@jmruthers/pace-core 0.6.4 → 0.6.6

package/scripts/audit/index.cjs

@@ -1,223 +1,1927 @@
 #!/usr/bin/env node
 
 /**
- * Main Audit Entry Point
- * @package @jmruthers/pace-core
- * @module Audit
+ * Comprehensive Audit Script for Consuming Apps
  * 
- * CLI interface for running comprehensive audits
+ * Audits consuming apps against pace-core standards and generates a markdown report.
+ * Includes:
+ * - Dependency compliance checks
+ * - Code compliance checks (future)
+ * - Markdown report generation
+ * 
+ * Usage:
+ *   node scripts/audit/index.cjs [path-to-consuming-app] [--output report.md]
+ * 
+ * If no path provided, assumes current directory is consuming app.
  */
 
+const fs = require('fs');
 const path = require('path');
-const Scanner = require('./core/scanner.cjs');
-const { findProjectRoot, getPackageInfo, getPaceCoreVersion, colors } = require('./core/utils.cjs');
-const consoleReporter = require('./reporters/console.cjs');
-const markdownReporter = require('./reporters/markdown.cjs');
-const jsonReporter = require('./reporters/json.cjs');
 
-// Import all checks
-const complianceCheck = require('./core/checks/compliance.cjs');
-const structureCheck = require('./core/checks/structure.cjs');
-const configCheck = require('./core/checks/config.cjs');
-const typescriptCheck = require('./core/checks/typescript.cjs');
-const coverageCheck = require('./core/checks/coverage.cjs');
-const heuristicsCheck = require('./core/checks/heuristics.cjs');
-const importsCheck = require('./core/checks/imports.cjs');
-const hooksCheck = require('./core/checks/hooks.cjs');
-const performanceCheck = require('./core/checks/performance.cjs');
-const dependenciesCheck = require('./core/checks/dependencies.cjs');
-const errorHandlingCheck = require('./core/checks/error-handling.cjs');
-const bundleCheck = require('./core/checks/bundle.cjs');
-const accessibilityCheck = require('./core/checks/accessibility.cjs');
-const styleCheck = require('./core/checks/style.cjs');
-const stateCheck = require('./core/checks/state.cjs');
-const apiUsageCheck = require('./core/checks/api-usage.cjs');
-const documentationCheck = require('./core/checks/documentation.cjs');
-const testingCheck = require('./core/checks/testing.cjs');
-const environmentCheck = require('./core/checks/environment.cjs');
-const routesCheck = require('./core/checks/routes.cjs');
-const formsCheck = require('./core/checks/forms.cjs');
+// Import audit functions
+const { runDependencyAudit } = require('./audit-dependencies.cjs');
+const { runComponentAudit } = require('./audit-components.cjs');
+const { runComplianceAudit } = require('./audit-compliance.cjs');
+const { runStandardsAudit } = require('./audit-standards.cjs');
+const { runRBACAudit } = require('./audit-rbac.cjs');
 
-/**
- * Parse CLI arguments
- */
-function parseArgs() {
-  const args = process.argv.slice(2);
-  const options = {
-    checks: [],
-    exclude: [],
-    reporters: ['console', 'markdown'],
-    verbose: false,
-    json: false
-  };
+// Colors for terminal output
+const colors = {
+  reset: '\x1b[0m',
+  red: '\x1b[31m',
+  green: '\x1b[32m',
+  yellow: '\x1b[33m',
+  blue: '\x1b[34m',
+  cyan: '\x1b[36m',
+  bold: '\x1b[1m',
+};
+
+// Get pace-core package.json (for Vite alias checks)
+function findPaceCorePackageJson(consumingAppPath) {
+  // Try relative to script location first (when in pace-core repo or installed package)
+  let paceCorePath = path.resolve(__dirname, '../../package.json');
+  if (fs.existsSync(paceCorePath)) {
+    return paceCorePath;
+  }
   
-  for (let i = 0; i < args.length; i++) {
-    const arg = args[i];
-    
-    if (arg === '--check' || arg === '-c') {
-      options.checks.push(args[++i]);
-    } else if (arg === '--exclude' || arg === '-e') {
-      options.exclude.push(args[++i]);
-    } else if (arg === '--reporter' || arg === '-r') {
-      options.reporters = [args[++i]];
-    } else if (arg === '--verbose' || arg === '-v') {
-      options.verbose = true;
-    } else if (arg === '--json') {
-      options.json = true;
-      options.reporters = ['json'];
-    } else if (arg === '--help' || arg === '-h') {
-      printHelp();
-      process.exit(0);
-    }
+  // Try alternative location
+  paceCorePath = path.resolve(__dirname, '../../../package.json');
+  if (fs.existsSync(paceCorePath)) {
+    return paceCorePath;
+  }
+  
+  // Try finding from consuming app's node_modules
+  const nodeModulesPath = path.join(consumingAppPath, 'node_modules', '@jmruthers', 'pace-core', 'package.json');
+  if (fs.existsSync(nodeModulesPath)) {
+    return nodeModulesPath;
   }
   
