@nerviq/cli 1.8.8 → 1.9.0

package/README.md

@@ -4,7 +4,7 @@
 
 [![npm version](https://img.shields.io/npm/v/@nerviq/cli)](https://www.npmjs.com/package/@nerviq/cli)
 [![License: AGPL-3.0](https://img.shields.io/badge/License-AGPL--3.0-blue.svg)](LICENSE)
-[![Checks: 2431](https://img.shields.io/badge/checks-2431-brightgreen)](https://github.com/nerviq/nerviq)
+[![Checks: 2438](https://img.shields.io/badge/checks-2438-brightgreen)](https://github.com/nerviq/nerviq)
 
 ---
 
@@ -14,7 +14,7 @@ Nerviq audits, sets up, and governs AI coding agent configurations for **8 platf
 
 | Platform | Checks | Status |
 |----------|--------|--------|
-| Claude Code | 393 | Full |
+| Claude Code | 400 | Full |
 | Codex (OpenAI) | 272 | Full |
 | Gemini CLI (Google) | 300 | Full |
 | GitHub Copilot | 299 | Full |
@@ -85,7 +85,7 @@ No install required. Zero dependencies.
 | **Team lead / DevEx** | `nerviq governance` → `nerviq audit --json` | CI threshold + `nerviq watch` |
 | **Enterprise / Platform** | `nerviq harmony-audit` → `nerviq harmony-drift` | Policy packs + `nerviq certify` |
 
-## 2,431 Checks Across 96 Categories (8 Platforms × ~300 Governance Rules)
+## 2,438 Checks Across 96 Categories (8 Platforms × ~300 Governance Rules)
 
 | Category Group | Checks | Examples |
 |----------------|--------|---------|
@@ -290,7 +290,7 @@ Nerviq is built on the NERVIQ knowledge engine — the largest verified catalog
 
 - **448+ research documents** covering all 8 platforms
 - **332+ experiments** with tested, rated results
-- **2,431 checks** across 8 platforms (~300 unique governance rules × 8 platform adaptations), each with `sourceUrl` and `confidence` level (0.0-1.0)
+- **2,438 checks** across 8 platforms (~300 unique governance rules × 8 platform adaptations), each with `sourceUrl` and `confidence` level (0.0-1.0)
 - Every check is traceable to primary documentation or verified experiment
 - 90-day freshness cycle: stale findings are re-verified or pruned
 
@@ -347,3 +347,16 @@ If Nerviq helped you, consider giving it a ⭐ on [GitHub](https://github.com/ne
 | `BETA` | Works but has limited real-world testing. API may change |
 | `EXPERIMENTAL` | Early stage, static rules, results may vary |
 
+## Previously nerviq-cli
+
+Nerviq was previously published as `nerviq-cli`. If you were using it:
+
+```bash
+# Old
+npx nerviq-cli
+
+# New
+npx @nerviq/cli audit
+```
+
+All features are preserved and expanded.

package/bin/cli.js

@@ -14,6 +14,7 @@ const { auditWorkspaces } = require('../src/workspace');
 const { scanOrg } = require('../src/org');
 const { detectAntiPatterns, printAntiPatterns, printAntiPatternCatalog } = require('../src/anti-patterns');
 const { VERIFICATION_DATES, getVerificationDate, getVerificationStats } = require('../src/verification-metadata');
+const { init: initI18n, t } = require('../src/i18n');
 const { version } = require('../package.json');
 
 const args = process.argv.slice(2);
@@ -91,11 +92,12 @@ function parseArgs(rawArgs) {
   let external = null;
   let repos = [];
   let teamProfile = null;
+  let lang = null;
 
   for (let i = 0; i < rawArgs.length; i++) {
     const arg = rawArgs[i];
 
