@panguard-ai/panguard 0.3.1 → 0.3.3

package/dist/cli/interactive.js

@@ -1,7 +1,7 @@
 /**
  * Panguard AI - Interactive CLI Mode
  *
- * Number-key menu [0]-[7] with panguard > prompt for text commands.
+ * Number-key menu [0]-[8] with panguard > prompt for text commands.
  * Box-bordered status panel, breadcrumb navigation, no "press any key" interrupts.
  *
  * @module @panguard-ai/panguard/cli/interactive
@@ -79,11 +79,11 @@ const MENU_DEFS = [
         key: 'report',
         icon: '\u25A0',
         number: 2,
-        en: 'Compliance Report',
-        zh: '\u5408\u898F\u5831\u544A',
-        enDesc: 'Generate ISO 27001, SOC 2, TW Cyber Security Act reports',
-        zhDesc: '\u7522\u751F ISO 27001\u3001SOC 2\u3001\u8CC7\u5B89\u7BA1\u7406\u6CD5\u5408\u898F\u5831\u544A',
-        tierBadge: '[PRO]',
+        en: 'Compliance Report [Coming Soon]',
+        zh: '\u5408\u898F\u5831\u544A [\u5373\u5C07\u63A8\u51FA]',
+        enDesc: 'ISO 27001, SOC 2, TW Cyber Security Act — under development',
+        zhDesc: 'ISO 27001\u3001SOC 2\u3001\u8CC7\u5B89\u7BA1\u7406\u6CD5 \u2014 \u958B\u767C\u4E2D',
+        tierBadge: '',
         featureKey: 'report',
     },
     {
@@ -101,11 +101,11 @@ const MENU_DEFS = [
         key: 'trap',
         icon: '\u00B7',
         number: 4,
-        en: 'Honeypot System',
-        zh: '\u871C\u7F50\u7CFB\u7D71',
-        enDesc: 'Detect and profile attackers with decoy services',
-        zhDesc: '\u5373\u770B\u5373\u8B58\u99ED\u5BA2\uFF0C\u5206\u6790\u653B\u64CA\u8005\u884C\u70BA',
-        tierBadge: '[PRO]',
+        en: 'Honeypot System [Coming Soon]',
+        zh: '\u871C\u7F50\u7CFB\u7D71 [\u5373\u5C07\u63A8\u51FA]',
+        enDesc: 'Decoy services to detect attackers — under development',
+        zhDesc: '\u8A98\u990C\u670D\u52D9\u5075\u6E2C\u653B\u64CA\u8005 \u2014 \u958B\u767C\u4E2D',
+        tierBadge: '',
         featureKey: 'trap',
     },
     {
@@ -116,7 +116,7 @@ const MENU_DEFS = [
         zh: '\u901A\u77E5\u7CFB\u7D71',
         enDesc: 'LINE, Telegram, Slack, Email, Webhook channels',
         zhDesc: 'LINE\u3001Telegram\u3001Slack\u3001Email\u3001Webhook \u901A\u77E5\u7BA1\u9053',
-        tierBadge: '[STARTER]',
+        tierBadge: '',
         featureKey: 'notify',
     },
     {
@@ -127,7 +127,7 @@ const MENU_DEFS = [
         zh: '\u5A01\u8105\u60C5\u5831',
         enDesc: 'Threat intelligence REST API server',
         zhDesc: '\u5A01\u8105\u60C5\u5831 REST API \u4F3A\u670D\u52D9',
-        tierBadge: '[ENT]',
+        tierBadge: '',
         featureKey: 'threat-cloud',
     },
     {
@@ -141,8 +141,32 @@ const MENU_DEFS = [
         tierBadge: '',
         featureKey: 'demo',
     },
+    {
+        key: 'audit',
+        icon: '\u25A0',
+        number: 8,
+        en: 'Skill Auditor',
+        zh: '\u6280\u80FD\u5BE9\u8A08',
+        enDesc: 'Audit AI agent skills for security issues',
+        zhDesc: '\u5BE9\u8A08 AI \u4EE3\u7406\u6280\u80FD\u7684\u5B89\u5168\u554F\u984C',
+        tierBadge: '',
+        featureKey: 'audit',
+    },
 ];
 // ---------------------------------------------------------------------------
+// MCP detection helper
+// ---------------------------------------------------------------------------
+async function isMCPConfigured() {
+    try {
+        const mcpConfig = await import('@panguard-ai/panguard-mcp/config');
+        const platforms = await mcpConfig.detectPlatforms();
+        return platforms.some((p) => p.detected && p.alreadyConfigured);
+    }
+    catch {
+        return false;
+    }
+}
+// ---------------------------------------------------------------------------
 // Guard process helpers
 // ---------------------------------------------------------------------------
