@neurcode-ai/cli 0.9.49 → 0.9.59

package/dist/commands/verify.js

@@ -56,6 +56,7 @@ const project_root_1 = require("../utils/project-root");
 const brain_context_1 = require("../utils/brain-context");
 const scope_telemetry_1 = require("../utils/scope-telemetry");
 const plan_sync_1 = require("../utils/plan-sync");
+const intent_engine_1 = require("../intent-engine");
 const policy_packs_1 = require("../utils/policy-packs");
 const custom_policy_rules_1 = require("../utils/custom-policy-rules");
 const policy_exceptions_1 = require("../utils/policy-exceptions");
@@ -847,6 +848,16 @@ function toCanonicalVerifyOutput(payload) {
             addScopeIssue(file, message);
             continue;
         }
+        // Artifact presence/signature checks are advisory — they must never block a PR.
+        // Real governance signal (policy violations, scope drift) should not be obscured
+        // by infrastructure setup state.
+        const policyStr = String(policy || '').toLowerCase();
+        const isArtifactCheck = policyStr === 'deterministic_artifacts_required'
+            || policyStr === 'signed_artifacts_required';
+        if (isArtifactCheck) {
+            addWarning(file, message, policy);
+            continue;
+        }
         if (severity === 'warning' || severity === 'info') {
             addWarning(file, message, policy);
             continue;
@@ -942,9 +953,79 @@ function toCanonicalVerifyOutput(payload) {
             source: 'expedite',
         })),
     ]);
-    const blockingItems = expediteModeUsed ? expediteBlockingItems : defaultBlockingItems;
-    const advisoryItems = expediteModeUsed ? expediteItems : defaultAdvisoryItems;
+    // ── Intent issues and summary from engine ───────────────────────────────
+    const rawIntentIssues = Array.isArray(payload.intentIssues) ? payload.intentIssues : [];
+    const intentDomains = Array.isArray(payload.intentDomains) ? payload.intentDomains : [];
+    const intentSummary = (payload.intentSummary ?? null);
+    const rawFlowIssues = Array.isArray(payload.flowIssues) ? payload.flowIssues : [];
+    const rawRegressions = Array.isArray(payload.regressions) ? payload.regressions : [];
+    // High-severity intent issues become blocking; medium become advisory.
+    const intentBlockingTriageItems = rawIntentIssues
+        .filter((i) => i.severity === 'high')
+        .map((i) => ({
+        file: (i.files?.[0]) ?? 'intent-analysis',
+        message: i.message,
+        policy: i.rule,
+        severity: 'high',
+        source: 'violation',
+    }));
+    const intentAdvisoryTriageItems = rawIntentIssues
+        .filter((i) => i.severity === 'medium')
+        .map((i) => ({
+        file: (i.files?.[0]) ?? 'intent-analysis',
+        message: i.message,
+        policy: i.rule,
+        severity: 'warning',
+        source: 'warning',
+    }));
+    // V5: flow issues — high → blocking, medium → advisory
+    const flowBlockingTriageItems = rawFlowIssues
+        .filter((i) => i.severity === 'high')
+        .map((i) => ({
+        file: (i.files?.[0]) ?? 'flow-analysis',
+        message: i.message,
+        policy: i.rule,
+        severity: 'high',
+        source: 'violation',
+    }));
+    const flowAdvisoryTriageItems = rawFlowIssues
+        .filter((i) => i.severity === 'medium')
+        .map((i) => ({
+        file: (i.files?.[0]) ?? 'flow-analysis',
+        message: i.message,
+        policy: i.rule,
+        severity: 'warning',
+        source: 'warning',
+    }));
+    let blockingItems = expediteModeUsed ? expediteBlockingItems : defaultBlockingItems;
+    let advisoryItems = expediteModeUsed ? expediteItems : defaultAdvisoryItems;
+    if (intentBlockingTriageItems.length > 0) {
+        blockingItems = dedupeTriageItems([...blockingItems, ...intentBlockingTriageItems]);
+    }
+    if (intentAdvisoryTriageItems.length > 0) {
+        advisoryItems = dedupeTriageItems([...advisoryItems, ...intentAdvisoryTriageItems]);
+    }
+    if (flowBlockingTriageItems.length > 0) {
+        blockingItems = dedupeTriageItems([...blockingItems, ...flowBlockingTriageItems]);
+    }