-  return options;
+  return null;
 }
 
-/**
- * Print help message
- */
-function printHelp() {
-  console.log(`
-${colors.bold}pace-core Audit Tool${colors.reset}
-
-Usage: node audit/index.cjs [options]
-
-Options:
-  --check, -c <name>     Run specific check (can be used multiple times)
-  --exclude, -e <name>   Exclude specific check (can be used multiple times)
-  --reporter, -r <name>  Use specific reporter (console, markdown, json)
-  --verbose, -v          Show detailed output
-  --json                 Output JSON only (for CI/CD)
-  --help, -h             Show this help message
+// Run dependency audit and collect results (with additional checks)
+function runDependencyAuditWithExtras(consumingAppPath, showProgress = false) {
+  // Get the base dependency audit results
+  const baseResult = runDependencyAudit(consumingAppPath);
+  
+  if (baseResult.error) {
+    return baseResult;
+  }
+  
+  // Add Vite alias checks
+  const paceCorePath = findPaceCorePackageJson(consumingAppPath);
+  if (paceCorePath) {
+    const paceCorePkg = JSON.parse(fs.readFileSync(paceCorePath, 'utf8'));
+    const INCLUDED_DEPS = Object.keys(paceCorePkg.dependencies || {});
+    const viteAliasIssues = checkViteAliases(consumingAppPath, INCLUDED_DEPS);
+    baseResult.issues.viteAliases = viteAliasIssues;
+  } else {
+    baseResult.issues.viteAliases = [];
+  }
+  
+  // Add component usage checks
+  if (showProgress) {
+    console.log(`${colors.blue}Running component usage audit...${colors.reset}`);
+  }
+  const componentAuditResult = runComponentAudit(consumingAppPath);
+  if (componentAuditResult.error) {
+    // If component audit fails, just log warning and continue
+    if (showProgress) {
+      console.warn(`${colors.yellow}Warning: Component audit failed: ${componentAuditResult.error}${colors.reset}`);
+    }
+    baseResult.issues.formIssues = [];
+  } else {
+    baseResult.issues.formIssues = componentAuditResult.issues.formIssues || [];
+  }
+  
+  // Add compliance checks
+  if (showProgress) {
+    console.log(`${colors.blue}Running compliance audit...${colors.reset}`);
+  }
+  const complianceAuditResult = runComplianceAudit(consumingAppPath);
+  if (complianceAuditResult.error) {
+    // If compliance audit fails, just log warning and continue
+    if (showProgress) {
+      console.warn(`${colors.yellow}Warning: Compliance audit failed: ${complianceAuditResult.error}${colors.reset}`);
+    }
+    baseResult.issues.complianceIssues = {
+      nativeElements: [],
+      restrictedImports: [],
+      customHooks: [],
+      customUtils: [],
+      supabaseClient: [],
+      rbacSetup: [],
+      rbacPermission: [],
+      providers: [],
+      coreStyles: [],
+      inlineStyles: [],
+    };
+  } else {
+    baseResult.issues.complianceIssues = complianceAuditResult.issues || {
+      nativeElements: [],
+      restrictedImports: [],
+      customHooks: [],
+      customUtils: [],
+      supabaseClient: [],
+      rbacSetup: [],
+      rbacPermission: [],
+      providers: [],
+      coreStyles: [],
+      inlineStyles: [],
+    };
+  }
+  
+  // Add standards checks
+  if (showProgress) {
+    console.log(`${colors.blue}Running standards audit...${colors.reset}`);
+  }
+  try {
+    const standardsAuditResult = runStandardsAudit(consumingAppPath, showProgress);
+    if (standardsAuditResult.error) {
+      // If standards audit fails, just log warning and continue
+      if (showProgress) {
+        console.warn(`\n${colors.yellow}Warning: Standards audit failed: ${standardsAuditResult.error}${colors.reset}`);
+      }
+      baseResult.issues.standardsIssues = {
+        cursorRuleset: [],
+        typescriptConfig: [],
+        anyTypes: [],
+        namingConvention: [],
+        rlsPolicy: [],
+        rpcNaming: [],
+        testingConfig: [],
+        inputValidation: [],
+        loggingSecurity: [],
+        errorMessages: [],
+      };
+    } else {
+      baseResult.issues.standardsIssues = standardsAuditResult.issues || {
+        cursorRuleset: [],
+        typescriptConfig: [],
+        anyTypes: [],
+        namingConvention: [],
+        rlsPolicy: [],
+        rpcNaming: [],
+        testingConfig: [],
+        inputValidation: [],
+        loggingSecurity: [],
+        errorMessages: [],
+      };
+    }
+  } catch (error) {
+    // Catch any unexpected errors
+    if (showProgress) {
+      console.warn(`\n${colors.yellow}Warning: Standards audit encountered an error: ${error.message}${colors.reset}`);
+      console.warn(`${colors.yellow}Stack: ${error.stack}${colors.reset}`);
+    }
+    baseResult.issues.standardsIssues = {
+      cursorRuleset: [],
+      typescriptConfig: [],
+      anyTypes: [],
+      namingConvention: [],
+      rlsPolicy: [],
+      rpcNaming: [],
+      testingConfig: [],
+      inputValidation: [],
+      loggingSecurity: [],
+      errorMessages: [],
+    };
+  }
+  
+  // Add RBAC audit checks
+  if (showProgress) {
+    console.log(`${colors.blue}Running RBAC audit...${colors.reset}`);
+  }
+  try {
+    const rbacAuditResult = runRBACAudit(consumingAppPath);
+    if (rbacAuditResult.error) {
+      // If RBAC audit fails, just log warning and continue
+      if (showProgress) {
+        console.warn(`\n${colors.yellow}Warning: RBAC audit failed: ${rbacAuditResult.error}${colors.reset}`);
+      }
+      baseResult.issues.rbacIssues = {
+        rbacPageGuard: [],
+        rbacWrapperComponent: [],
+        rbacWrapperFunction: [],
+        rbacResourceNames: [],
+        rbacAccessDenied: [],
+        rbacDirectRPC: [],
+        rbacDirectTable: [],
+        rbacHardcodedRole: [],
+        rbacEnforcePermissions: [],
+        rbacEdgeFunction: [],
+      };
+    } else {
+      baseResult.issues.rbacIssues = rbacAuditResult.issues || {
+        rbacPageGuard: [],
+        rbacWrapperComponent: [],
+        rbacWrapperFunction: [],
+        rbacResourceNames: [],
+        rbacAccessDenied: [],
+        rbacDirectRPC: [],
+        rbacDirectTable: [],
+        rbacHardcodedRole: [],
+        rbacEnforcePermissions: [],
+        rbacEdgeFunction: [],
+      };
+    }
+  } catch (error) {
+    // Catch any unexpected errors
+    if (showProgress) {
+      console.warn(`\n${colors.yellow}Warning: RBAC audit encountered an error: ${error.message}${colors.reset}`);
+      console.warn(`${colors.yellow}Stack: ${error.stack}${colors.reset}`);
+    }
+    baseResult.issues.rbacIssues = {
+      rbacPageGuard: [],
+      rbacWrapperComponent: [],
+      rbacWrapperFunction: [],
+      rbacResourceNames: [],
+      rbacAccessDenied: [],
+      rbacDirectRPC: [],
+      rbacDirectTable: [],
+      rbacHardcodedRole: [],
+      rbacEnforcePermissions: [],
+      rbacEdgeFunction: [],
+    };
+  }
+  
+  return baseResult;
+}
 
-Available Checks:
-  - compliance      pace-core compliance checks
-  - structure       File structure checks
-  - config          Config file checks
-  - typescript      TypeScript config checks
-  - coverage        Test coverage checks
-  - heuristics      Code quality heuristics
-  - imports         Import pattern analysis
-  - hooks           React hooks compliance
-  - performance     Performance anti-patterns
-  - dependencies    Dependency analysis
-  - error-handling  Error handling patterns
-  - bundle          Bundle analysis
-  - accessibility   Accessibility checks
-  - style           Code style issues
-  - state           State management patterns
-  - api-usage       API usage patterns
-  - documentation  Documentation coverage
-  - testing         Testing patterns
-  - environment     Environment variable usage
-  - routes          Route protection
-  - forms           Form validation patterns
+// Check Vite config for problematic aliases
+function checkViteAliases(consumingAppPath, includedDeps) {
+  const issues = [];
+  
+  // Find vite config file
+  const viteConfigPaths = [
+    path.join(consumingAppPath, 'vite.config.ts'),
+    path.join(consumingAppPath, 'vite.config.js'),
+    path.join(consumingAppPath, 'vite.config.mjs'),
+    path.join(consumingAppPath, 'vite.config.cjs'),
+  ];
+  
+  let viteConfigPath = null;
+  for (const configPath of viteConfigPaths) {
+    if (fs.existsSync(configPath)) {
+      viteConfigPath = configPath;
+      break;
+    }
+  }
+  
+  if (!viteConfigPath) {
+    return issues; // No vite config found, skip check
+  }
+  
+  try {
+    const configContent = fs.readFileSync(viteConfigPath, 'utf8');
+    
+    // Check for problematic aliases that bypass pace-core exports
+    // Pattern: "@jmruthers/pace-core/icons": "lucide-react" or similar
+    const paceCoreAliasPattern = /['"]@jmruthers\/pace-core\/(icons|utils|components|hooks|rbac)['"]\s*:\s*['"]([^'"]+)['"]/g;
+    let match;
+    
+    while ((match = paceCoreAliasPattern.exec(configContent)) !== null) {
+      const paceCoreExport = match[1];
+      const aliasTarget = match[2];
+      
+      // Check if alias targets an included dependency
+      if (includedDeps.includes(aliasTarget)) {
+        issues.push({
+          alias: `@jmruthers/pace-core/${paceCoreExport}`,
+          target: aliasTarget,
+          file: path.basename(viteConfigPath),
+          line: getLineNumber(configContent, match.index),
+        });
+      }
+    }
+    
+  } catch (error) {
+    // If we can't parse the config, that's okay - just skip this check
+    // Could be TypeScript, complex config, etc.
+  }
+  
+  return issues;
+}
 
-Examples:
-  node audit/index.cjs
-  node audit/index.cjs --check compliance --check structure
-  node audit/index.cjs --exclude heuristics --reporter markdown
-  node audit/index.cjs --json
-`);
+// Get line number from index in content
+function getLineNumber(content, index) {
+  return content.substring(0, index).split('\n').length;
 }
 
-/**
- * Main function
- */
-async function main() {
-  const options = parseArgs();
-  const projectRoot = findProjectRoot();
-  const packageJson = getPackageInfo(projectRoot);
-  const paceCoreVersion = getPaceCoreVersion(packageJson);
-  
-  console.log(`${colors.cyan}${colors.bold}═══════════════════════════════════════════════════════════${colors.reset}`);
-  console.log(`${colors.cyan}${colors.bold}  pace-core Comprehensive Audit${colors.reset}`);
-  console.log(`${colors.cyan}${colors.bold}═══════════════════════════════════════════════════════════${colors.reset}\n`);
-  console.log(`${colors.cyan}Project:${colors.reset} ${packageJson?.name || 'Unknown'}`);
-  console.log(`${colors.cyan}Root:${colors.reset} ${projectRoot}`);
-  console.log(`${colors.cyan}pace-core Version:${colors.reset} ${paceCoreVersion}\n`);
-  
-  // Initialize scanner
-  const scanner = new Scanner(projectRoot);
-  
-  // Register all checks
-  scanner.registerChecks([
-    complianceCheck,
-    structureCheck,
-    configCheck,
-    typescriptCheck,
-    coverageCheck,
-    heuristicsCheck,
-    importsCheck,
-    hooksCheck,
-    performanceCheck,
-    dependenciesCheck,
-    errorHandlingCheck,
-    bundleCheck,
-    accessibilityCheck,
-    styleCheck,
-    stateCheck,
-    apiUsageCheck,
-    documentationCheck,
-    testingCheck,
-    environmentCheck,
-    routesCheck,
-    formsCheck
-  ]);
-  
-  // Initialize scanner context
-  await scanner.initialize();
-  
-  // Run checks
-  console.log(`${colors.cyan}Running checks...${colors.reset}\n`);
-  const results = await scanner.run({
-    checkNames: options.checks.length > 0 ? options.checks : null,
-    excludeChecks: options.exclude,
-    parallel: false
-  });
-  
-  // Generate reports
-  const reportOptions = {
-    projectRoot,
-    packageJson,
-    paceCoreVersion,
-    verbose: options.verbose
+// Generate markdown report
+function generateMarkdownReport(auditResults) {
+  const { projectName, paceCoreVersion, issues } = auditResults;
+  const timestamp = new Date().toISOString();
+  
+  // Calculate issue counts
+  const dependencyIssuesCount = issues.includedDeps.length + 
+                               issues.missingRequired.length + 
+                               issues.versionIssues.length + 
+                               issues.wrongLocation.length +
+                               issues.viteAliases.length;
+  
+  const componentIssuesCount = issues.formIssues?.length || 0;
+  
+  const complianceIssues = issues.complianceIssues || {
+    nativeElements: [],
+    restrictedImports: [],
+    customHooks: [],
+    customUtils: [],
+    supabaseClient: [],
+    rbacSetup: [],
+    providers: [],
+    coreStyles: [],
+    inlineStyles: [],
   };
   