-    if (arg === '--threshold' || arg === '--out' || arg === '--plan' || arg === '--only' || arg === '--profile' || arg === '--mcp-pack' || arg === '--require' || arg === '--key' || arg === '--status' || arg === '--effect' || arg === '--notes' || arg === '--source' || arg === '--score-delta' || arg === '--platform' || arg === '--format' || arg === '--from' || arg === '--to' || arg === '--port' || arg === '--workspace' || arg === '--check-version' || arg === '--webhook' || arg === '--external' || arg === '--team-profile') {
+    if (arg === '--threshold' || arg === '--out' || arg === '--plan' || arg === '--only' || arg === '--profile' || arg === '--mcp-pack' || arg === '--require' || arg === '--key' || arg === '--status' || arg === '--effect' || arg === '--notes' || arg === '--source' || arg === '--score-delta' || arg === '--platform' || arg === '--format' || arg === '--from' || arg === '--to' || arg === '--port' || arg === '--workspace' || arg === '--check-version' || arg === '--webhook' || arg === '--external' || arg === '--team-profile' || arg === '--lang') {
       const value = rawArgs[i + 1];
       if (!value || value.startsWith('--')) {
         throw new Error(`${arg} requires a value`);
@@ -123,10 +125,16 @@ function parseArgs(rawArgs) {
       if (arg === '--webhook') webhookUrl = value.trim();
       if (arg === '--external') external = value.trim();
       if (arg === '--team-profile') teamProfile = value.trim();
+      if (arg === '--lang') lang = value.trim().toLowerCase();
       i++;
       continue;
     }
 
+    if (arg.startsWith('--lang=')) {
+      lang = arg.split('=').slice(1).join('=').trim().toLowerCase();
+      continue;
+    }
+
     if (arg.startsWith('--team-profile=')) {
       teamProfile = arg.split('=').slice(1).join('=').trim();
       continue;
@@ -258,7 +266,7 @@ function parseArgs(rawArgs) {
 
   const normalizedCommand = COMMAND_ALIASES[command] || command;
 
-  return { flags, command, normalizedCommand, threshold, out, planFile, only, profile, mcpPacks, requireChecks, feedbackKey, feedbackStatus, feedbackEffect, feedbackNotes, feedbackSource, feedbackScoreDelta, platform, format, port, workspace, extraArgs, convertFrom, convertTo, migrateFrom, migrateTo, checkVersion, webhookUrl, external, repos, teamProfile };
+  return { flags, command, normalizedCommand, threshold, out, planFile, only, profile, mcpPacks, requireChecks, feedbackKey, feedbackStatus, feedbackEffect, feedbackNotes, feedbackSource, feedbackScoreDelta, platform, format, port, workspace, extraArgs, convertFrom, convertTo, migrateFrom, migrateTo, checkVersion, webhookUrl, external, repos, teamProfile, lang };
 }
 
 function printWorkspaceSummary(summary, options) {
@@ -308,6 +316,7 @@ function printScanDetail(summary, options) {
 
     // Show per-category breakdown if result is available
     if (item.result && item.result.results) {
+      const STACK_LANGUAGES = new Set(['python', 'go', 'rust', 'java', 'ruby', 'dotnet', 'php', 'flutter', 'swift', 'kotlin']);
       const categories = {};
       for (const r of item.result.results) {
         const cat = r.category || 'other';
@@ -315,7 +324,9 @@ function printScanDetail(summary, options) {
         categories[cat].total++;
         if (r.passed) categories[cat].passed++;
       }
-      const catEntries = Object.entries(categories).sort((a, b) => (a[1].passed / a[1].total) - (b[1].passed / b[1].total));
+      const catEntries = Object.entries(categories)
+        .filter(([cat, v]) => v.passed > 0 || !STACK_LANGUAGES.has(cat))
+        .sort((a, b) => (a[1].passed / a[1].total) - (b[1].passed / b[1].total));
       const catLine = catEntries.map(([cat, v]) => `${cat}: ${v.passed}/${v.total}`).join('  ');
       console.log(`    \x1b[2m${catLine}\x1b[0m`);
     }
@@ -509,6 +520,11 @@ async function main() {
 
   const { flags, command, normalizedCommand } = parsed;
 