+    if (flowAdvisoryTriageItems.length > 0) {
+        advisoryItems = dedupeTriageItems([...advisoryItems, ...flowAdvisoryTriageItems]);
+    }
+    // V6: regressions — always blocking
+    const regressionBlockingTriageItems = rawRegressions.map((r) => ({
+        file: 'regression-analysis',
+        message: r.message,
+        policy: r.rule,
+        severity: 'high',
+        source: 'violation',
+    }));
+    if (regressionBlockingTriageItems.length > 0) {
+        blockingItems = dedupeTriageItems([...regressionBlockingTriageItems, ...blockingItems]);
+    }
+    const grade = verdict === 'PASS' ? 'A' : verdict === 'WARN' ? 'C' : 'F';
     return {
+        grade,
+        score: violations.length === 0 && warnings.length === 0 && scopeIssues.length === 0 ? 100 : 0,
         verdict,
         summary: {
             totalFilesChanged,
@@ -959,6 +1040,11 @@ function toCanonicalVerifyOutput(payload) {
         advisoryCount: advisoryItems.length,
         blockingItems,
         advisoryItems,
+        intentIssues: rawIntentIssues,
+        intentDomains,
+        intentSummary,
+        flowIssues: rawFlowIssues,
+        regressions: rawRegressions,
         expediteModeUsed,
         expediteCount: expediteModeUsed ? expediteItems.length : 0,
         expediteItems: expediteModeUsed ? expediteItems : [],
@@ -1080,20 +1166,32 @@ function toAiDebtSummary(evaluation) {
             observed: item.observed,
             budget: item.budget,
             message: item.message,
+            ...(item.files && item.files.length > 0 ? { files: item.files } : {}),
         })),
     };
 }
+const ARCH_VIOLATION_CODES = new Set(['db_in_ui', 'missing_validation']);
 function toAiDebtReportViolations(summary) {
     if (summary.mode === 'off' || summary.violations.length === 0) {
         return [];
     }
-    const severity = summary.mode === 'enforce' ? 'block' : 'warn';
-    return summary.violations.map((item) => ({
-        rule: `ai_debt:${item.code}`,
-        file: '.neurcode/ai-debt-budget.json',
-        severity,
-        message: item.message,
-    }));
+    const defaultSeverity = summary.mode === 'enforce' ? 'block' : 'warn';
+    const result = [];
+    for (const item of summary.violations) {
+        // Architectural violations are always advisory (warn) — heuristic detection, not a hard block
+        const severity = ARCH_VIOLATION_CODES.has(item.code) ? 'warn' : defaultSeverity;
+        const rule = ARCH_VIOLATION_CODES.has(item.code) ? item.code : `ai_debt:${item.code}`;
+        const files = item.files && item.files.length > 0 ? item.files : null;
+        if (files) {
+            for (const file of files) {
+                result.push({ rule, file, severity, message: item.message });
+            }
+        }
+        else {
+            result.push({ rule, file: '.neurcode/ai-debt-budget.json', severity, message: item.message });
+        }
+    }
+    return result;
 }
 function parseSigningKeyRing(raw) {
     if (!raw || !raw.trim()) {
@@ -1649,6 +1747,9 @@ async function executePolicyOnlyMode(options, diffFiles, ignoreFilter, projectRo
     if (!options.json && effectiveRules.policyPack && effectiveRules.policyPackRules.length > 0) {
         console.log(chalk.dim(`   Evaluating policy pack: ${effectiveRules.policyPack.packName} (${effectiveRules.policyPack.packId}@${effectiveRules.policyPack.version}, ${effectiveRules.policyPackRules.length} rule(s))`));
     }
+    else if (!options.json && !effectiveRules.policyPack) {
+        console.log(chalk.dim('   No policy pack installed — run `neurcode policy install <pack>` to add governance rules'));
+    }
     const policyResult = (0, policy_engine_1.evaluateRules)(diffFilesForPolicy, effectiveRules.allRules);
     policyViolations = (policyResult.violations || []);
     policyViolations = policyViolations.filter((v) => !ignoreFilter(v.file));
@@ -1889,6 +1990,14 @@ async function verifyCommand(options) {
             emitCanonicalVerifyJson({
                 ...payload,
                 expediteMode: expediteModeEnabled,
+                // Intent engine results injected so every code-path gets them.