 function isGuardRunning() {
@@ -223,20 +247,18 @@ function showHelp() {
     const menuTitle = currentLang === 'zh-TW' ? '\u4E3B\u9078\u55AE' : 'Main Menu';
     console.log(`  ${c.sage(menuTitle)}`);
     console.log(c.dim(currentLang === 'zh-TW'
-        ? '  [0]-[7]  \u6309\u6578\u5B57\u9375\u5373\u523B\u9078\u64C7\uFF08\u4E0D\u9700\u6309 Enter\uFF09'
-        : '  [0]-[7]  Press number key to select instantly (no Enter needed)'));
+        ? '  [0]-[8]  \u6309\u6578\u5B57\u9375\u5373\u523B\u9078\u64C7\uFF08\u4E0D\u9700\u6309 Enter\uFF09'
+        : '  [0]-[8]  Press number key to select instantly (no Enter needed)'));
     console.log('');
     const promptTitle = currentLang === 'zh-TW' ? '\u6587\u5B57\u6307\u4EE4' : 'Text Commands';
     console.log(`  ${c.sage(promptTitle)}`);
     const cmds = [
+        { cmd: 'setup', en: 'Connect AI agents via MCP', zh: '\u900F\u904E MCP \u9023\u63A5 AI \u4EE3\u7406' },
+        { cmd: 'audit', en: 'Audit AI agent skills', zh: '\u5BE9\u8A08 AI \u4EE3\u7406\u6280\u80FD' },
         { cmd: 'status', en: 'System status overview', zh: '\u7CFB\u7D71\u72C0\u614B\u7E3D\u89BD' },
-        { cmd: 'login', en: 'Account login', zh: '\u5E33\u865F\u767B\u5165' },
-        { cmd: 'logout', en: 'Account logout', zh: '\u767B\u51FA' },
         { cmd: 'config', en: 'Settings management', zh: '\u8A2D\u5B9A\u7BA1\u7406' },
-        { cmd: 'upgrade', en: 'Upgrade plan', zh: '\u5347\u7D1A\u65B9\u6848' },
         { cmd: 'hardening', en: 'Security hardening', zh: '\u5B89\u5168\u52A0\u56FA' },
         { cmd: 'doctor', en: 'Health diagnostics', zh: '\u5065\u5EB7\u8A3A\u65B7' },
-        { cmd: 'whoami', en: 'Current account info', zh: '\u986F\u793A\u7576\u524D\u5E33\u865F' },
         { cmd: 'help', en: 'Show this help', zh: '\u986F\u793A\u6B64\u8AAA\u660E' },
     ];
     for (const { cmd, en, zh } of cmds) {
@@ -283,12 +305,24 @@ export async function startInteractive(lang) {
     process.on('SIGINT', exit);
     process.on('SIGTERM', exit);
     renderStartup();
-    // First-time user hint
+    // First-time user hint — detect MCP status and guide user
+    const mcpConfigured = await isMCPConfigured();
     if (!existsSync(CONFIG_PATH)) {
-        const hint = currentLang === 'zh-TW'
-            ? `  ${c.sage('\u25C6')} \u9996\u6B21\u4F7F\u7528\uFF1F\u5EFA\u8B70\u6309 [0] \u57F7\u884C\u521D\u59CB\u8A2D\u5B9A\u6216\u6309 [7] \u529F\u80FD\u5C55\u793A`
-            : `  ${c.sage('\u25C6')} First time? Press [0] for Setup Wizard or [7] for Auto Demo`;
-        console.log(hint);
+        console.log(currentLang === 'zh-TW'
+            ? `  ${c.sage('\u25C6')} \u9996\u6B21\u4F7F\u7528\uFF1F\u5EFA\u8B70\u6D41\u7A0B\uFF1A`
+            : `  ${c.sage('\u25C6')} First time? Recommended flow:`);
+        console.log(currentLang === 'zh-TW'
+            ? `    ${c.sage('[0]')} \u521D\u59CB\u8A2D\u5B9A \u2192 \u81EA\u52D5\u9023\u63A5 AI \u4EE3\u7406 + \u6280\u80FD\u5BE9\u8A08 + \u6383\u63CF`
+            : `    ${c.sage('[0]')} Setup Wizard \u2192 auto-connect AI agents + skill audit + scan`);
+        console.log(currentLang === 'zh-TW'
+            ? `    ${c.sage('[8]')} \u6280\u80FD\u5BE9\u8A08 \u2192 \u5BE9\u8A08\u5DF2\u5B89\u88DD AI \u6280\u80FD\u7684\u5B89\u5168\u554F\u984C`
+            : `    ${c.sage('[8]')} Skill Auditor \u2192 check installed AI skills for security issues`);
+        console.log('');
+    }
+    else if (!mcpConfigured) {
+        console.log(currentLang === 'zh-TW'
+            ? `  ${c.sage('\u25C6')} AI \u4EE3\u7406\u5C1A\u672A\u9023\u63A5\u3002\u57F7\u884C ${c.sage('panguard setup')} \u6216\u6309 ${c.sage('[0]')} \u9023\u63A5 Claude Code\u3001Cursor \u7B49\u5E73\u53F0\u3002`