+  // Initialize i18n with --lang flag or NERVIQ_LANG env var
+  if (parsed.lang) {
+    initI18n(parsed.lang);
+  }
+
   if (flags.includes('--help') || command === 'help') {
     console.log(HELP);
     process.exit(0);
@@ -544,6 +560,7 @@ async function main() {
     port: parsed.port !== null ? Number(parsed.port) : null,
     workspace: parsed.workspace || null,
     webhookUrl: parsed.webhookUrl || null,
+    lang: parsed.lang || null,
     external: parsed.external || null,
     dir: process.cwd()
   };
@@ -1402,7 +1419,21 @@ async function main() {
           console.error('\n  Error: Profile name required. Usage: nerviq profile load <name>\n');
           process.exit(1);
         }
-        const profile = loadProfile(options.dir, profileArg);
+        let profile;
+        try {
+          profile = loadProfile(options.dir, profileArg);
+        } catch {
+          // Not found as a user-saved profile — try built-in governance profiles
+          const { getPermissionProfile } = require('../src/governance');
+          const builtIn = getPermissionProfile(profileArg);
+          if (builtIn && builtIn.key === profileArg) {
+            profile = { name: builtIn.label, platforms: ['claude'], threshold: builtIn.threshold || 0, ...builtIn };
+          }
+        }
+        if (!profile) {
+          console.error(`\n  Error: Profile '${profileArg}' not found. Run 'nerviq profile list' to see available profiles.\n`);
+          process.exit(1);
+        }
 
         // Apply profile settings to .claude/settings.json
         const fs = require('fs');
@@ -1458,8 +1489,35 @@ async function main() {
         process.exit(1);
       }
     } else if (normalizedCommand === 'synergy-report') {
-      // Placeholder — synergy report is referenced but may not be implemented yet
-      console.log('\n  Synergy report: coming soon.\n');
+      const { formatSynergyReport } = require('../src/synergy/report');
+      const { detectActivePlatforms: detectSynergyPlatforms } = require('../src/harmony/canon');
+      const presentPlatforms = detectSynergyPlatforms(options.dir).map(p => p.platform);
+      if (presentPlatforms.length === 0) {
+        console.log('\n  No platform configurations detected.');
+        console.log('  Run "nerviq harmony-audit" first, or "nerviq setup" to bootstrap a platform.\n');
+        process.exit(0);
+      }
+      const platformAudits = {};
+      const activePlatforms = [];
+      for (const plat of presentPlatforms) {
+        try {
+          const result = await audit({ dir: options.dir, silent: true, platform: plat });
+          if (result && typeof result.score === 'number') {
+            platformAudits[plat] = result;
+            activePlatforms.push(plat);
+          }
+        } catch (_e) { /* platform not available */ }
+      }
+      if (activePlatforms.length === 0) {
+        console.log('\n  No auditable platforms found. Run "nerviq harmony-audit" first.\n');
+        process.exit(0);
+      }
+      const report = formatSynergyReport({ platformAudits, activePlatforms });
+      if (options.json) {
+        console.log(JSON.stringify({ activePlatforms, platformAudits }, null, 2));
+      } else {
+        console.log(report);
+      }
       process.exit(0);
     } else if (normalizedCommand === 'doctor') {
       const { runDoctor } = require('../src/doctor');
@@ -1888,6 +1946,16 @@ async function main() {
         process.exit(0);
       }
       const result = await audit(options);
+      if (options.out) {
+        const fs = require('fs');
+        const path = require('path');
+        const outPath = path.resolve(options.out);
+        fs.mkdirSync(path.dirname(outPath), { recursive: true });
+        fs.writeFileSync(outPath, JSON.stringify(result, null, 2), 'utf8');
+        if (!options.json) {
+          console.log(`\n  Audit report written to ${options.out}\n`);
+        }
+      }
       if (options.webhookUrl) {
         try {
           const { sendWebhook, formatSlackMessage } = require('../src/integrations');