+                intentIssues: payload.intentIssues ?? intentEngineIssues,
+                intentDomains: payload.intentDomains ?? intentEngineDomains,
+                intentSummary: payload.intentSummary ?? intentEngineSummary,
+                // V5: flow issues injected alongside intent issues
+                flowIssues: payload.flowIssues ?? intentEngineFlowIssues,
+                // V6: regressions always injected
+                regressions: payload.regressions ?? intentEngineRegressions,
             });
         };
         if (!isGitRepository(projectRoot)) {
@@ -1930,10 +2039,10 @@ async function verifyCommand(options) {
         const explicitStrictArtifactMode = options.strictArtifacts === true ||
             isEnabledFlag(process.env.NEURCODE_VERIFY_STRICT_ARTIFACTS) ||
             isEnabledFlag(process.env.NEURCODE_ENTERPRISE_MODE);
-        const ciEnterpriseDefaultStrict = process.env.CI === 'true'
-            && !isEnabledFlag(process.env.NEURCODE_VERIFY_ALLOW_NON_STRICT_CI)
-            && Boolean(options.apiKey || process.env.NEURCODE_API_KEY);
-        const strictArtifactMode = explicitStrictArtifactMode || ciEnterpriseDefaultStrict;
+        // Strict artifact mode is only engaged when explicitly requested.
+        // Auto-enabling it in CI based on API key presence masked real violations
+        // by blocking early on missing artifacts before policy checks could run.
+        const strictArtifactMode = explicitStrictArtifactMode;
         const runtimeGuardArtifactPath = (0, runtime_guard_1.resolveRuntimeGuardPath)(projectRoot, options.runtimeGuard);
         const autoRuntimeGuardInStrict = strictArtifactMode
             && (0, fs_1.existsSync)(runtimeGuardArtifactPath)
@@ -1999,38 +2108,57 @@ async function verifyCommand(options) {
                 ]
                 : [],
         };
+        // Artifact presence warnings (advisory — missing artifacts fall back to runtime compilation).
+        // These must never cause an early exit; real governance signal should always be evaluated.
+        const artifactPresenceWarnings = [];
         if (strictArtifactMode) {
-            const strictErrors = [];
             if (!compiledPolicyRead.artifact) {
-                strictErrors.push(compiledPolicyRead.error
+                artifactPresenceWarnings.push(compiledPolicyRead.error
                     ? `Compiled policy artifact invalid (${compiledPolicyRead.error})`
                     : `Compiled policy artifact missing (${compiledPolicyRead.path})`);
             }
             if (!changeContractRead.contract) {
-                strictErrors.push(changeContractRead.error
+                artifactPresenceWarnings.push(changeContractRead.error
                     ? `Change contract artifact invalid (${changeContractRead.error})`
                     : `Change contract artifact missing (${changeContractRead.path})`);
             }
-            if (compiledPolicySignatureStatus
-                && !compiledPolicySignatureStatus.valid
-                && (requireSignedArtifacts || compiledPolicySignatureStatus.present)) {
-                strictErrors.push(`Compiled policy artifact signature validation failed (${compiledPolicySignatureStatus.issues.join('; ') || 'unknown issue'})`);
+            if (!options.json && artifactPresenceWarnings.length > 0) {
+                console.log(chalk.yellow('\n⚠️  Deterministic artifact(s) unavailable — falling back to runtime compilation'));
+                artifactPresenceWarnings.forEach((entry) => {
+                    console.log(chalk.yellow(`   • ${entry}`));
+                });
+                console.log(chalk.dim('   Governance will continue using runtime compilation. Artifact checks are advisory.\n'));
+            }
+        }
+        // Signature blocking distinguishes two cases:
+        // - Artifact has a signature that is INVALID (present=true, valid=false): this is a tamper
+        //   indicator and blocks when requireSignedArtifacts is set.
+        // - Artifact has NO signature (present=false): this is an unsigned artifact; advisory only,
+        //   never blocks — an unsigned artifact cannot be "tampered", only "not signed yet".