+            : `  ${c.sage('\u25C6')} AI agents not connected. Run ${c.sage('panguard setup')} or press ${c.sage('[0]')} to connect Claude Code, Cursor, etc.`);
         console.log('');
     }
     // Main loop
@@ -362,16 +396,11 @@ async function dispatchCommand(text) {
             renderStartup();
             return true;
         case 'login':
-            console.clear();
-            await actionLogin();
-            await new Promise((r) => setTimeout(r, 500));
-            renderStartup();
-            return true;
         case 'logout': {
             console.clear();
-            const { logoutCommand } = await import('./commands/logout.js');
-            const cmd = logoutCommand();
-            await cmd.parseAsync(['logout'], { from: 'user' });
+            console.log('');
+            console.log('  Authentication removed. All features are free and open source.');
+            console.log('');
             await new Promise((r) => setTimeout(r, 500));
             renderStartup();
             return true;
@@ -382,12 +411,15 @@ async function dispatchCommand(text) {
             await new Promise((r) => setTimeout(r, 500));
             renderStartup();
             return true;
-        case 'upgrade':
+        case 'upgrade': {
             console.clear();
-            await actionUpgrade();
+            console.log('');
+            console.log('  All features are free and open source.');
+            console.log('');
             await new Promise((r) => setTimeout(r, 500));
             renderStartup();
             return true;
+        }
         case 'hardening':
             console.clear();
             await actionHardening();
@@ -408,9 +440,22 @@ async function dispatchCommand(text) {
             return true;
         case 'whoami': {
             console.clear();
-            const { whoamiCommand } = await import('./commands/whoami.js');
-            const cmd = whoamiCommand();
-            await cmd.parseAsync(['whoami'], { from: 'user' });
+            console.log('');
+            console.log('  All features available (no login required).');
+            console.log('');
+            await new Promise((r) => setTimeout(r, 500));
+            renderStartup();
+            return true;
+        }
+        case 'audit':
+            console.clear();
+            await actionAudit();
+            await new Promise((r) => setTimeout(r, 500));
+            renderStartup();
+            return true;
+        case 'setup': {
+            console.clear();
+            await actionMCPSetup();
             await new Promise((r) => setTimeout(r, 500));
             renderStartup();
             return true;
@@ -451,6 +496,9 @@ async function dispatch(key) {
         case 'demo':
             await actionDemo();
             break;
+        case 'audit':
+            await actionAudit();
+            break;
     }
 }
 // ---------------------------------------------------------------------------
@@ -462,6 +510,110 @@ async function actionInit() {
     await runInitWizard(currentLang);
 }
 // ---------------------------------------------------------------------------
+// Text command: setup (MCP-only, for users who already have config)
+// ---------------------------------------------------------------------------
+async function actionMCPSetup() {
+    breadcrumb(['Panguard', currentLang === 'zh-TW' ? 'MCP \u8A2D\u5B9A' : 'MCP Setup']);
+    const title = currentLang === 'zh-TW' ? 'AI \u4EE3\u7406\u9023\u63A5 (MCP)' : 'AI Agent Connection (MCP)';
+    console.log(`  ${theme.brandBold(title)}`);
+    console.log('');
+    const { spinner: sp } = await import('@panguard-ai/core');
+    const detectSp = sp(currentLang === 'zh-TW'
+        ? '\u6B63\u5728\u5075\u6E2C AI \u4EE3\u7406\u5E73\u53F0...'