package/package.json

@@ -1,59 +1,59 @@
-{
-  "name": "@nerviq/cli",
-  "version": "1.8.8",
-  "description": "The intelligent nervous system for AI coding agents — 2,431 checks (8 platforms × ~300 governance rules), 10 languages, 62 domain packs. Audit, align, and amplify.",
-  "main": "src/index.js",
-  "bin": {
-    "nerviq": "bin/cli.js",
-    "@nerviq/cli": "bin/cli.js",
-    "nerviq-mcp": "src/mcp-server.js"
-  },
-  "files": [
-    "bin",
-    "src",
-    "README.md"
-  ],
-  "scripts": {
-    "start": "node bin/cli.js",
-    "build": "npm pack --dry-run",
-    "test": "node test/run.js",
-    "test:jest": "jest",
-    "test:coverage": "jest --coverage",
-    "test:all": "npm test && npx jest && node test/check-matrix.js && node test/codex-check-matrix.js && node test/gemini-check-matrix.js && node test/copilot-check-matrix.js && node test/cursor-check-matrix.js && node test/windsurf-check-matrix.js && node test/aider-check-matrix.js && node test/opencode-check-matrix.js && node test/golden-matrix.js && node test/codex-golden-matrix.js && node test/gemini-golden-matrix.js && node test/copilot-golden-matrix.js && node test/cursor-golden-matrix.js && node test/windsurf-golden-matrix.js && node test/aider-golden-matrix.js && node test/opencode-golden-matrix.js",
-    "benchmark:perf": "node tools/benchmark.js",
-    "catalog": "node -e \"const {generateCatalog}=require('./src/catalog');console.log(JSON.stringify(generateCatalog(),null,2))\""
-  },
-  "keywords": [
-    "nerviq",
-    "ai-agents",
-    "agent-governance",
-    "agent-config",
-    "harmony",
-    "synergy",
-    "audit",
-    "claude",
-    "codex",
-    "gemini",
-    "copilot",
-    "cursor",
-    "windsurf",
-    "aider",
-    "developer-tools",
-    "cli",
-    "mcp",
-    "multi-agent"
-  ],
-  "author": "Nerviq <hello@nerviq.net>",
-  "license": "AGPL-3.0",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/nerviq/nerviq.git"
-  },
-  "homepage": "https://nerviq.net",
-  "engines": {
-    "node": ">=18.0.0"
-  },
-  "devDependencies": {
-    "jest": "^30.3.0"
-  }
-}
+{
+  "name": "@nerviq/cli",
+  "version": "1.9.0",
+  "description": "The intelligent nervous system for AI coding agents — 2,438 checks (8 platforms × ~300 governance rules), 10 languages, 62 domain packs. Audit, align, and amplify.",
+  "main": "src/index.js",
+  "bin": {
+    "nerviq": "bin/cli.js",
+    "@nerviq/cli": "bin/cli.js",
+    "nerviq-mcp": "src/mcp-server.js"
+  },
+  "files": [
+    "bin",
+    "src",
+    "README.md"
+  ],
+  "scripts": {
+    "start": "node bin/cli.js",
+    "build": "npm pack --dry-run",
+    "test": "node test/run.js",
+    "test:jest": "jest",
+    "test:coverage": "jest --coverage",
+    "test:all": "npm test && npx jest && node test/check-matrix.js && node test/codex-check-matrix.js && node test/gemini-check-matrix.js && node test/copilot-check-matrix.js && node test/cursor-check-matrix.js && node test/windsurf-check-matrix.js && node test/aider-check-matrix.js && node test/opencode-check-matrix.js && node test/golden-matrix.js && node test/codex-golden-matrix.js && node test/gemini-golden-matrix.js && node test/copilot-golden-matrix.js && node test/cursor-golden-matrix.js && node test/windsurf-golden-matrix.js && node test/aider-golden-matrix.js && node test/opencode-golden-matrix.js",
+    "benchmark:perf": "node tools/benchmark.js",
+    "catalog": "node -e \"const {generateCatalog}=require('./src/catalog');console.log(JSON.stringify(generateCatalog(),null,2))\""
+  },
+  "keywords": [
+    "nerviq",
+    "ai-agents",
+    "agent-governance",
+    "agent-config",
+    "harmony",
+    "synergy",
+    "audit",
+    "claude",
+    "codex",
+    "gemini",
+    "copilot",
+    "cursor",
+    "windsurf",
+    "aider",
+    "developer-tools",
+    "cli",
+    "mcp",
+    "multi-agent"
+  ],
+  "author": "Nerviq <hello@nerviq.net>",
+  "license": "AGPL-3.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/nerviq/nerviq.git"
+  },
+  "homepage": "https://nerviq.net",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "devDependencies": {
+    "jest": "^30.3.0"
+  }
+}

