAAW,EACT,wJAAwJ;QAC1J,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,eAAe;QACxB,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,yBAAyB;KACpC;IAED;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,gDAAgD;QACvD,WAAW,EACT,wHAAwH;QAC1H,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC;QAC9B,OAAO,EAAE,cAAc;QACvB,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,yBAAyB;KACpC;IAED;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,gDAAgD;QACvD,WAAW,EACT,+EAA+E;QACjF,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC;QAC9B,OAAO,EAAE,cAAc;QACvB,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,yBAAyB;KACpC;IAED,0EAA0E;IAE1E;QACE,EAAE,EAAE,wBAAwB;QAC5B,KAAK,EAAE,0DAA0D;QACjE,WAAW,EACT,iIAAiI;QACnI,QAAQ,EAAE,MAAM;QAChB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,mBAAmB;QAC5B,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,MAAM;KACjB;IAED;QACE,EAAE,EAAE,gCAAgC;QACpC,KAAK,EAAE,4CAA4C;QACnD,WAAW,EACT,+GAA+G;QACjH,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,MAAM,UAAU,GAAoD,EAAE,CAAC;YAEvE,uDAAuD;YACvD,IACE,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACpC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACpC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EACrC,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,MAAM,YAAY,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC3D,MAAM,qBAAqB,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;YAC1E,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAE3F,IAAI,YAAY,IAAI,CAAC,qBAAqB,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC5D,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,IAAI;oBACV,OAAO,EACL,wHAAwH;iBAC3H,CAAC,CAAC;YACL,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,MAAM;KACjB;IAED;QACE,EAAE,EAAE,wBAAwB;QAC5B,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4HAA4H;QAC9H,QAAQ,EAAE,MAAM;QAChB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,iEAAiE;YACjE,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;YACpE,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAEzF,IAAI,kBAAkB,IAAI,CAAC,SAAS,EAAE,CAAC;gBACrC,OAAO;oBACL;wBACE,IAAI,EAAE,IAAI;wBACV,OAAO,EACL,sHAAsH;qBACzH;iBACF,CAAC;YACJ,CAAC;YAED,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,iBAAiB;KAC5B;IAED,2EAA2E;IAE3E;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,+CAA+C;QACtD,WAAW,EACT,mKAAmK;QACrK,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,MAAM,UAAU,GAAoD,EAAE,CAAC;YAEvE,uDAAuD;YACvD,IACE,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACpC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACpC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EACrC,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,6DAA6D;YAC7D,+FAA+F;YAC/F,MAAM,kBAAkB,GAAG,2EAA2E,CAAC;YAEvG,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,uBAAuB;gBACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3C,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;wBAC3C,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,OAAO,EACL,sGAAsG;yBACzG,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,8BAA8B;KACzC;IAED,0EAA0E;IAE1E;QACE,EAAE,EAAE,iCAAiC;QACrC,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,sHAAsH;QACxH,QAAQ,EAAE,MAAM;QAChB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,mDAAmD;QAC5D,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,aAAa;KACxB;IAED;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,yBAAyB;QAChC,WAAW,EACT,qGAAqG;QACvG,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,MAAM,CAAC;QACxB,OAAO,EAAE,wCAAwC;QACjD,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,aAAa;KACxB;IAED;QACE,EAAE,EAAE,2BAA2B;QAC/B,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,2FAA2F;QAC7F,QAAQ,EAAE,MAAM;QAChB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,mDAAmD;QAC5D,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,aAAa;KACxB;IAED,0EAA0E;IAE1E,IAAI;IACJ,yCAAyC;IACzC,2CAA2C;IAC3C,iBAAiB;IACjB,8GAA8G;IAC9G,sBAAsB;IACtB,4BAA4B;IAC5B,wEAAwE;IACxE,+BAA+B;IAC/B,gCAAgC;IAChC,KAAK;IAEL;QACE,EAAE,EAAE,0BAA0B;QAC9B,KAAK,EAAE,iCAAiC;QACxC,WAAW,EACT,iFAAiF;QACnF,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,YAAY;KACvB;IAED;QACE,EAAE,EAAE,wBAAwB;QAC5B,KAAK,EAAE,2BAA2B;QAClC,WAAW,EACT,4FAA4F;QAC9F,QAAQ,EAAE,MAAM;QAChB,cAAc,EAAE,CAAC,MAAM,CAAC;QACxB,OAAO,EAAE,IAAI;QACb,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,QAAQ,EAAE,aAAa;KACxB;IAED,8GAA8G;CAC/G,CAAC;AAKO,oCAAY;AAHrB,sCAAsC;AACtC,IAAA,iCAAa,EAAC,SAAS,EAAE,YAAY,CAAC,CAAC"}

package/dist/scripts/cli.js

@@ -98,7 +98,8 @@ function showHelp() {
 ${c.bold('Commands:')}
   ${c.green('init')}                    Full automatic setup (zero prompts)
   ${c.green('check')}                   Run pre-commit checks manually
-  ${c.green('check-vuln')}   Run security scans (npm audit, RetireJS)
+  ${c.green('install-security-tools')}  Install Syft + Grype for Layer 3 SBOM scanning (run once)
+  ${c.green('check-vuln')}             Run security scans (npm audit, RetireJS, Grype)
   ${c.green('report')}                  Generate a rich report with fix examples (opens in editor)
   ${c.green('doc')}               Generate feature documentation
   ${c.green('checklist')}         Generate PR checklist
@@ -612,6 +613,13 @@ npx lint-staged
 