+        : 'Detecting AI agent platforms...');
+    try {
+        const mcpConfig = await import('@panguard-ai/panguard-mcp/config');
+        const platforms = await mcpConfig.detectPlatforms();
+        const detected = platforms.filter((p) => p.detected);
+        const unconfigured = detected.filter((p) => !p.alreadyConfigured);
+        if (detected.length === 0) {
+            detectSp.warn(currentLang === 'zh-TW'
+                ? '\u672A\u5075\u6E2C\u5230\u4EFB\u4F55 AI \u4EE3\u7406\u5E73\u53F0'
+                : 'No AI agent platforms detected');
+            console.log('');
+            console.log(c.dim(currentLang === 'zh-TW'
+                ? '  \u652F\u63F4\u5E73\u53F0: Claude Code, Cursor, OpenClaw, Codex, WorkBuddy, NemoClaw, Claude Desktop'
+                : '  Supported: Claude Code, Cursor, OpenClaw, Codex, WorkBuddy, NemoClaw, Claude Desktop'));
+            return;
+        }
+        detectSp.succeed(currentLang === 'zh-TW'
+            ? `\u5075\u6E2C\u5230 ${detected.length} \u500B\u5E73\u53F0`
+            : `Found ${detected.length} platform(s)`);
+        console.log('');
+        // Show all platforms
+        for (const p of platforms) {
+            const status = p.detected
+                ? p.alreadyConfigured
+                    ? c.safe('\u2713 configured')
+                    : c.caution('~ not configured')
+                : c.dim('- not found');
+            console.log(`  ${p.detected ? c.bold(p.name) : c.dim(p.name)}  ${status}`);
+        }
+        console.log('');
+        if (unconfigured.length === 0) {
+            console.log(c.safe(currentLang === 'zh-TW'
+                ? `  \u2713 \u6240\u6709\u5E73\u53F0\u5DF2\u8A2D\u5B9A\u5B8C\u6210\uFF01`
+                : '  \u2713 All platforms already configured!'));
+            console.log('');
+            console.log(c.dim(currentLang === 'zh-TW'
+                ? '  \u91CD\u555F AI \u4EE3\u7406\u5F8C\uFF0C\u8ACB\u6C42\u300Cpanguard_status\u300D\u5373\u53EF\u9A57\u8B49\u3002'
+                : '  Restart your AI agent, then ask "panguard_status" to verify.'));
+            return;
+        }
+        // Configure unconfigured platforms
+        const configSp = sp(currentLang === 'zh-TW'
+            ? `\u6B63\u5728\u8A2D\u5B9A ${unconfigured.length} \u500B\u5E73\u53F0...`
+            : `Configuring ${unconfigured.length} platform(s)...`);
+        let successCount = 0;
+        for (const p of unconfigured) {
+            const result = mcpConfig.injectMCPConfig(p.id);
+            if (result.success)
+                successCount++;
+        }
+        if (successCount === unconfigured.length) {
+            configSp.succeed(currentLang === 'zh-TW'
+                ? `${successCount} \u500B\u5E73\u53F0\u8A2D\u5B9A\u5B8C\u6210`
+                : `${successCount} platform(s) configured`);
+        }
+        else {
+            configSp.warn(currentLang === 'zh-TW'
+                ? `${successCount}/${unconfigured.length} \u5E73\u53F0\u8A2D\u5B9A\u6210\u529F`
+                : `${successCount}/${unconfigured.length} platform(s) configured`);
+        }
+        console.log('');
+        console.log(c.dim(currentLang === 'zh-TW'
+            ? '  \u91CD\u555F AI \u4EE3\u7406\u5F8C\u5373\u53EF\u4F7F\u7528 11 \u500B panguard_* MCP \u5DE5\u5177\uFF1A'