-  for (const reporterName of options.reporters) {
-    try {
-      if (reporterName === 'console') {
-        consoleReporter.generateReport(results, reportOptions);
-      } else if (reporterName === 'markdown') {
-        const { filename } = markdownReporter.generateReport(results, reportOptions);
-        console.log(`${colors.green}Markdown report saved to: audit/${filename}${colors.reset}`);
-      } else if (reporterName === 'json') {
-        const outputPath = options.json ? undefined : path.join(projectRoot, 'audit', `audit-${Date.now()}.json`);
-        const jsonOutput = jsonReporter.generateReport(results, { ...reportOptions, outputPath });
-        if (options.json) {
-          console.log(jsonOutput);
-        } else {
-          console.log(`${colors.green}JSON report saved${colors.reset}`);
-        }
+  const complianceIssuesCount = Object.values(complianceIssues).reduce((sum, arr) => sum + arr.length, 0);
+  
+  const standardsIssues = issues.standardsIssues || {
+    cursorRuleset: [],
+    typescriptConfig: [],
+    anyTypes: [],
+    namingConvention: [],
+    rlsPolicy: [],
+    rpcNaming: [],
+    testingConfig: [],
+    inputValidation: [],
+    loggingSecurity: [],
+    errorMessages: [],
+  };
+  
+  const standardsIssuesCount = Object.values(standardsIssues).reduce((sum, arr) => sum + arr.length, 0);
+  
+  const rbacIssues = issues.rbacIssues || {
+    rbacPageGuard: [],
+    rbacWrapperComponent: [],
+    rbacWrapperFunction: [],
+    rbacResourceNames: [],
+    rbacAccessDenied: [],
+    rbacDirectRPC: [],
+    rbacDirectTable: [],
+    rbacHardcodedRole: [],
+    rbacEnforcePermissions: [],
+    rbacEdgeFunction: [],
+  };
+  
+  const rbacIssuesCount = Object.values(rbacIssues).reduce((sum, arr) => sum + arr.length, 0);
+  
+  const totalIssues = dependencyIssuesCount + componentIssuesCount + complianceIssuesCount + standardsIssuesCount + rbacIssuesCount;
+  
+  let report = `# pace-core Audit Report\n\n`;
+  report += `**Project:** ${projectName}\n`;
+  report += `**pace-core Version:** ${paceCoreVersion}\n`;
+  report += `**Generated:** ${timestamp}\n\n`;
+  report += `---\n\n`;
+  
+  // Summary Section (matches terminal output)
+  report += `## 📊 Summary\n\n`;
+  
+  if (totalIssues === 0 && issues.missingOptional.length === 0) {
+    report += `✅ **All Checks Passed**\n\n`;
+    report += `- ✅ Dependency Audit: 0 issues\n`;
+    report += `- ✅ Component Usage Audit: 0 issues\n`;
+    report += `- ✅ Compliance Audit: 0 issues\n`;
+    report += `- ✅ Standards Audit: 0 issues\n`;
+    report += `- ✅ RBAC Audit: 0 issues\n`;
+    report += `- ✅ **Total Issues: 0**\n\n`;
+  } else {
+    report += `⚠️ **Issues Found**\n\n`;
+    
+    // Dependency Audit Summary
+    if (dependencyIssuesCount === 0) {
+      report += `- ✅ Dependency Audit: 0 issues\n`;
+    } else {
+      report += `- ❌ Dependency Audit: ${dependencyIssuesCount} issue(s)\n`;
+      if (issues.includedDeps.length > 0) {
+        report += `  - Included Dependencies: ${issues.includedDeps.length}\n`;
+      }
+      if (issues.missingRequired.length > 0) {
+        report += `  - Missing Required: ${issues.missingRequired.length}\n`;
+      }
+      if (issues.versionIssues.length > 0) {
+        report += `  - Version Issues: ${issues.versionIssues.length}\n`;
+      }
+      if (issues.wrongLocation.length > 0) {
+        report += `  - Wrong Location: ${issues.wrongLocation.length}\n`;
+      }
+      if (issues.viteAliases.length > 0) {
+        report += `  - Vite Aliases: ${issues.viteAliases.length}\n`;
+      }
+    }
+    
+    // Component Usage Audit Summary
+    if (componentIssuesCount === 0) {
+      report += `- ✅ Component Usage Audit: 0 issues\n`;
+    } else {
+      const plainFormTagsCount = issues.formIssues.filter(i => i.type === 'plainFormTag').length;
+      const reactHookFormImportsCount = issues.formIssues.filter(i => i.type === 'reactHookFormImport').length;
+      report += `- ❌ Component Usage Audit: ${componentIssuesCount} issue(s)\n`;
+      if (plainFormTagsCount > 0) {
+        report += `  - Plain <form> tags: ${plainFormTagsCount}\n`;
+      }
+      if (reactHookFormImportsCount > 0) {
+        report += `  - Direct react-hook-form imports: ${reactHookFormImportsCount}\n`;
+      }
+    }
+    
+    // Compliance Audit Summary
+    if (complianceIssuesCount === 0) {
+      report += `- ✅ Compliance Audit: 0 issues\n`;
+    } else {
+      report += `- ❌ Compliance Audit: ${complianceIssuesCount} issue(s)\n`;
+      if (complianceIssues.nativeElements.length > 0) {
+        report += `  - Native HTML elements: ${complianceIssues.nativeElements.length}\n`;
+      }
+      if (complianceIssues.restrictedImports.length > 0) {
+        report += `  - Restricted imports: ${complianceIssues.restrictedImports.length}\n`;
+      }
+      if (complianceIssues.customHooks.length > 0) {
+        report += `  - Custom hooks: ${complianceIssues.customHooks.length}\n`;
+      }
+      if (complianceIssues.customUtils.length > 0) {
+        report += `  - Custom utilities: ${complianceIssues.customUtils.length}\n`;
+      }
+      if (complianceIssues.supabaseClient.length > 0) {
+        report += `  - Supabase client issues: ${complianceIssues.supabaseClient.length}\n`;
+      }
+      if (complianceIssues.rbacSetup.length > 0) {
+        report += `  - RBAC setup issues: ${complianceIssues.rbacSetup.length}\n`;
       }
-    } catch (error) {
-      console.error(`${colors.red}Error generating ${reporterName} report: ${error.message}${colors.reset}`);
+      if (complianceIssues.rbacPermission && complianceIssues.rbacPermission.length > 0) {
+        report += `  - RBAC permission usage issues: ${complianceIssues.rbacPermission.length}\n`;
+      }
+      if (complianceIssues.providers.length > 0) {
+        report += `  - Provider issues: ${complianceIssues.providers.length}\n`;
+      }
+      if (complianceIssues.coreStyles.length > 0) {
+        report += `  - Core styles issues: ${complianceIssues.coreStyles.length}\n`;
+      }
+      if (complianceIssues.inlineStyles.length > 0) {
+        report += `  - Inline styles: ${complianceIssues.inlineStyles.length}\n`;
+      }
+    }
+    
+    // Standards Audit Summary
+    if (standardsIssuesCount === 0) {
+      report += `- ✅ Standards Audit: 0 issues\n`;
+    } else {
+      report += `- ❌ Standards Audit: ${standardsIssuesCount} issue(s)\n`;
+      if (standardsIssues.cursorRuleset.length > 0) {
+        report += `  - Cursor ruleset: ${standardsIssues.cursorRuleset.length}\n`;
+      }
+      if (standardsIssues.typescriptConfig.length > 0) {
+        report += `  - TypeScript config: ${standardsIssues.typescriptConfig.length}\n`;
+      }
+      if (standardsIssues.anyTypes.length > 0) {
+        report += `  - Any types: ${standardsIssues.anyTypes.length}\n`;