package/src/audit.js

@@ -33,6 +33,7 @@ const { loadPlugins, mergePluginChecks } = require('./plugins');
 const { hasWorkspaceConfig, detectWorkspaceGlobs, detectWorkspaces } = require('./workspace');
 const { detectDeprecationWarnings } = require('./deprecation');
 const { version: packageVersion } = require('../package.json');
+const { t } = require('./i18n');
 
 const COLORS = {
   reset: '\x1b[0m',
@@ -872,27 +873,27 @@ function getCodexDomainPackSignals(ctx) {
 
 function printLiteAudit(result, dir) {
   console.log('');
-  const productLabel = result.platform === 'codex' ? 'nerviq codex quick scan' : 'nerviq quick scan';
+  const productLabel = result.platform === 'codex' ? t('audit.codexQuickScan') : t('audit.quickScan');
   console.log(colorize(`  ${productLabel}`, 'bold'));
   console.log(colorize('  ═══════════════════════════════════════', 'dim'));
-  console.log(colorize(`  Scanning: ${dir}`, 'dim'));
+  console.log(colorize(`  ${t('audit.scanning', { dir })}`, 'dim'));
   console.log('');
   if (result.detectedConfigFiles && result.detectedConfigFiles.length > 0) {
     console.log(colorize(`  Found: ${result.detectedConfigFiles.join(', ')}`, 'dim'));
   }
   console.log('');
-  console.log(`  Score: ${colorize(`${result.score}/100`, 'bold')}  (${result.passed}/${result.passed + result.failed} checks passing)`);
+  console.log(`  ${t('audit.score', { score: colorize(`${result.score}/100`, 'bold'), passed: result.passed, total: result.passed + result.failed })}`);
 
   // Score explanation line (lite mode only)
   const _critCount = (result.results || []).filter(r => r.passed === false && r.impact === 'critical').length;
   const _highCount = (result.results || []).filter(r => r.passed === false && r.impact === 'high').length;
   let scoreExplanation;
   if (result.score >= 90) {
-    scoreExplanation = 'Excellent setup — production-ready governance';
+    scoreExplanation = t('audit.excellent');
   } else if (result.score >= 70) {
-    scoreExplanation = `Strong setup — ${_critCount} critical items to address`;
+    scoreExplanation = t('audit.strong', { count: _critCount });
   } else if (result.score >= 50) {
-    scoreExplanation = `Good foundation — ${_critCount + _highCount} items need attention`;
+    scoreExplanation = t('audit.good', { count: _critCount + _highCount });
   } else if (result.score >= 30) {
     // Find weakest category (most failures)
     const catFailures = {};
@@ -901,9 +902,9 @@ function printLiteAudit(result, dir) {
       catFailures[cat] = (catFailures[cat] || 0) + 1;
     });
     const weakestCategory = Object.keys(catFailures).sort((a, b) => catFailures[b] - catFailures[a])[0] || 'config';
-    scoreExplanation = `Basic setup — significant gaps in ${weakestCategory}`;
+    scoreExplanation = t('audit.basic', { category: weakestCategory });
   } else {
-    scoreExplanation = 'Early stage — run `nerviq setup` to bootstrap your config';
+    scoreExplanation = t('audit.early');
   }
   console.log(colorize(`  ${scoreExplanation}`, 'dim'));
 
@@ -1233,10 +1234,10 @@ async function audit(options) {
 
   // Display results
   console.log('');
-  const auditTitle = spec.platform === 'codex' ? 'nerviq codex audit' : 'nerviq audit';
+  const auditTitle = spec.platform === 'codex' ? t('audit.codexTitle') : t('audit.title');
   console.log(colorize(`  ${auditTitle}`, 'bold'));
   console.log(colorize('  ═══════════════════════════════════════', 'dim'));
-  console.log(colorize(`  Scanning: ${options.dir}`, 'dim'));
+  console.log(colorize(`  ${t('audit.scanning', { dir: options.dir })}`, 'dim'));
   if (spec.platformVersion) {
     console.log(colorize(`  Platform: ${spec.platformLabel} (${spec.platformVersion})`, 'blue'));
   }