+            : '  Restart your AI agent to use 11 panguard_* MCP tools:'));
+        // Platform-specific restart instructions
+        const restartHints = {
+            'claude-code': { en: 'Close and reopen your terminal', zh: '\u95DC\u9589\u4E26\u91CD\u65B0\u958B\u555F\u7D42\u7AEF\u6A5F' },
+            'claude-desktop': { en: 'Quit and reopen Claude Desktop', zh: '\u9000\u51FA\u4E26\u91CD\u65B0\u958B\u555F Claude Desktop' },
+            cursor: { en: 'Cmd+Shift+P (or Ctrl+Shift+P) > "Reload Window"', zh: 'Cmd+Shift+P > "Reload Window"' },
+            openclaw: { en: 'Close and reopen OpenClaw', zh: '\u95DC\u9589\u4E26\u91CD\u65B0\u958B\u555F OpenClaw' },
+            codex: { en: 'Restart the Codex CLI session', zh: '\u91CD\u65B0\u555F\u52D5 Codex CLI' },
+            workbuddy: { en: 'Close and reopen WorkBuddy', zh: '\u95DC\u9589\u4E26\u91CD\u65B0\u958B\u555F WorkBuddy' },
+            nemoclaw: { en: 'Close and reopen NemoClaw', zh: '\u95DC\u9589\u4E26\u91CD\u65B0\u958B\u555F NemoClaw' },
+        };
+        for (const p of unconfigured) {
+            const hint = restartHints[p.id];
+            const text = hint
+                ? (currentLang === 'zh-TW' ? hint.zh : hint.en)
+                : (currentLang === 'zh-TW' ? '\u91CD\u65B0\u555F\u52D5\u61C9\u7528\u7A0B\u5F0F' : 'Restart the application');
+            console.log(c.dim(`    ${p.name}: ${text}`));
+        }
+        console.log('');
+        console.log(c.dim(currentLang === 'zh-TW'
+            ? '  \u8A66\u8A66\u554F AI: \u300C\u5BE9\u8A08\u9019\u500B\u5C08\u6848\u7684\u6280\u80FD\u300D\u6216\u300C\u6383\u63CF\u6211\u7684\u7CFB\u7D71\u300D'
+            : '  Try asking your AI: "audit the skills in this project" or "scan my system"'));
+    }
+    catch (err) {
+        detectSp.fail(currentLang === 'zh-TW'
+            ? 'MCP \u8A2D\u5B9A\u5931\u6557'
+            : 'MCP setup failed');
+        console.log(formatError(err instanceof Error ? err.message : String(err), 'MCP Setup', currentLang === 'zh-TW' ? '\u8ACB\u91CD\u8A66' : 'Please retry'));
+    }
+}
+// ---------------------------------------------------------------------------
 // [1] Security Scan
 // ---------------------------------------------------------------------------
 async function actionScan() {
@@ -515,27 +667,36 @@ async function actionScan() {
         for (const f of result.findings) {
             const sev = colorSeverity(f.severity).padEnd(10);
             console.log(`  ${sev} ${f.title}`);
-            if (tier === 'community' && f.manualFix && f.manualFix.length > 0) {
-                const fixLabel = currentLang === 'zh-TW' ? '\u624B\u52D5\u4FEE\u5FA9:' : 'Manual fix:';
+            // Show description if available
+            if (f.description) {
+                console.log(c.dim(`          ${f.description}`));
+            }
+            if (f.manualFix && f.manualFix.length > 0) {
+                const fixLabel = currentLang === 'zh-TW' ? '\u4FEE\u5FA9:' : 'Fix:';
                 console.log(c.dim(`          ${fixLabel}`));
                 for (const cmd of f.manualFix) {
                     console.log(c.dim(`          $ ${cmd}`));
                 }
                 fixableCount++;
             }
+            else if (f.remediation) {
+                // Show recommendation even if no auto-fix command