+      }
+      if (standardsIssues.namingConvention.length > 0) {
+        report += `  - Naming conventions: ${standardsIssues.namingConvention.length}\n`;
+      }
+      if (standardsIssues.rlsPolicy.length > 0) {
+        report += `  - RLS policies: ${standardsIssues.rlsPolicy.length}\n`;
+      }
+      if (standardsIssues.rpcNaming.length > 0) {
+        report += `  - RPC naming: ${standardsIssues.rpcNaming.length}\n`;
+      }
+      if (standardsIssues.testingConfig.length > 0) {
+        report += `  - Testing config: ${standardsIssues.testingConfig.length}\n`;
+      }
+      if (standardsIssues.inputValidation.length > 0) {
+        report += `  - Input validation: ${standardsIssues.inputValidation.length}\n`;
+      }
+      if (standardsIssues.loggingSecurity.length > 0) {
+        report += `  - Logging security: ${standardsIssues.loggingSecurity.length}\n`;
+      }
+      if (standardsIssues.errorMessages.length > 0) {
+        report += `  - Error messages: ${standardsIssues.errorMessages.length}\n`;
+      }
+    }
+    
+    // RBAC Audit Summary
+    if (rbacIssuesCount === 0) {
+      report += `- ✅ RBAC Audit: 0 issues\n`;
+    } else {
+      report += `- ❌ RBAC Audit: ${rbacIssuesCount} issue(s)\n`;
+      if (rbacIssues.rbacPageGuard.length > 0) {
+        report += `  - PagePermissionGuard issues: ${rbacIssues.rbacPageGuard.length}\n`;
+      }
+      if (rbacIssues.rbacWrapperComponent.length > 0) {
+        report += `  - Wrapper components: ${rbacIssues.rbacWrapperComponent.length}\n`;
+      }
+      if (rbacIssues.rbacWrapperFunction.length > 0) {
+        report += `  - Wrapper functions: ${rbacIssues.rbacWrapperFunction.length}\n`;
+      }
+      if (rbacIssues.rbacResourceNames.length > 0) {
+        report += `  - RESOURCE_NAMES constants: ${rbacIssues.rbacResourceNames.length}\n`;
+      }
+      if (rbacIssues.rbacAccessDenied.length > 0) {
+        report += `  - AccessDenied component: ${rbacIssues.rbacAccessDenied.length}\n`;
+      }
+      if (rbacIssues.rbacDirectRPC.length > 0) {
+        report += `  - Direct RBAC RPC calls: ${rbacIssues.rbacDirectRPC.length}\n`;
+      }
+      if (rbacIssues.rbacDirectTable.length > 0) {
+        report += `  - Direct RBAC table queries: ${rbacIssues.rbacDirectTable.length}\n`;
+      }
+      if (rbacIssues.rbacHardcodedRole.length > 0) {
+        report += `  - Hardcoded role checks: ${rbacIssues.rbacHardcodedRole.length}\n`;
+      }
+      if (rbacIssues.rbacEnforcePermissions.length > 0) {
+        report += `  - enforcePermissions config: ${rbacIssues.rbacEnforcePermissions.length}\n`;
+      }
+      if (rbacIssues.rbacEdgeFunction.length > 0) {
+        report += `  - Edge Functions RBAC: ${rbacIssues.rbacEdgeFunction.length}\n`;
+      }
+    }
+    
+    report += `\n- **Total Issues: ${totalIssues}**\n\n`;
+  }
+  
+  report += `---\n\n`;
+  
+  // Detailed Issues - Grouped by Audit Type
+  
+  // Dependency Audit Issues
+  if (dependencyIssuesCount > 0) {
+    report += `## 📦 Dependency Audit Issues\n\n`;
+    
+    // Included Dependencies
+    if (issues.includedDeps.length > 0) {
+      report += `### ❌ Included Dependencies (MUST REMOVE)\n\n`;
+      report += `These packages are already included in pace-core and should NOT be installed:\n\n`;
+      issues.includedDeps.forEach(issue => {
+        report += `- **${issue.package}**@${issue.installed} (in ${issue.location})\n`;
+        report += `  - **Problem:** Should NOT be installed (already included in pace-core)\n`;
+        report += `  - **Fix:** Run \`npm uninstall ${issue.package}\`\n\n`;
+      });
+    }
+    
+    // Missing Required
+    if (issues.missingRequired.length > 0) {
+      report += `### ❌ Missing Required Dependencies\n\n`;
+      report += `These packages are required for pace-core to function:\n\n`;
+      issues.missingRequired.forEach(issue => {
+        report += `- **${issue.package}** (required: ${issue.required})\n`;
+        report += `  - **Problem:** Required dependency is missing\n`;
+        report += `  - **Fix:** Run \`npm install ${issue.package}@${issue.required}\`\n\n`;
+      });
+    }
+    
+    // Version Issues
+    if (issues.versionIssues.length > 0) {
+      report += `### ⚠️ Version Issues\n\n`;
+      issues.versionIssues.forEach(issue => {
+        report += `- **${issue.package}**\n`;
+        report += `  - **Installed:** ${issue.installed}\n`;
+        report += `  - **Required:** ${issue.required}\n`;
+        report += `  - **Problem:** Version mismatch\n`;
+        report += `  - **Fix:** Run \`npm install ${issue.package}@${issue.required}\`\n\n`;
+      });
+    }
+    
+    // Wrong Location
+    if (issues.wrongLocation.length > 0) {
+      report += `### ⚠️ Dependencies in Wrong Location\n\n`;
+      issues.wrongLocation.forEach(issue => {
+        report += `- **${issue.package}**\n`;
+        report += `  - **Currently in:** ${issue.current}\n`;
+        report += `  - **Should be in:** ${issue.shouldBe}\n`;
+        report += `  - **Problem:** Dependency is in the wrong section of package.json\n`;
+        report += `  - **Fix:**\n`;
+        report += `    \`\`\`bash\n`;
+        report += `    npm uninstall ${issue.package}\n`;
+        report += `    npm install -D ${issue.package}\n`;
+        report += `    \`\`\`\n\n`;
+      });
+    }
+    
+    // Vite Aliases
+    if (issues.viteAliases.length > 0) {
+      report += `### ❌ Vite Aliases Bypassing pace-core Exports\n\n`;
+      report += `These Vite aliases bypass pace-core's exports and should be removed:\n\n`;
+      issues.viteAliases.forEach(issue => {
+        report += `- **${issue.alias}** → **${issue.target}**\n`;
+        report += `  - **File:** ${issue.file}${issue.line ? ` (line ${issue.line})` : ''}\n`;
+        report += `  - **Problem:** This alias bypasses pace-core's export for \`${issue.alias}\`\n`;
+        report += `  - **Fix:** Remove \`"${issue.alias}": "${issue.target}"\` from your Vite config and use \`${issue.alias}\` directly from pace-core\n\n`;
+      });
+    }
+  }
+  
+  // Component Usage Audit Issues
+  if (componentIssuesCount > 0) {
+    report += `## 🧩 Component Usage Audit Issues\n\n`;
+    
+    // Form Usage Issues
+    if (issues.formIssues && issues.formIssues.length > 0) {
+      report += `### ❌ Form Usage Issues (MUST FIX)\n\n`;
+      report += `These files use plain \`<form>\` tags or direct \`react-hook-form\` imports instead of pace-core Form component:\n\n`;
+      
+      // Group by file for better readability
+      const issuesByFile = {};
+      issues.formIssues.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+        });
+        report += `\n`;
+      });
+      
+      report += `**Fix:** Replace with pace-core Form component. See migration guide below.\n\n`;
     }
   }
   