+        if (strictArtifactMode) {
+            const signatureBlockErrors = [];
+            if (requireSignedArtifacts
+                && compiledPolicySignatureStatus
+                && compiledPolicySignatureStatus.present
+                && !compiledPolicySignatureStatus.valid) {
+                signatureBlockErrors.push(`Compiled policy artifact signature validation failed (${compiledPolicySignatureStatus.issues.join('; ') || 'unknown issue'})`);
             }
-            if (changeContractSignatureStatus
-                && !changeContractSignatureStatus.valid
-                && (requireSignedArtifacts || changeContractSignatureStatus.present)) {
-                strictErrors.push(`Change contract artifact signature validation failed (${changeContractSignatureStatus.issues.join('; ') || 'unknown issue'})`);
+            if (requireSignedArtifacts
+                && changeContractSignatureStatus
+                && changeContractSignatureStatus.present
+                && !changeContractSignatureStatus.valid) {
+                signatureBlockErrors.push(`Change contract artifact signature validation failed (${changeContractSignatureStatus.issues.join('; ') || 'unknown issue'})`);
             }
-            if (strictErrors.length > 0) {
-                const message = `Strict artifact mode requires deterministic compiled-policy + change-contract artifacts.\n- ${strictErrors.join('\n- ')}`;
+            if (signatureBlockErrors.length > 0) {
+                const message = `Signed artifact enforcement failed — tampered or invalid signatures detected.\n- ${signatureBlockErrors.join('\n- ')}`;
                 if (options.json) {
                     emitVerifyJson({
                         grade: 'F',
                         score: 0,
                         verdict: 'FAIL',
-                        violations: strictErrors.map((entry) => ({
+                        violations: signatureBlockErrors.map((entry) => ({
                             file: entry.toLowerCase().includes('compiled policy') ? compiledPolicyRead.path : changeContractRead.path,
-                            rule: 'deterministic_artifacts_required',
+                            rule: 'signed_artifacts_required',
                             severity: 'block',
                             message: entry,
                         })),
@@ -2041,32 +2169,34 @@ async function verifyCommand(options) {
                         totalPlannedFiles: 0,
                         message,
                         scopeGuardPassed: false,
-                        mode: 'strict_artifacts_required',
+                        mode: 'signed_artifacts_required',
                         policyOnly: options.policyOnly === true,
                         changeContract: changeContractSummary,
                         ...(compiledPolicyMetadata ? { policyCompilation: compiledPolicyMetadata } : {}),
                     });
                 }
                 else {
-                    (0, scope_telemetry_1.printScopeTelemetry)(chalk, scopeTelemetry, {
-                        includeBlockedWarning: true,
-                    });
-                    console.log(chalk.red('\n⛔ Deterministic Artifact Requirements Failed'));
-                    strictErrors.forEach((entry) => {
+                    (0, scope_telemetry_1.printScopeTelemetry)(chalk, scopeTelemetry, { includeBlockedWarning: true });
+                    console.log(chalk.red('\n⛔ Signed Artifact Validation Failed'));
+                    signatureBlockErrors.forEach((entry) => {
                         console.log(chalk.red(`   • ${entry}`));
                     });
-                    console.log(chalk.dim('\nSet --compiled-policy and --change-contract with valid artifacts before verify.'));
-                    if (requireSignedArtifacts) {
-                        console.log(chalk.dim('Enable signing keys via NEURCODE_GOVERNANCE_SIGNING_KEY or NEURCODE_GOVERNANCE_SIGNING_KEYS to generate signed artifacts.\n'));
-                    }
-                    else {
-                        console.log('');
-                    }
+                    console.log(chalk.dim('\nRegenerate artifacts with valid signing keys: NEURCODE_GOVERNANCE_SIGNING_KEY or NEURCODE_GOVERNANCE_SIGNING_KEYS.\n'));
                 }
                 process.exit(2);
             }
+            // Advisory notice when artifact has a signature but signing is not required in this context.
+            if (!options.json) {
+                if (compiledPolicySignatureStatus && !compiledPolicySignatureStatus.valid && !requireSignedArtifacts) {
+                    console.log(chalk.yellow(`   ⚠️  Compiled policy signature could not be verified (${compiledPolicySignatureStatus.issues.join('; ') || 'key unavailable'}) — advisory only`));
+                }
+                if (changeContractSignatureStatus && !changeContractSignatureStatus.valid && !requireSignedArtifacts) {
+                    console.log(chalk.yellow(`   ⚠️  Change contract signature could not be verified (${changeContractSignatureStatus.issues.join('; ') || 'key unavailable'}) — advisory only`));
+                }
+            }
         }
         if (!strictArtifactMode && requireSignedArtifacts) {
+            // Non-strict mode with signing required: same signature gate applies.