+                const recLabel = currentLang === 'zh-TW' ? '\u5EFA\u8B70:' : 'Recommendation:';
+                console.log(c.dim(`          ${recLabel} ${f.remediation}`));
+            }
         }
         console.log('');
         const issuesText = currentLang === 'zh-TW'
             ? `${result.findings.length} \u500B\u554F\u984C`
             : `${result.findings.length} issue(s) found`;
         console.log(c.dim(`  ${issuesText}`));
-        if (tier === 'community' && fixableCount > 0) {
+        if (fixableCount > 0) {
             const upgradeLines = currentLang === 'zh-TW'
                 ? [
-                    `\u5347\u7D1A\u5230 Solo ($9/\u6708) \u5373\u53EF\u4E00\u9375\u4FEE\u5FA9:`,
+                    `\u53EF\u81EA\u52D5\u4FEE\u5FA9:`,
                     `$ panguard scan --fix`,
                 ]
-                : [`Upgrade to Solo ($9/mo) to auto-fix all:`, `$ panguard scan --fix`];
+                : [`Auto-fix available:`, `$ panguard scan --fix`];
             console.log('');
             console.log(box(upgradeLines.join('\n'), { borderColor: c.sage }));
         }
@@ -556,7 +717,8 @@ async function actionScan() {
         console.log(`  ${agentMsg}`);
         const guardItems = [
             { key: '1', label: currentLang === 'zh-TW' ? '\u662F\uFF0C\u555F\u52D5 Guard \u9632\u8B77' : 'Yes, start Guard protection' },
-            { key: '2', label: currentLang === 'zh-TW' ? '\u4E0D\u7528\uFF0C\u56DE\u4E3B\u9078\u55AE' : 'No, return to main menu' },
+            { key: '2', label: currentLang === 'zh-TW' ? '\u5BE9\u8A08\u5DF2\u5B89\u88DD\u6280\u80FD\u7684\u5B89\u5168\u5A01\u8105' : 'Audit installed skills for threats' },
+            { key: '3', label: currentLang === 'zh-TW' ? '\u4E0D\u7528\uFF0C\u56DE\u4E3B\u9078\u55AE' : 'No, return to main menu' },
         ];
         renderCompactMenu('', guardItems);
         const guardChoice = await waitForCompactChoice(guardItems, currentLang);
@@ -564,16 +726,22 @@ async function actionScan() {
             await actionGuard();
             return;
         }
+        if (guardChoice?.key === '2') {
+            await actionAudit();
+            return;
+        }
     }
     else {
         nextSteps(currentLang === 'zh-TW'
             ? [
+                { cmd: '[8] \u6280\u80FD\u5BE9\u8A08', desc: '\u5BE9\u8A08\u5DF2\u5B89\u88DD\u6280\u80FD\u7684\u5B89\u5168\u5A01\u8105' },
                 { cmd: 'scan --full', desc: '\u57F7\u884C\u5B8C\u6574\u6383\u63CF' },
-                { cmd: 'report', desc: '\u7522\u751F\u5408\u898F\u5831\u544A' },
+                { cmd: 'guard start', desc: '\u555F\u52D5\u5373\u6642\u9632\u8B77' },
             ]
             : [
+                { cmd: '[8] Skill Auditor', desc: 'Audit installed skills for threats' },
                 { cmd: 'scan --full', desc: 'Run a comprehensive scan' },
-                { cmd: 'report', desc: 'Generate compliance report' },
+                { cmd: 'guard start', desc: 'Enable real-time protection' },
             ], currentLang);
     }
 }
@@ -585,54 +753,21 @@ async function actionReport() {
         'Panguard',
         currentLang === 'zh-TW' ? '\u5408\u898F\u5831\u544A' : 'Compliance Report',
     ]);
-    const title = currentLang === 'zh-TW' ? '\u5408\u898F\u5831\u544A' : 'Compliance Report';