-  // Exit with appropriate code
-  const exitCode = results.summary.errors > 0 ? 1 : 0;
-  process.exit(exitCode);
+  // Compliance Audit Issues
+  if (complianceIssuesCount > 0) {
+    report += `## 🔒 Compliance Audit Issues\n\n`;
+    
+    // Native Elements
+    if (complianceIssues.nativeElements.length > 0) {
+      report += `### ❌ Native HTML Elements (MUST FIX)\n\n`;
+      report += `These files use native HTML elements when pace-core components exist:\n\n`;
+      
+      const issuesByFile = {};
+      complianceIssues.nativeElements.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Restricted Imports
+    if (complianceIssues.restrictedImports.length > 0) {
+      report += `### ❌ Restricted Library Imports (MUST FIX)\n\n`;
+      report += `These files import directly from restricted libraries. Use pace-core wrappers instead:\n\n`;
+      
+      const issuesByFile = {};
+      complianceIssues.restrictedImports.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Custom Hooks
+    if (complianceIssues.customHooks.length > 0) {
+      report += `### ⚠️ Custom Hooks (Consider Using pace-core)\n\n`;
+      report += `These files define custom hooks that pace-core provides:\n\n`;
+      
+      const issuesByFile = {};
+      complianceIssues.customHooks.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Custom Utils
+    if (complianceIssues.customUtils.length > 0) {
+      report += `### ⚠️ Custom Utilities (Consider Using pace-core)\n\n`;
+      report += `These files define custom utilities that pace-core provides:\n\n`;
+      
+      const issuesByFile = {};
+      complianceIssues.customUtils.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Supabase Client
+    if (complianceIssues.supabaseClient.length > 0) {
+      report += `### ❌ Supabase Client Usage Issues (MUST FIX)\n\n`;
+      report += `These files have Supabase client usage issues:\n\n`;
+      
+      const issuesByFile = {};
+      complianceIssues.supabaseClient.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // RBAC Permission Usage
+    if (complianceIssues.rbacPermission && complianceIssues.rbacPermission.length > 0) {
+      report += `### ❌ RBAC Permission Usage Issues (MUST FIX)\n\n`;
+      report += `These issues can cause false negative permission checks when scope resolution is still in progress.\n\n`;
+      complianceIssues.rbacPermission.forEach(issue => {
+        report += `**${issue.file}:${issue.line}** - ${issue.severity.toUpperCase()}\n`;
+        report += `${issue.message}\n\n`;
+        if (issue.fix) {
+          report += `**Fix:** ${issue.fix}\n\n`;
+        }
+        if (issue.code) {
+          report += `\`\`\`typescript\n${issue.code}\n\`\`\`\n\n`;
+        }
+        report += `---\n\n`;
+      });
+    }
+
+    // RBAC Setup
+    if (complianceIssues.rbacSetup.length > 0) {
+      report += `### ❌ RBAC Setup Issues (MUST FIX)\n\n`;
+      complianceIssues.rbacSetup.forEach(issue => {
+        report += `- **${issue.file}** (Line ${issue.line}): ${issue.message}\n`;
+        report += `  - **Fix:** ${issue.fix}\n\n`;
+      });
+    }
+    
+    // Providers
+    if (complianceIssues.providers.length > 0) {
+      report += `### ❌ Provider Usage Issues (MUST FIX)\n\n`;
+      complianceIssues.providers.forEach(issue => {
+        report += `- **${issue.file}** (Line ${issue.line}): ${issue.message}\n`;
+        report += `  - **Fix:** ${issue.fix}\n\n`;
+      });
+    }
+    
+    // Core Styles
+    if (complianceIssues.coreStyles.length > 0) {
+      report += `### ❌ Core Styles Import Issues (MUST FIX)\n\n`;
+      complianceIssues.coreStyles.forEach(issue => {
+        report += `- **${issue.file}** (Line ${issue.line}): ${issue.message}\n`;
+        report += `  - **Fix:** ${issue.fix}\n\n`;
+      });
+    }
+    
+    // Inline Styles
+    if (complianceIssues.inlineStyles.length > 0) {
+      report += `### ❌ Inline Styles (MUST FIX)\n\n`;
+      report += `These files use inline styles. Use pace-core components or Tailwind classes instead:\n\n`;
+      
+      const issuesByFile = {};
+      complianceIssues.inlineStyles.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+  }
+  
+  // Standards Audit Issues
+  if (standardsIssuesCount > 0) {
+    report += `## 📋 Standards Audit Issues\n\n`;
+    
+    // Cursor Ruleset
+    if (standardsIssues.cursorRuleset.length > 0) {
+      report += `### ❌ Cursor Ruleset Issues (MUST FIX)\n\n`;
+      report += `Required rule files are missing from .cursor/rules/ directory:\n\n`;
+      standardsIssues.cursorRuleset.forEach(issue => {
+        report += `- **${issue.file}** (Line ${issue.line}): ${issue.message}\n`;
+        report += `  - **Fix:** ${issue.fix}\n\n`;
+      });
+    }
+    
+    // TypeScript Config
+    if (standardsIssues.typescriptConfig.length > 0) {
+      report += `### ❌ TypeScript Configuration Issues (MUST FIX)\n\n`;
+      standardsIssues.typescriptConfig.forEach(issue => {
+        report += `- **${issue.file}** (Line ${issue.line}): ${issue.message}\n`;
+        if (issue.code) {
+          report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+        }
+        report += `  - **Fix:** ${issue.fix}\n\n`;
+      });
+    }
+    
+    // Any Types
+    if (standardsIssues.anyTypes.length > 0) {
+      report += `### ⚠️ Any Types Detected\n\n`;
+      report += `These files use 'any' types. Consider using 'unknown' or proper types:\n\n`;
+      
+      const issuesByFile = {};
+      standardsIssues.anyTypes.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Naming Conventions
+    if (standardsIssues.namingConvention.length > 0) {
+      report += `### ⚠️ Naming Convention Issues\n\n`;
+      report += `These files have naming convention violations:\n\n`;
+      
+      const issuesByFile = {};
+      standardsIssues.namingConvention.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // RLS Policies
+    if (standardsIssues.rlsPolicy.length > 0) {
+      report += `### ❌ RLS Policy Issues (MUST FIX)\n\n`;
+      report += `These SQL migrations have RLS policy violations:\n\n`;
+      
+      const issuesByFile = {};
+      standardsIssues.rlsPolicy.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // RPC Naming
+    if (standardsIssues.rpcNaming.length > 0) {
+      report += `### ❌ RPC Naming Issues (MUST FIX)\n\n`;
+      report += `These SQL migrations have RPC function naming violations:\n\n`;
+      
+      const issuesByFile = {};
+      standardsIssues.rpcNaming.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Testing Config
+    if (standardsIssues.testingConfig.length > 0) {
+      report += `### ❌ Testing Configuration Issues (MUST FIX)\n\n`;
+      standardsIssues.testingConfig.forEach(issue => {
+        report += `- **${issue.file}** (Line ${issue.line}): ${issue.message}\n`;
+        if (issue.code) {
+          report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+        }
+        report += `  - **Fix:** ${issue.fix}\n\n`;
+      });
+    }
+    
+    // Input Validation (heuristic)
+    if (standardsIssues.inputValidation.length > 0) {
+      report += `### ⚠️ Input Validation Issues (Heuristic)\n\n`;
+      report += `These files may be missing Zod validation. This is a heuristic check and may have false positives:\n\n`;
+      
+      const issuesByFile = {};
+      standardsIssues.inputValidation.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Logging Security (heuristic)
+    if (standardsIssues.loggingSecurity.length > 0) {
+      report += `### ⚠️ Logging Security Issues (Heuristic)\n\n`;
+      report += `These files may be logging sensitive data. This is a heuristic check and may have false positives:\n\n`;
+      
+      const issuesByFile = {};
+      standardsIssues.loggingSecurity.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Error Messages (heuristic)
+    if (standardsIssues.errorMessages.length > 0) {
+      report += `### ⚠️ Error Message Safety Issues (Heuristic)\n\n`;
+      report += `These files may expose internal details in error messages. This is a heuristic check and may have false positives:\n\n`;
+      
+      const issuesByFile = {};
+      standardsIssues.errorMessages.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+  }
+  
+  // RBAC Audit Issues
+  if (rbacIssuesCount > 0) {
+    report += `## 🔐 RBAC Audit Issues\n\n`;
+    report += `These issues relate to RBAC (Role-Based Access Control) compliance. See [09-rbac-compliance.mdc](../../packages/core/cursor-rules/09-rbac-compliance.mdc) for complete documentation.\n\n`;
+    
+    // PagePermissionGuard Issues
+    if (rbacIssues.rbacPageGuard.length > 0) {
+      report += `### ❌ PagePermissionGuard Issues (MUST FIX)\n\n`;
+      report += `These pages are missing PagePermissionGuard wrapper or using it incorrectly:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacPageGuard.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Wrapper Components
+    if (rbacIssues.rbacWrapperComponent.length > 0) {
+      report += `### ❌ Wrapper Components Around PagePermissionGuard (MUST FIX)\n\n`;
+      report += `These components wrap PagePermissionGuard, which is forbidden:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacWrapperComponent.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Wrapper Functions
+    if (rbacIssues.rbacWrapperFunction.length > 0) {
+      report += `### ❌ Wrapper Functions Around Permission Hooks (MUST FIX)\n\n`;
+      report += `These functions wrap permission hooks, which is forbidden:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacWrapperFunction.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // RESOURCE_NAMES Constants
+    if (rbacIssues.rbacResourceNames.length > 0) {
+      report += `### ❌ RESOURCE_NAMES Constants Usage (MUST FIX)\n\n`;
+      report += `These files use string literals in useResourcePermissions instead of RESOURCE_NAMES constants:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacResourceNames.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // AccessDenied Component
+    if (rbacIssues.rbacAccessDenied.length > 0) {
+      report += `### ⚠️ AccessDenied Component Usage\n\n`;
+      report += `These files use custom access denied components instead of pace-core AccessDenied:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacAccessDenied.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Direct RBAC RPC Calls
+    if (rbacIssues.rbacDirectRPC.length > 0) {
+      report += `### ❌ Direct RBAC RPC Calls (SECURITY CRITICAL)\n\n`;
+      report += `These files call RBAC RPC functions directly, bypassing security validation:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacDirectRPC.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Direct RBAC Table Queries
+    if (rbacIssues.rbacDirectTable.length > 0) {
+      report += `### ❌ Direct RBAC Table Queries (SECURITY CRITICAL)\n\n`;
+      report += `These files query RBAC tables directly without useSecureSupabase:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacDirectTable.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Hardcoded Role Checks
+    if (rbacIssues.rbacHardcodedRole.length > 0) {
+      report += `### ❌ Hardcoded Role Checks (SECURITY CRITICAL)\n\n`;