             const signatureErrors = [];
             if (compiledPolicyRead.artifact && compiledPolicySignatureStatus && !compiledPolicySignatureStatus.valid) {
                 signatureErrors.push(`Compiled policy artifact signature validation failed (${compiledPolicySignatureStatus.issues.join('; ') || 'unknown issue'})`);
@@ -2101,13 +2231,9 @@ async function verifyCommand(options) {
                     });
                 }
                 else {
-                    (0, scope_telemetry_1.printScopeTelemetry)(chalk, scopeTelemetry, {
-                        includeBlockedWarning: true,
-                    });
+                    (0, scope_telemetry_1.printScopeTelemetry)(chalk, scopeTelemetry, { includeBlockedWarning: true });
                     console.log(chalk.red('\n⛔ Signed Artifact Requirements Failed'));
-                    signatureErrors.forEach((entry) => {
-                        console.log(chalk.red(`   • ${entry}`));
-                    });
+                    signatureErrors.forEach((entry) => console.log(chalk.red(`   • ${entry}`)));
                     console.log(chalk.dim('\nEnable signing keys via NEURCODE_GOVERNANCE_SIGNING_KEY or NEURCODE_GOVERNANCE_SIGNING_KEYS and regenerate artifacts.\n'));
                 }
                 process.exit(2);
@@ -2145,9 +2271,6 @@ async function verifyCommand(options) {
                     console.log(chalk.yellow(`   Change contract signature: invalid (${changeContractSignatureStatus.issues.join('; ') || 'unknown issue'})`));
                 }
             }
-            if (ciEnterpriseDefaultStrict && !explicitStrictArtifactMode) {
-                console.log(chalk.dim('   CI enterprise mode detected: strict deterministic artifact enforcement is auto-enabled (set NEURCODE_VERIFY_ALLOW_NON_STRICT_CI=1 to opt out).'));
-            }
             if (autoRuntimeGuardInStrict && !options.requireRuntimeGuard && !isEnabledFlag(process.env.NEURCODE_VERIFY_REQUIRE_RUNTIME_GUARD)) {
                 console.log(chalk.dim(`   Strict mode detected runtime guard artifact: auto-enforcing runtime guard (${runtimeGuardArtifactPath}).`));
             }
@@ -2912,6 +3035,11 @@ async function verifyCommand(options) {
         let governanceResult = null;
         let planFilesForVerification = [];
         let intentConstraintsForVerification;
+        let intentEngineIssues = [];
+        let intentEngineDomains = [];
+        let intentEngineSummary = null;
+        let intentEngineFlowIssues = [];
+        let intentEngineRegressions = [];
         try {
             // Step A: Get Modified Files (already have from diffFiles)
             const modifiedFiles = diffFiles.map(f => f.path);
@@ -2955,6 +3083,23 @@ async function verifyCommand(options) {
             }
             planFilesForVerification = [...new Set([...planFiles, ...localPlanExpectedFiles])];
             intentConstraintsForVerification = originalIntent || undefined;
+            // ── Intent-Aware Engine ─────────────────────────────────────────────
+            // Run once we have both diffFiles and the resolved intent text.
+            // Stored in outer scope so all emitCanonicalVerifyJson call sites can
+            // include the result in their payloads without repeating the computation.
+            if (intentConstraintsForVerification && diffFiles.length > 0) {
+                try {
+                    const engineResult = (0, intent_engine_1.runIntentEngine)(intentConstraintsForVerification, diffFiles, projectRoot);
+                    intentEngineIssues = engineResult.intentIssues;
+                    intentEngineDomains = engineResult.checkedDomains;
+                    intentEngineSummary = engineResult.intentSummary;
+                    intentEngineFlowIssues = engineResult.flowIssues;
+                    intentEngineRegressions = engineResult.regressions;
+                }
+                catch {
+                    // Non-fatal: intent engine errors must never break verification
+                }
+            }
             governanceResult = (0, governance_1.evaluateGovernance)({
                 projectRoot,
                 task: governanceTask,
@@ -3058,6 +3203,9 @@ async function verifyCommand(options) {
                         mode: 'plan_enforced',
                         policyOnly: false,
                         aiDebt: aiDebtSummaryForScope,
+                        intentIssues: intentEngineIssues,
+                        intentDomains: intentEngineDomains,
+                        intentSummary: intentEngineSummary,
                         ...(expediteModeEnabled ? { expediteMode: true } : {}),
                         ...(governanceResult
                             ? buildGovernancePayload(governanceResult, orgGovernanceSettings, {
@@ -3133,6 +3281,42 @@ async function verifyCommand(options) {
                     if (governanceResult) {