-    console.log(`  ${theme.brandBold(title)}`);
-    console.log('');
-    const frameworkItems = [
-        { key: '1', label: 'ISO 27001' },
-        { key: '2', label: 'SOC 2' },
-        {
-            key: '3',
-            label: currentLang === 'zh-TW'
-                ? '\u8CC7\u901A\u5B89\u5168\u7BA1\u7406\u6CD5'
-                : 'TW Cyber Security Act',
-        },
-    ];
-    renderCompactMenu(currentLang === 'zh-TW' ? '\u9078\u64C7\u5408\u898F\u6846\u67B6' : 'Select Framework', frameworkItems);
-    const fwChoice = await waitForCompactChoice(frameworkItems, currentLang);
-    if (!fwChoice)
-        return;
-    const frameworkMap = {
-        '1': 'iso27001',
-        '2': 'soc2',
-        '3': 'tw_cyber_security_act',
-    };
-    const framework = frameworkMap[fwChoice.key] ?? 'iso27001';
-    const langItems = [
-        {
-            key: '1',
-            label: currentLang === 'zh-TW' ? '\u7E41\u9AD4\u4E2D\u6587 (zh-TW)' : 'Chinese (zh-TW)',
-        },
-        { key: '2', label: currentLang === 'zh-TW' ? '\u82F1\u6587 (en)' : 'English (en)' },
-    ];
     console.log('');
-    renderCompactMenu(currentLang === 'zh-TW' ? '\u5831\u544A\u8A9E\u8A00' : 'Report Language', langItems);
-    const langChoice = await waitForCompactChoice(langItems, currentLang);
-    if (!langChoice)
-        return;
-    const reportLang = langChoice.key === '1' ? 'zh-TW' : 'en';
+    if (currentLang === 'zh-TW') {
+        console.log('  \u5408\u898F\u5831\u544A \u2014 \u5373\u5C07\u63A8\u51FA');
+        console.log('');
+        console.log('  ISO 27001\u3001SOC 2\u3001\u8CC7\u5B89\u7BA1\u7406\u6CD5\u5408\u898F\u5831\u544A\u529F\u80FD\u958B\u767C\u4E2D\u3002');
+        console.log('  \u8FFD\u8E64\u9032\u5EA6: https://github.com/panguard-ai/panguard-ai');
+    }
+    else {
+        console.log('  Compliance Report \u2014 Coming Soon');
+        console.log('');
+        console.log('  ISO 27001, SOC 2, and TW Cyber Security Act compliance');
+        console.log('  reports are under active development.');
+        console.log('  Follow progress: https://github.com/panguard-ai/panguard-ai');
+    }
     console.log('');
-    const { executeCli } = await import('@panguard-ai/panguard-report');
-    await executeCli(['generate', '--framework', framework, '--language', reportLang]);
-    nextSteps(currentLang === 'zh-TW'
-        ? [
-            { cmd: 'scan', desc: '\u57F7\u884C\u5B89\u5168\u6383\u63CF' },
-            { cmd: 'guard start', desc: '\u555F\u52D5\u5373\u6642\u9632\u8B77' },
-        ]
-        : [
-            { cmd: 'scan', desc: 'Run a security scan' },
-            { cmd: 'guard start', desc: 'Enable real-time protection' },
-        ], currentLang);
 }
 // ---------------------------------------------------------------------------
 // [3] Guard Engine
@@ -676,27 +811,24 @@ async function actionGuard() {
                     ], currentLang);
                 break;
             }
-            // Free tier — show positive capabilities first
-            const { tier } = getLicense();
-            if (tier === 'community') {
-                console.log(`  ${c.sage('\u25C6')} Guard active${' '.repeat(30)}Layer 1 \u00B7 Community`);
-                console.log('');
-                if (currentLang === 'zh-TW') {