 # Run Code Guardian rules
 npm run precommit-check
+
+# Run tests for staged source files (skip JSON/config files)
+STAGED=$(git diff --cached --name-only --diff-filter=d | grep -E '\.(ts|js|html|css|scss)$' | grep -v '\.json$')
+if [ -n "$STAGED" ]; then
+  echo "🧪 Running test coverage for staged source files..."
+  npm run test:coverage
+fi
 # --- code-guardian-hook-end ---
 `;
         if (fs.existsSync(preCommitPath)) {
@@ -1581,6 +1589,22 @@ async function uninstallCodeGuard() {
     console.log('');
 }
 // ── Vulnerability Check ────────────────────────────────────────────────────
+function runInstallSecurityTools() {
+    const scriptPath = path.join(__dirname, 'install-security-tools.js');
+    if (fs.existsSync(scriptPath)) {
+        require(scriptPath);
+    }
+    else {
+        const tsScriptPath = path.join(__dirname, '..', 'scripts', 'install-security-tools.ts');
+        if (fs.existsSync(tsScriptPath)) {
+            (0, child_process_1.execSync)(`npx ts-node ${tsScriptPath}`, { stdio: 'inherit' });
+        }
+        else {
+            console.error(c.red('❌ Error: Could not find install-security-tools script.'));
+            process.exit(1);
+        }
+    }
+}
 function runVulnerabilityCheck() {
     showBanner();
     console.log(c.bold('🔍 Code Guardian — Vulnerability Scan\n'));
@@ -1624,42 +1648,101 @@ function runVulnerabilityCheck() {
 // ── Main ────────────────────────────────────────────────────────────────────
 (async () => {
     switch (command) {
+        // Sets up the entire Code Guardian toolchain in one shot:
+        // ESLint, Prettier, TypeScript strict config, lint-staged, CommitLint,
+        // EditorConfig, VS Code settings, Husky pre-commit hook, and AI assistant
+        // config files (Cursor, Copilot, Claude, Gemini, Windsurf…).
+        // Also patches .gitignore so generated files are tracked correctly.
+        // Usage: npx code-guard init [--skip-hooks] [--skip-ai]
         case 'init':
             initProject();
             break;
+        // Manually runs the same rule checks that fire on every git commit.
+        // Useful for checking your work before staging files.
+        // Scans staged files against all shared + framework-specific rules,
+        // then runs ESLint and Prettier in check mode.
+        // Usage: npx code-guard check
         case 'check':
             runCheck();
             break;
+        // Installs Syft + Grype system binaries to enable Layer 3 SBOM scanning.
+        // Auto-detects OS and uses Homebrew (macOS), curl (Linux), or Scoop/Winget (Windows).
+        // Only needs to be run once per machine.
+        // Usage: npx code-guard install-security-tools
+        case 'install-security-tools':
+            runInstallSecurityTools();
+            break;
+        // Runs a 3-layer security audit independently of the pre-commit hook:
+        //   Layer 1 — npm audit (known CVEs in your dependencies)
+        //   Layer 2 — RetireJS (vulnerable JS libraries)
+        //   Layer 3 — Syft + Grype SBOM scan (if installed)
+        // Run this periodically or in CI — not on every commit.
+        // Usage: npx code-guard check-vuln
         case 'check-vuln':
             runVulnerabilityCheck();
             break;
+        // Generates (or re-opens) the last Code Guardian report in VS Code.
+        // The report is a rich Markdown file at .code-guardian/CODE_GUARDIAN_REPORT.md
+        // with violation details, solution examples, and quick-fix hints.
+        // Usage: npx code-guard report
         case 'report':
             runReport();
             break;
+        // Auto-generates a feature documentation file for the current git branch.
+        // Creates docs/features/<branch-name>.md with a structured template.
+        // Encourages documenting every feature branch before merging.
+        // Usage: npx code-guard doc
         case 'doc':
             generateDoc();
             break;
+        // Generates a PR checklist Markdown file based on all active rules.
+        // Lists every rule the reviewer should manually verify.
+        // Useful to paste into pull request descriptions.
+        // Usage: npx code-guard checklist
         case 'checklist':
             generateChecklist();
             break;
+        // Validates the project's folder structure and file naming conventions
+        // against the rules defined in:
+        //   .code-guardian/structure-rules.json
+        //   .code-guardian/naming-rules.json
+        // Usage: npx code-guard validate
         case 'validate':
             runValidation();
             break;
+        // Removes all files and configurations that Code Guardian created.
+        // Uses the manifest (.code-guardian/manifest.json) to know exactly
+        // what was created vs modified — preserves your original content.
+        // Also restores any backup files (e.g. .eslintrc.backup → .eslintrc).
+        // Usage: npx code-guard uninstall [--yes]
         case 'uninstall':
         case 'cleanup':
             await uninstallCodeGuard();
             break;
+        // Generates (or re-generates) an AI assistant config file for a specific tool.
+        // Available assistants: cursor, copilot, claude, gemini, windsurf, junie,
+        // antigravity, aider.
+        // Also patches .gitignore so the generated file is tracked by git.
+        // Usage: npx code-guard add-ai <name>
+        //   e.g. npx code-guard add-ai cursor
         case 'add-ai':
             addAI();
             break;
+        // Lists all available AI assistant integrations that Code Guardian can generate,
+        // along with their target file paths and current status (exists / missing).
+        // Usage: npx code-guard list-ai
         case 'list-ai':
             listAI();
             break;
+        // Prints the currently installed version of @hatem427/code-guard-ci.
+        // Usage: npx code-guard version
         case 'version':
         case '--version':
         case '-v':
             showVersion();
             break;
+        // Displays full usage information: all commands, flags, and examples.
+        // Usage: npx code-guard help
         case 'help':
         case '--help':
         case '-h':