                         displayGovernanceInsights(governanceResult, { explain: options.explain });
                     }
+                    // ── Intent Status in scope-violation path ──────────────────────
+                    if (intentEngineSummary) {
+                        const s = intentEngineSummary;
+                        const domainLabel = s.domain.charAt(0).toUpperCase() + s.domain.slice(1);
+                        const confColor = s.confidence === 'HIGH' ? chalk.green : s.confidence === 'MEDIUM' ? chalk.yellow : chalk.red;
+                        const wCovPct = s.weightedCoverage != null ? Math.round(s.weightedCoverage * 100) : s.coveragePct;
+                        const filled = Math.round((wCovPct / 100) * 20);
+                        const bar = chalk.cyan('█'.repeat(filled)) + chalk.dim('░'.repeat(20 - filled));
+                        const sysStatus = s.status;
+                        const statusLabel = sysStatus === 'CRITICAL' ? chalk.bold.red('[CRITICAL]') : sysStatus === 'AT RISK' ? chalk.bold.yellow('[AT RISK]') : chalk.bold.green('[SECURE]');
+                        console.log(chalk.bold('\n━━━ INTENT STATUS ━━━━━━━━━━━━━━━━━━━━━━'));
+                        console.log(`  ${statusLabel} ${chalk.bold(`${domainLabel} Implementation:`)} ${bar} ${chalk.bold(`${wCovPct}%`)} (weighted)`);
+                        console.log(`  Confidence: ${confColor(s.confidence)}`);
+                        const critMissing = s.criticalMissing ?? [];
+                        const otherMissing = s.missing.filter((k) => !critMissing.includes(k));
+                        if (critMissing.length > 0) {
+                            console.log(`  ${chalk.bold.red('Critical missing:')}`);
+                            critMissing.forEach((k) => { const label = k.split('-').map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join(' '); console.log(chalk.red(`    ✗ ${label}`)); });
+                        }
+                        if (otherMissing.length > 0) {
+                            console.log(`  ${chalk.bold.yellow('Missing:')}`);
+                            otherMissing.forEach((k) => { const label = k.split('-').map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join(' '); console.log(chalk.yellow(`    • ${label}`)); });
+                        }
+                        if (critMissing.length === 0 && otherMissing.length === 0) {
+                            console.log(`  Missing: ${chalk.green('none — all components detected')}`);
+                        }
+                        console.log(chalk.bold('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+                    }
+                    if (intentEngineRegressions.length > 0) {
+                        console.log(chalk.bold.red('\n━━━ REGRESSION ANALYSIS ━━━━━━━━━━━━━━━━━'));
+                        intentEngineRegressions.forEach((reg) => {
+                            const icon = reg.type === 'coverage-regression' ? '📉' : reg.type === 'critical-regression' ? '🔴' : reg.type === 'flow-regression' ? '⛓' : '⚠';
+                            console.log(`  ${chalk.red('[REGRESSION]')} ${icon} ${reg.message}`);
+                        });
+                        console.log(chalk.bold.red('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+                    }
                     console.log('');
                     await recordVerificationIfRequested(options, config, {
                         grade: 'F',
@@ -3523,6 +3707,9 @@ async function verifyCommand(options) {
         if (!options.json && effectiveRules.policyPack && effectiveRules.policyPackRules.length > 0) {
             console.log(chalk.dim(`   Evaluating policy pack: ${effectiveRules.policyPack.packName} (${effectiveRules.policyPack.packId}@${effectiveRules.policyPack.version}, ${effectiveRules.policyPackRules.length} rule(s))`));
         }
+        else if (!options.json && !effectiveRules.policyPack) {
+            console.log(chalk.dim('   No policy pack installed — run `neurcode policy install <pack>` to add governance rules'));
+        }
         // Prepare diff stats and changed files for API
         const diffStats = {
             totalAdded: summary.totalAdded,
@@ -3984,7 +4171,7 @@ async function verifyCommand(options) {
                     message: effectiveMessage,
                     bloatFiles: displayBloatFiles,
                     bloatCount: displayBloatFiles.length,
-                }, policyViolations, expediteModeEnabled);
+                }, policyViolations, expediteModeEnabled, intentEngineIssues, intentEngineSummary, intentEngineFlowIssues, intentEngineRegressions);
                 if (governanceResult) {
                     displayGovernanceInsights(governanceResult, { explain: options.explain });
                 }
@@ -4514,15 +4701,69 @@ function displayChangeContractDrift(summary, options = { advisory: false }) {