package/src/benchmark.js

@@ -321,9 +321,13 @@ function printBenchmark(report, options = {}) {
   console.log('  ═══════════════════════════════════════');
   console.log('  Runs in an isolated temp copy. Your current repo is not modified.');
   console.log('');
-  console.log(`  Before:  ${report.before.score}/100 (organic ${report.before.organicScore}/100)`);
-  console.log(`  After:   ${report.after.score}/100 (organic ${report.after.organicScore}/100)`);
-  console.log(`  Delta:   score ${report.delta.score >= 0 ? '+' : ''}${report.delta.score}, organic ${report.delta.organicScore >= 0 ? '+' : ''}${report.delta.organicScore}`);
+  const orgDeltaSign = report.delta.organicScore >= 0 ? '+' : '';
+  const totalDeltaSign = report.delta.score >= 0 ? '+' : '';
+  console.log(`  Organic improvement: \x1b[1m${orgDeltaSign}${report.delta.organicScore} points\x1b[0m (your actual config quality)`);
+  console.log(`  Total with nerviq setup: ${totalDeltaSign}${report.delta.score} points`);
+  console.log('');
+  console.log(`  Before:  organic ${report.before.organicScore}/100, total ${report.before.score}/100`);
+  console.log(`  After:   organic ${report.after.organicScore}/100, total ${report.after.score}/100`);
   console.log('');
   console.log(`  ${report.executiveSummary.headline}`);
   console.log(`  Recommendation: ${report.executiveSummary.decisionGuidance}`);

package/src/certification.js

@@ -37,10 +37,14 @@ async function certifyProject(dir) {
 
   // Run per-platform audits
   const platformScores = {};
+  const allAuditResults = [];
   for (const platform of platforms) {
     try {
       const result = await audit({ dir: resolvedDir, platform, silent: true });
       platformScores[platform] = result.score;
+      if (Array.isArray(result.results)) {
+        allAuditResults.push(...result.results);
+      }
     } catch {
       platformScores[platform] = 0;
     }
@@ -55,18 +59,36 @@ async function certifyProject(dir) {
     harmonyScore = 0;
   }
 
-  // Determine certification level
+  // Determine certification level with security gates
   const scores = Object.values(platformScores);
   const allAbove70 = scores.length > 0 && scores.every(s => s >= 70);
   const allAbove50 = scores.length > 0 && scores.every(s => s >= 50);
   const anyAbove40 = scores.some(s => s >= 40);
 
+  // Security gate helpers — check whether specific audit checks passed
+  const checkPassed = (key) => {
+    const match = allAuditResults.find(r => r.key === key);
+    return match ? match.passed === true : false;
+  };
+
+  const gitIgnoreOk = checkPassed('gitIgnoreEnv');
+  const secretsOk = checkPassed('secretsProtection');
+  const criticalAntiPatterns = allAuditResults.filter(
+    r => r.passed === false && r.impact === 'critical'
+  );
+  const noCriticalAntiPatterns = criticalAntiPatterns.length === 0;
+
+  // Bronze gate: score >= 40 AND basic security (gitignore + secrets protection)
+  const bronzeSecurityGate = gitIgnoreOk && secretsOk;
+  // Silver gate: Bronze requirements AND no critical anti-patterns
+  const silverSecurityGate = bronzeSecurityGate && noCriticalAntiPatterns;
+
   let level;
-  if (harmonyScore >= 80 && allAbove70) {
+  if (harmonyScore >= 80 && allAbove70 && silverSecurityGate) {
     level = LEVELS.GOLD;
-  } else if (harmonyScore >= 60 && allAbove50) {
+  } else if (harmonyScore >= 60 && allAbove50 && silverSecurityGate) {
     level = LEVELS.SILVER;
-  } else if (anyAbove40) {
+  } else if (anyAbove40 && bronzeSecurityGate) {
     level = LEVELS.BRONZE;
   } else {
     level = LEVELS.NONE;
@@ -80,6 +102,12 @@ async function certifyProject(dir) {
     platformScores,
     platforms,
     badge,
+    securityGates: {
+      gitIgnoreEnv: gitIgnoreOk,
+      secretsProtection: secretsOk,
+      noCriticalAntiPatterns,
+      criticalAntiPatternCount: criticalAntiPatterns.length,
+    },
   };
 }