+      report += `These files use hardcoded role comparisons instead of pace-core APIs:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacHardcodedRole.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // enforcePermissions Configuration
+    if (rbacIssues.rbacEnforcePermissions.length > 0) {
+      report += `### ❌ enforcePermissions Configuration Issues\n\n`;
+      report += `These files have incorrect enforcePermissions configuration:\n\n`;
+      
+      rbacIssues.rbacEnforcePermissions.forEach(issue => {
+        report += `- **${issue.file}** (Line ${issue.line}): ${issue.message}\n`;
+        if (issue.code) {
+          report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+        }
+        report += `  - **Fix:** ${issue.fix}\n\n`;
+      });
+    }
+    
+    // Edge Functions RBAC
+    if (rbacIssues.rbacEdgeFunction.length > 0) {
+      report += `### ❌ Edge Functions RBAC Issues (SECURITY CRITICAL)\n\n`;
+      report += `These Edge Functions have RBAC compliance issues:\n\n`;
+      
+      rbacIssues.rbacEdgeFunction.forEach(issue => {
+        report += `- **${issue.file}** (Line ${issue.line}): ${issue.message}\n`;
+        if (issue.code) {
+          report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+        }
+        report += `  - **Fix:** ${issue.fix}\n\n`;
+      });
+    }
+  }
+  
+  // RBAC Audit Issues
+  if (rbacIssuesCount > 0) {
+    report += `## 🔐 RBAC Audit Issues\n\n`;
+    report += `These issues relate to RBAC (Role-Based Access Control) compliance. See [09-rbac-compliance.mdc](../../packages/core/cursor-rules/09-rbac-compliance.mdc) for complete documentation.\n\n`;
+    
+    // PagePermissionGuard Issues
+    if (rbacIssues.rbacPageGuard.length > 0) {
+      report += `### ❌ PagePermissionGuard Issues (MUST FIX)\n\n`;
+      report += `These pages are missing PagePermissionGuard wrapper or using it incorrectly:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacPageGuard.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Wrapper Components
+    if (rbacIssues.rbacWrapperComponent.length > 0) {
+      report += `### ❌ Wrapper Components Around PagePermissionGuard (MUST FIX)\n\n`;
+      report += `These components wrap PagePermissionGuard, which is forbidden:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacWrapperComponent.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Wrapper Functions
+    if (rbacIssues.rbacWrapperFunction.length > 0) {
+      report += `### ❌ Wrapper Functions Around Permission Hooks (MUST FIX)\n\n`;
+      report += `These functions wrap permission hooks, which is forbidden:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacWrapperFunction.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // RESOURCE_NAMES Constants
+    if (rbacIssues.rbacResourceNames.length > 0) {
+      report += `### ❌ RESOURCE_NAMES Constants Usage (MUST FIX)\n\n`;
+      report += `These files use string literals in useResourcePermissions instead of RESOURCE_NAMES constants:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacResourceNames.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // AccessDenied Component
+    if (rbacIssues.rbacAccessDenied.length > 0) {
+      report += `### ⚠️ AccessDenied Component Usage\n\n`;
+      report += `These files use custom access denied components instead of pace-core AccessDenied:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacAccessDenied.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Direct RBAC RPC Calls
+    if (rbacIssues.rbacDirectRPC.length > 0) {
+      report += `### ❌ Direct RBAC RPC Calls (SECURITY CRITICAL)\n\n`;
+      report += `These files call RBAC RPC functions directly, bypassing security validation:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacDirectRPC.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Direct RBAC Table Queries
+    if (rbacIssues.rbacDirectTable.length > 0) {
+      report += `### ❌ Direct RBAC Table Queries (SECURITY CRITICAL)\n\n`;
+      report += `These files query RBAC tables directly without useSecureSupabase:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacDirectTable.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // Hardcoded Role Checks
+    if (rbacIssues.rbacHardcodedRole.length > 0) {
+      report += `### ❌ Hardcoded Role Checks (SECURITY CRITICAL)\n\n`;
+      report += `These files use hardcoded role comparisons instead of pace-core APIs:\n\n`;
+      
+      const issuesByFile = {};
+      rbacIssues.rbacHardcodedRole.forEach(issue => {
+        if (!issuesByFile[issue.file]) {
+          issuesByFile[issue.file] = [];
+        }
+        issuesByFile[issue.file].push(issue);
+      });
+      
+      Object.entries(issuesByFile).forEach(([file, fileIssues]) => {
+        report += `#### ${file}\n\n`;
+        fileIssues.forEach(issue => {
+          report += `- **Line ${issue.line}**: ${issue.message}\n`;
+          if (issue.code) {
+            report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+          }
+          report += `  - **Fix:** ${issue.fix}\n\n`;
+        });
+      });
+    }
+    
+    // enforcePermissions Configuration
+    if (rbacIssues.rbacEnforcePermissions.length > 0) {
+      report += `### ❌ enforcePermissions Configuration Issues\n\n`;
+      report += `These files have incorrect enforcePermissions configuration:\n\n`;
+      
+      rbacIssues.rbacEnforcePermissions.forEach(issue => {
+        report += `- **${issue.file}** (Line ${issue.line}): ${issue.message}\n`;
+        if (issue.code) {
+          report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+        }
+        report += `  - **Fix:** ${issue.fix}\n\n`;
+      });
+    }
+    
+    // Edge Functions RBAC
+    if (rbacIssues.rbacEdgeFunction.length > 0) {
+      report += `### ❌ Edge Functions RBAC Issues (SECURITY CRITICAL)\n\n`;
+      report += `These Edge Functions have RBAC compliance issues:\n\n`;
+      
+      rbacIssues.rbacEdgeFunction.forEach(issue => {
+        report += `- **${issue.file}** (Line ${issue.line}): ${issue.message}\n`;
+        if (issue.code) {
+          report += `  \`\`\`\n  ${issue.code}\n  \`\`\`\n`;
+        }
+        report += `  - **Fix:** ${issue.fix}\n\n`;
+      });
+    }
+  }
+  
+  // Missing Optional (informational only)
+  if (issues.missingOptional.length > 0) {
+    report += `---\n\n`;
+    report += `## ℹ️ Missing Optional Dependencies\n\n`;
+    report += `These packages are optional (only install if you use these features):\n\n`;
+    issues.missingOptional.forEach(issue => {
+      report += `- **${issue.package}** (required: ${issue.required})\n`;
+    });
+    report += `\n`;
+  }
+  
+  // Fix Commands Section
+  if (totalIssues > 0) {
+    report += `---\n\n`;
+    report += `## 🔧 Quick Fix Commands\n\n`;
+    report += `Run these commands to fix the issues found:\n\n`;
+    
+    if (issues.includedDeps.length > 0) {
+      const depsToRemove = issues.includedDeps.map(i => i.package).join(' ');
+      report += `### Remove Included Dependencies\n\n`;
+      report += `\`\`\`bash\n`;
+      report += `npm uninstall ${depsToRemove}\n`;
+      report += `\`\`\`\n\n`;
+    }
+    
+    if (issues.missingRequired.length > 0) {
+      const depsToInstall = issues.missingRequired
+        .map(i => `${i.package}@${i.required}`)
+        .join(' ');
+      report += `### Install Missing Required Dependencies\n\n`;
+      report += `\`\`\`bash\n`;
+      report += `npm install ${depsToInstall}\n`;
+      report += `\`\`\`\n\n`;
+    }
+    
+    if (issues.versionIssues.length > 0) {
+      const depsToFix = issues.versionIssues
+        .map(i => `${i.package}@${i.required}`)
+        .join(' ');
+      report += `### Fix Version Ranges\n\n`;
+      report += `\`\`\`bash\n`;
+      report += `npm install ${depsToFix}\n`;
+      report += `\`\`\`\n\n`;
+    }
+    
+    if (issues.wrongLocation.length > 0) {
+      issues.wrongLocation.forEach(issue => {
+        report += `### Move ${issue.package} to devDependencies\n\n`;
+        report += `\`\`\`bash\n`;
+        report += `npm uninstall ${issue.package}\n`;
+        report += `npm install -D ${issue.package}\n`;
+        report += `\`\`\`\n\n`;
+      });
+    }
+    
+    if (issues.viteAliases.length > 0) {
+      report += `### Fix Vite Aliases\n\n`;
+      report += `Remove the following aliases from your \`vite.config.ts\` (or \`vite.config.js\`):\n\n`;
+      issues.viteAliases.forEach(issue => {
+        report += `- Remove: \`"${issue.alias}": "${issue.target}"\`\n`;
+      });
+      report += `\n`;
+      report += `These aliases bypass pace-core's exports. Use the pace-core exports directly instead.\n\n`;
+    }
+    
+    if (issues.formIssues && issues.formIssues.length > 0) {
+      report += `### Fix Form Usage\n\n`;
+      report += `Replace plain \`<form>\` tags and direct \`react-hook-form\` usage with pace-core Form component:\n\n`;
+      report += `**Before (❌ Wrong):**\n`;
+      report += `\`\`\`tsx\n`;
+      report += `import { useForm } from 'react-hook-form';\n`;
+      report += `\n`;
+      report += `function MyForm() {\n`;
+      report += `  const { register, handleSubmit } = useForm();\n`;
+      report += `  return (\n`;
+      report += `    <form onSubmit={handleSubmit(onSubmit)}>\n`;
+      report += `      <input {...register('name')} />\n`;
+      report += `      <button type="submit">Submit</button>\n`;
+      report += `    </form>\n`;
+      report += `  );\n`;
+      report += `}\n`;
+      report += `\`\`\`\n\n`;
+      report += `**After (✅ Correct):**\n`;
+      report += `\`\`\`tsx\n`;
+      report += `import { Form, FormField, Button } from '@jmruthers/pace-core';\n`;
+      report += `import { z } from 'zod';\n`;
+      report += `\n`;
+      report += `const formSchema = z.object({\n`;
+      report += `  name: z.string().min(1, 'Name is required'),\n`;
+      report += `});\n`;
+      report += `\n`;
+      report += `function MyForm() {\n`;
+      report += `  return (\n`;
+      report += `    <Form\n`;
+      report += `      schema={formSchema}\n`;
+      report += `      defaultValues={{ name: '' }}\n`;
+      report += `      onSubmit={(data) => console.log(data)}\n`;
+      report += `    >\n`;
+      report += `      <FormField name="name" label="Name" />\n`;
+      report += `      <Button type="submit">Submit</Button>\n`;
+      report += `    </Form>\n`;
+      report += `  );\n`;
+      report += `}\n`;
+      report += `\`\`\`\n\n`;
+      report += `**Key Benefits:**\n`;
+      report += `- Built-in Zod validation with type safety\n`;
+      report += `- Automatic form persistence (session draft)\n`;
+      report += `- Consistent styling with pace-core design system\n`;
+      report += `- Accessible form structure with error handling\n`;
+      report += `- Sensitive field filtering (passwords, etc.)\n\n`;
+      report += `**Documentation:** See [pace-core Forms Guide](https://github.com/jmruthers/pace-core/blob/main/packages/core/docs/implementation-guides/forms.md) for complete examples.\n\n`;
+    }
+  }
+  
+  report += `---\n\n`;
+  report += `*Generated by pace-core audit script*\n`;
+  
+  return report;
 }
 