 /**
  * Display verification results in a formatted report card
  */
-function displayVerifyResults(result, policyViolations, expediteModeUsed = false) {
-    const verdictLabel = result.verdict === 'PASS'
-        ? chalk.green('PASS ✅')
+function displayVerifyResults(result, policyViolations, expediteModeUsed = false, intentIssuesForDisplay = [], intentSummaryForDisplay = null, flowIssuesForDisplay = [], regressionsForDisplay = []) {
+    // ── Header ────────────────────────────────────────────────────────────────
+    const headerLabel = result.verdict === 'PASS'
+        ? chalk.bold.green('\n✅ VERIFICATION PASSED')
         : result.verdict === 'WARN'
-            ? chalk.yellow('WARN ⚠️')
-            : chalk.red('FAIL ❌');
-    const plannedText = `${result.plannedFilesModified}/${result.totalPlannedFiles}`;
-    console.log(`\n${verdictLabel}`);
-    console.log(chalk.dim(`Plan adherence: ${plannedText} files (${result.adherenceScore}%)`));
+            ? chalk.bold.yellow('\n⚠️  VERIFICATION PASSED WITH WARNINGS')
+            : chalk.bold.red('\n❌ VERIFICATION FAILED');
+    console.log(headerLabel);
+    // ── Intent Status block ──────────────────────────────────────────────────
+    if (intentSummaryForDisplay) {
+        const s = intentSummaryForDisplay;
+        const domainLabel = s.domain.charAt(0).toUpperCase() + s.domain.slice(1);
+        const confColor = s.confidence === 'HIGH'
+            ? chalk.green
+            : s.confidence === 'MEDIUM'
+                ? chalk.yellow
+                : chalk.red;
+        // V4: weighted coverage bar
+        const wCovPct = s.weightedCoverage != null
+            ? Math.round(s.weightedCoverage * 100)
+            : s.coveragePct;
+        const barWidth = 20;
+        const filled = Math.round((wCovPct / 100) * barWidth);
+        const bar = chalk.cyan('█'.repeat(filled)) + chalk.dim('░'.repeat(barWidth - filled));
+        // V4: system status label
+        const sysStatus = s.status;
+        const statusLabel = sysStatus === 'CRITICAL'
+            ? chalk.bold.red('[CRITICAL]')
+            : sysStatus === 'AT RISK'
+                ? chalk.bold.yellow('[AT RISK]')
+                : chalk.bold.green('[SECURE]');
+        console.log(chalk.bold('\n━━━ INTENT STATUS ━━━━━━━━━━━━━━━━━━━━━━'));
+        console.log(`  ${statusLabel} ${chalk.bold(`${domainLabel} Implementation:`)} ${bar} ${chalk.bold(`${wCovPct}%`)} (weighted)`);
+        console.log(`  Confidence: ${confColor(s.confidence)}`);
+        if (s.foundList.length > 0) {
+            const foundLabels = s.foundList
+                .map((k) => k.split('-').map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join(' '))
+                .slice(0, 4);
+            console.log(`  Found:   ${chalk.green(foundLabels.join(', '))}${s.foundList.length > 4 ? chalk.dim(` +${s.foundList.length - 4} more`) : ''}`);
+        }
+        // V4: show critical missing and non-critical missing separately
+        const critMissing = s.criticalMissing ?? [];
+        const otherMissing = s.missing.filter((k) => !critMissing.includes(k));
+        if (critMissing.length > 0) {
+            console.log(`  ${chalk.bold.red('Critical missing:')}`);
+            critMissing.forEach((k) => {
+                const label = k.split('-').map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join(' ');
+                console.log(chalk.red(`    ✗ ${label}`));
+            });
+        }
+        if (otherMissing.length > 0) {
+            console.log(`  ${chalk.bold.yellow('Missing:')}`);
+            otherMissing.forEach((k) => {
+                const label = k.split('-').map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join(' ');
+                console.log(chalk.yellow(`    • ${label}`));
+            });
+        }
+        if (critMissing.length === 0 && otherMissing.length === 0) {
+            console.log(`  Missing: ${chalk.green('none — all components detected')}`);
+        }
+        console.log(chalk.bold('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+    }
+    // ── Triage items ──────────────────────────────────────────────────────────
     const maxBlockingItems = 20;
     const maxAdvisoryItems = 8;
     const maxExpediteItems = 12;
@@ -4580,6 +4821,31 @@ function displayVerifyResults(result, policyViolations, expediteModeUsed = false
         ];
         advisoryItems = [];
     }
+    // ── Counts ────────────────────────────────────────────────────────────────
+    console.log(blockingItems.length > 0
+        ? chalk.red(`Blocking Issues: ${blockingItems.length}`)
+        : chalk.dim('Blocking Issues: 0'));
+    if (expediteModeUsed) {
+        console.log(chalk.yellow(`Expedite Issues: ${expediteItems.length}`));
+    }
+    else {
+        console.log(advisoryItems.length > 0
+            ? chalk.yellow(`Advisory Issues: ${advisoryItems.length}`)