-// Run if called directly
-if (require.main === module) {
-  main().catch(error => {
-    console.error(`${colors.red}Error: ${error.message}${colors.reset}`);
-    console.error(error.stack);
+// Main function
+function main() {
+  const args = process.argv.slice(2);
+  const consumingAppPath = args.find(arg => !arg.startsWith('--')) || process.cwd();
+  const outputArg = args.find(arg => arg.startsWith('--output'));
+  const outputPath = outputArg ? outputArg.split('=')[1] || 'audit-report.md' : null;
+  
+  console.log(`${colors.bold}${colors.cyan}pace-core Comprehensive Audit${colors.reset}\n`);
+  console.log(`${colors.cyan}${'='.repeat(50)}${colors.reset}\n`);
+  
+  // Run dependency audit (with Vite alias checks and component audit)
+  console.log(`${colors.blue}Running dependency audit...${colors.reset}`);
+  const auditResults = runDependencyAuditWithExtras(consumingAppPath, true);
+  
+  if (auditResults.error) {
+    console.error(`${colors.red}Error: ${auditResults.error}${colors.reset}`);
     process.exit(1);
-  });
+  }
+  
+  // Display results
+  const { projectName, paceCoreVersion, issues } = auditResults;
+  
+  // Calculate issue counts
+  const dependencyIssuesCount = issues.includedDeps.length + 
+                               issues.missingRequired.length + 
+                               issues.versionIssues.length + 
+                               issues.wrongLocation.length +
+                               issues.viteAliases.length;
+  
+  const componentIssuesCount = issues.formIssues?.length || 0;
+  
+  const complianceIssues = issues.complianceIssues || {
+    nativeElements: [],
+    restrictedImports: [],
+    customHooks: [],
+    customUtils: [],
+    supabaseClient: [],
+    rbacSetup: [],
+    providers: [],
+    coreStyles: [],
+    inlineStyles: [],
+  };
+  
+  const complianceIssuesCount = Object.values(complianceIssues).reduce((sum, arr) => sum + arr.length, 0);
+  
+  const standardsIssues = issues.standardsIssues || {
+    cursorRuleset: [],
+    typescriptConfig: [],
+    anyTypes: [],
+    namingConvention: [],
+    rlsPolicy: [],
+    rpcNaming: [],
+    testingConfig: [],
+    inputValidation: [],
+    loggingSecurity: [],
+    errorMessages: [],
+  };
+  
+  const standardsIssuesCount = Object.values(standardsIssues).reduce((sum, arr) => sum + arr.length, 0);
+  
+  const rbacIssues = issues.rbacIssues || {
+    rbacPageGuard: [],
+    rbacWrapperComponent: [],
+    rbacWrapperFunction: [],
+    rbacResourceNames: [],
+    rbacAccessDenied: [],
+    rbacDirectRPC: [],
+    rbacDirectTable: [],
+    rbacHardcodedRole: [],
+    rbacEnforcePermissions: [],
+    rbacEdgeFunction: [],
+  };
+  
+  const rbacIssuesCount = Object.values(rbacIssues).reduce((sum, arr) => sum + arr.length, 0);
+  
+  const totalIssues = dependencyIssuesCount + componentIssuesCount + complianceIssuesCount + standardsIssuesCount + rbacIssuesCount;
+  
+  // Display project info
+  console.log(`Project: ${colors.bold}${projectName}${colors.reset}`);
+  console.log(`pace-core: ${colors.bold}${paceCoreVersion}${colors.reset}\n`);
+  
+  // Display audit results summary
+  console.log(`${colors.bold}Audit Results:${colors.reset}\n`);
+  
+  // Dependency Audit
+  if (dependencyIssuesCount === 0) {
+    console.log(`  ${colors.green}✅ Dependency Audit: 0 issues${colors.reset}`);
+  } else {
+    console.log(`  ${colors.red}❌ Dependency Audit: ${dependencyIssuesCount} issue(s)${colors.reset}`);
+    if (issues.includedDeps.length > 0) {
+      console.log(`     - Included Dependencies: ${issues.includedDeps.length}`);
+    }
+    if (issues.missingRequired.length > 0) {
+      console.log(`     - Missing Required: ${issues.missingRequired.length}`);
+    }
+    if (issues.versionIssues.length > 0) {
+      console.log(`     - Version Issues: ${issues.versionIssues.length}`);
+    }
+    if (issues.wrongLocation.length > 0) {
+      console.log(`     - Wrong Location: ${issues.wrongLocation.length}`);
+    }
+    if (issues.viteAliases.length > 0) {
+      console.log(`     - Vite Aliases: ${issues.viteAliases.length}`);
+    }
+  }
+  
+  // Component Usage Audit
+  if (componentIssuesCount === 0) {
+    console.log(`  ${colors.green}✅ Component Usage Audit: 0 issues${colors.reset}`);
+  } else {
+    const plainFormTagsCount = issues.formIssues.filter(i => i.type === 'plainFormTag').length;
+    const reactHookFormImportsCount = issues.formIssues.filter(i => i.type === 'reactHookFormImport').length;
+    console.log(`  ${colors.red}❌ Component Usage Audit: ${componentIssuesCount} issue(s)${colors.reset}`);
+    if (plainFormTagsCount > 0) {
+      console.log(`     - Plain <form> tags: ${plainFormTagsCount}`);
+    }
+    if (reactHookFormImportsCount > 0) {
+      console.log(`     - Direct react-hook-form imports: ${reactHookFormImportsCount}`);
+    }
+  }
+  
+  // Compliance Audit
+  if (complianceIssuesCount === 0) {
+    console.log(`  ${colors.green}✅ Compliance Audit: 0 issues${colors.reset}`);
+  } else {
+    console.log(`  ${colors.red}❌ Compliance Audit: ${complianceIssuesCount} issue(s)${colors.reset}`);
+    if (complianceIssues.nativeElements.length > 0) {
+      console.log(`     - Native HTML elements: ${complianceIssues.nativeElements.length}`);
+    }
+    if (complianceIssues.restrictedImports.length > 0) {
+      console.log(`     - Restricted imports: ${complianceIssues.restrictedImports.length}`);
+    }
+    if (complianceIssues.customHooks.length > 0) {
+      console.log(`     - Custom hooks: ${complianceIssues.customHooks.length}`);
+    }
+    if (complianceIssues.customUtils.length > 0) {
+      console.log(`     - Custom utilities: ${complianceIssues.customUtils.length}`);
+    }
+    if (complianceIssues.supabaseClient.length > 0) {
+      console.log(`     - Supabase client issues: ${complianceIssues.supabaseClient.length}`);
+    }
+    if (complianceIssues.rbacSetup.length > 0) {
+      console.log(`     - RBAC setup issues: ${complianceIssues.rbacSetup.length}`);