+            : chalk.dim('Advisory Issues: 0'));
+    }
+    console.log(chalk.dim(`Plan adherence: ${result.plannedFilesModified}/${result.totalPlannedFiles} files (${result.adherenceScore}%)`));
+    // ── Top issues ────────────────────────────────────────────────────────────
+    const topIssues = [
+        ...blockingItems,
+        ...(expediteModeUsed ? expediteItems : advisoryItems),
+    ].slice(0, 2);
+    if (topIssues.length > 0) {
+        console.log(chalk.bold('\nTop Issues:'));
+        topIssues.forEach((item, i) => {
+            console.log(`  ${i + 1}. ${item.message} → ${chalk.cyan(item.file)}`);
+        });
+    }
+    // ── Detailed lists ────────────────────────────────────────────────────────
     if (blockingItems.length > 0) {
         console.log(chalk.red(`\nBLOCKING (${blockingItems.length})`));
         blockingItems.slice(0, maxBlockingItems).forEach((item) => {
@@ -4612,21 +4878,56 @@ function displayVerifyResults(result, policyViolations, expediteModeUsed = false
         });
         console.log(chalk.dim('  Note: Expedite Mode used'));
     }
-    if (blockingItems.length === 0 && advisoryItems.length === 0 && expediteItems.length === 0) {
-        console.log(chalk.green('\nNo drift detected.'));
+    // ── Intent issues ─────────────────────────────────────────────────────────
+    if (intentIssuesForDisplay.length > 0) {
+        console.log(chalk.magenta(`\nINTENT ISSUES (${intentIssuesForDisplay.length})`));
+        intentIssuesForDisplay.forEach((issue) => {
+            const label = issue.severity === 'high' ? chalk.red('[HIGH]') : chalk.yellow('[MEDIUM]');
+            const typeLabel = issue.type === 'missing' ? 'Missing' : issue.type === 'misplaced' ? 'Misplaced' : 'Partial';
+            console.log(`  ${label} ${typeLabel}: ${issue.message}`);
+        });
     }
-    const filesTouched = new Set([
-        ...blockingItems.map((item) => item.file),
-        ...advisoryItems.map((item) => item.file),
-        ...expediteItems.map((item) => item.file),
-    ]).size;
-    if (expediteModeUsed) {
-        console.log(chalk.dim(`\nSummary: ${blockingItems.length} blocking issues, ${expediteItems.length} expedite issues across ${filesTouched} files`));
+    // ── Flow Validation ───────────────────────────────────────────────────────
+    if (flowIssuesForDisplay.length > 0) {
+        console.log(chalk.bold('\n━━━ FLOW VALIDATION ━━━━━━━━━━━━━━━━━━━━━'));
+        flowIssuesForDisplay.forEach((issue) => {
+            const label = issue.severity === 'high' ? chalk.red('[HIGH]') : chalk.yellow('[MEDIUM]');
+            const typeIcon = issue.type === 'missing-flow' ? '⛓' : issue.type === 'misplaced-flow' ? '⚠' : '⊘';
+            console.log(`  ${label} ${typeIcon} ${issue.message}`);
+            if (issue.files && issue.files.length > 0) {
+                const display = issue.files.slice(0, 3);
+                console.log(chalk.dim(`      → ${display.join(', ')}${issue.files.length > 3 ? ` +${issue.files.length - 3} more` : ''}`));
+            }
+        });
+        console.log(chalk.bold('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
     }
-    else {
-        console.log(chalk.dim(`\nSummary: ${blockingItems.length} blocking issues, ${advisoryItems.length} advisory issues across ${filesTouched} files`));
+    // ── Regression Analysis ───────────────────────────────────────────────────
+    if (regressionsForDisplay.length > 0) {
+        console.log(chalk.bold.red('\n━━━ REGRESSION ANALYSIS ━━━━━━━━━━━━━━━━━'));
+        regressionsForDisplay.forEach((reg) => {
+            const icon = reg.type === 'coverage-regression' ? '📉' :
+                reg.type === 'critical-regression' ? '🔴' :
+                    reg.type === 'flow-regression' ? '⛓' : '⚠';
+            console.log(`  ${chalk.red('[REGRESSION]')} ${icon} ${reg.message}`);
+        });
+        console.log(chalk.bold.red('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+    }
+    const hasAnyIssue = blockingItems.length > 0 ||
+        advisoryItems.length > 0 ||
+        expediteItems.length > 0 ||
+        intentIssuesForDisplay.length > 0 ||
+        flowIssuesForDisplay.length > 0 ||
+        regressionsForDisplay.length > 0;
+    if (!hasAnyIssue) {
+        console.log(chalk.green('\nNo issues detected.'));
+    }
+    // ── Next step ─────────────────────────────────────────────────────────────
+    if (hasAnyIssue) {
+        console.log(chalk.bold('\nNext step:'));
+        console.log(`  ${chalk.cyan('neurcode fix')}`);
+        console.log(chalk.dim('  or: neurcode fix --apply-safe  (auto-apply high-confidence patches)'));
     }
-    console.log(chalk.dim(`Details: ${result.message}\n`));
+    console.log(chalk.dim(`\nDetails: ${result.message}\n`));
 }
 function printFirstRunAdvisoryMessage(demoMode) {
     console.log(chalk.cyan('\nNeurcode first-run advisory mode'));