+    }
+    if (complianceIssues.rbacPermission && complianceIssues.rbacPermission.length > 0) {
+      console.log(`     - RBAC permission usage issues: ${complianceIssues.rbacPermission.length}`);
+    }
+    if (complianceIssues.providers.length > 0) {
+      console.log(`     - Provider issues: ${complianceIssues.providers.length}`);
+    }
+    if (complianceIssues.coreStyles.length > 0) {
+      console.log(`     - Core styles issues: ${complianceIssues.coreStyles.length}`);
+    }
+    if (complianceIssues.inlineStyles.length > 0) {
+      console.log(`     - Inline styles: ${complianceIssues.inlineStyles.length}`);
+    }
+  }
+  
+  // Standards Audit
+  if (standardsIssuesCount === 0) {
+    console.log(`  ${colors.green}✅ Standards Audit: 0 issues${colors.reset}`);
+  } else {
+    console.log(`  ${colors.red}❌ Standards Audit: ${standardsIssuesCount} issue(s)${colors.reset}`);
+    if (standardsIssues.cursorRuleset.length > 0) {
+      console.log(`     - Cursor ruleset: ${standardsIssues.cursorRuleset.length}`);
+    }
+    if (standardsIssues.typescriptConfig.length > 0) {
+      console.log(`     - TypeScript config: ${standardsIssues.typescriptConfig.length}`);
+    }
+    if (standardsIssues.anyTypes.length > 0) {
+      console.log(`     - Any types: ${standardsIssues.anyTypes.length}`);
+    }
+    if (standardsIssues.namingConvention.length > 0) {
+      console.log(`     - Naming conventions: ${standardsIssues.namingConvention.length}`);
+    }
+    if (standardsIssues.rlsPolicy.length > 0) {
+      console.log(`     - RLS policies: ${standardsIssues.rlsPolicy.length}`);
+    }
+    if (standardsIssues.rpcNaming.length > 0) {
+      console.log(`     - RPC naming: ${standardsIssues.rpcNaming.length}`);
+    }
+    if (standardsIssues.testingConfig.length > 0) {
+      console.log(`     - Testing config: ${standardsIssues.testingConfig.length}`);
+    }
+    if (standardsIssues.inputValidation.length > 0) {
+      console.log(`     - Input validation: ${standardsIssues.inputValidation.length}`);
+    }
+    if (standardsIssues.loggingSecurity.length > 0) {
+      console.log(`     - Logging security: ${standardsIssues.loggingSecurity.length}`);
+    }
+    if (standardsIssues.errorMessages.length > 0) {
+      console.log(`     - Error messages: ${standardsIssues.errorMessages.length}`);
+    }
+  }
+  
+  // RBAC Audit
+  if (rbacIssuesCount === 0) {
+    console.log(`  ${colors.green}✅ RBAC Audit: 0 issues${colors.reset}`);
+  } else {
+    console.log(`  ${colors.red}❌ RBAC Audit: ${rbacIssuesCount} issue(s)${colors.reset}`);
+    if (rbacIssues.rbacPageGuard.length > 0) {
+      console.log(`     - PagePermissionGuard issues: ${rbacIssues.rbacPageGuard.length}`);
+    }
+    if (rbacIssues.rbacWrapperComponent.length > 0) {
+      console.log(`     - Wrapper components: ${rbacIssues.rbacWrapperComponent.length}`);
+    }
+    if (rbacIssues.rbacWrapperFunction.length > 0) {
+      console.log(`     - Wrapper functions: ${rbacIssues.rbacWrapperFunction.length}`);
+    }
+    if (rbacIssues.rbacResourceNames.length > 0) {
+      console.log(`     - RESOURCE_NAMES constants: ${rbacIssues.rbacResourceNames.length}`);
+    }
+    if (rbacIssues.rbacAccessDenied.length > 0) {
+      console.log(`     - AccessDenied component: ${rbacIssues.rbacAccessDenied.length}`);
+    }
+    if (rbacIssues.rbacDirectRPC.length > 0) {
+      console.log(`     - Direct RBAC RPC calls: ${rbacIssues.rbacDirectRPC.length}`);
+    }
+    if (rbacIssues.rbacDirectTable.length > 0) {
+      console.log(`     - Direct RBAC table queries: ${rbacIssues.rbacDirectTable.length}`);
+    }
+    if (rbacIssues.rbacHardcodedRole.length > 0) {
+      console.log(`     - Hardcoded role checks: ${rbacIssues.rbacHardcodedRole.length}`);
+    }
+    if (rbacIssues.rbacEnforcePermissions.length > 0) {
+      console.log(`     - enforcePermissions config: ${rbacIssues.rbacEnforcePermissions.length}`);
+    }
+    if (rbacIssues.rbacEdgeFunction.length > 0) {
+      console.log(`     - Edge Functions RBAC: ${rbacIssues.rbacEdgeFunction.length}`);
+    }
+  }
+  
+  // Total summary
+  console.log(`\n${colors.bold}Total Issues: ${totalIssues === 0 ? colors.green + '0 (All checks passed!)' : colors.red + totalIssues}${colors.reset}\n`);
+  
+  // Generate and save markdown report
+  const markdownReport = generateMarkdownReport(auditResults);
+  
+  // Generate timestamp in yyyymmddHHMM format
+  const now = new Date();
+  const year = now.getFullYear();
+  const month = String(now.getMonth() + 1).padStart(2, '0');
+  const day = String(now.getDate()).padStart(2, '0');
+  const hours = String(now.getHours()).padStart(2, '0');
+  const minutes = String(now.getMinutes()).padStart(2, '0');
+  const timestamp = `${year}${month}${day}${hours}${minutes}`;
+  
+  // Helper function to add timestamp to filename
+  function addTimestampToFilename(filePath) {
+    const dir = path.dirname(filePath);
+    const ext = path.extname(filePath);
+    const name = path.basename(filePath, ext);
+    return path.join(dir, `${name}-${timestamp}${ext}`);
+  }
+  
+  // Determine report path
+  let reportPath;
+  if (outputPath) {
+    reportPath = addTimestampToFilename(path.join(consumingAppPath, outputPath));
+  } else {
+    // Default: save to audit/ directory
+    const auditDir = path.join(consumingAppPath, 'audit');
+    if (!fs.existsSync(auditDir)) {
+      fs.mkdirSync(auditDir, { recursive: true });
+    }
+    reportPath = path.join(auditDir, `pace-core-audit-${timestamp}.md`);
+  }
+  
+  // Save report
+  fs.writeFileSync(reportPath, markdownReport, 'utf8');
+  
+  // Display report location
+  const relativeReportPath = path.relative(consumingAppPath, reportPath);
+  console.log(`${colors.bold}Report saved to:${colors.reset} ${colors.cyan}${relativeReportPath}${colors.reset}\n`);
+  
+  // Exit with error code if issues found
+  process.exit(totalIssues > 0 ? 1 : 0);
 }
 
-module.exports = { main };
+main();
+