-                    console.log(`  ${c.safe('\u2713')} \u5DF2\u77E5\u653B\u64CA\u6A21\u5F0F\u81EA\u52D5\u5C01\u9396`);
-                    console.log(`  ${c.safe('\u2713')} Threat Cloud \u5A01\u8105\u60C5\u5831`);
-                    console.log(`  ${c.dim('\u2500')} AI \u5206\u6790 ${c.dim('(Solo $9/\u6708)')}`);
-                    console.log(`  ${c.dim('\u2500')} \u901A\u77E5\u7CFB\u7D71 ${c.dim('(Solo $9/\u6708)')}`);
-                    console.log(`  ${c.dim('\u2500')} \u65E5\u8A8C\u4FDD\u7559 7 \u5929+ ${c.dim('(Solo $9/\u6708)')}`);
-                }
-                else {
-                    console.log(`  ${c.safe('\u2713')} Auto-blocking for known attack patterns`);
-                    console.log(`  ${c.safe('\u2713')} Threat Cloud intelligence`);
-                    console.log(`  ${c.dim('\u2500')} AI analysis ${c.dim('(Solo $9/mo)')}`);
-                    console.log(`  ${c.dim('\u2500')} Notifications ${c.dim('(Solo $9/mo)')}`);
-                    console.log(`  ${c.dim('\u2500')} Log retention 7d+ ${c.dim('(Solo $9/mo)')}`);
-                }
-                console.log('');
+            // Show Guard capabilities
+            console.log(`  ${c.sage('\u25C6')} Guard active${' '.repeat(30)}All Layers \u00B7 Free`);
+            console.log('');
+            if (currentLang === 'zh-TW') {
+                console.log(`  ${c.safe('\u2713')} \u5DF2\u77E5\u653B\u64CA\u6A21\u5F0F\u81EA\u52D5\u5C01\u9396`);
+                console.log(`  ${c.safe('\u2713')} Threat Cloud \u5A01\u8105\u60C5\u5831`);
+                console.log(`  ${c.safe('\u2713')} AI \u5206\u6790`);
+                console.log(`  ${c.safe('\u2713')} \u901A\u77E5\u7CFB\u7D71`);
+                console.log(`  ${c.safe('\u2713')} \u65E5\u8A8C\u4FDD\u7559`);
+            }
+            else {
+                console.log(`  ${c.safe('\u2713')} Auto-blocking for known attack patterns`);
+                console.log(`  ${c.safe('\u2713')} Threat Cloud intelligence`);
+                console.log(`  ${c.safe('\u2713')} AI analysis`);
+                console.log(`  ${c.safe('\u2713')} Notifications`);
+                console.log(`  ${c.safe('\u2713')} Log retention`);
             }
+            console.log('');
             // Spawn guard as background process
             const { spawn: spawnProcess } = await import('node:child_process');
             const { fileURLToPath: toPath } = await import('node:url');
@@ -802,46 +934,21 @@ async function actionTrap() {
         'Panguard',
         currentLang === 'zh-TW' ? '\u871C\u7F50\u7CFB\u7D71' : 'Honeypot System',
     ]);
-    const title = currentLang === 'zh-TW' ? '\u871C\u7F50\u7CFB\u7D71' : 'Honeypot System';
-    console.log(`  ${theme.brandBold(title)}`);
     console.log('');
-    const items = [
-        {
-            key: '1',
-            label: currentLang === 'zh-TW' ? '\u57FA\u672C\u914D\u7F6E (SSH + HTTP)' : 'Config (SSH + HTTP)',
-        },
-        {
-            key: '2',
-            label: currentLang === 'zh-TW'
-                ? '\u5B8C\u6574\u914D\u7F6E (8 \u7A2E\u670D\u52D9)'
-                : 'Config (All 8 Services)',
-        },
-        { key: '3', label: currentLang === 'zh-TW' ? '\u67E5\u770B\u72C0\u614B' : 'Status' },
-        {
-            key: '4',
-            label: currentLang === 'zh-TW' ? '\u653B\u64CA\u8005\u5206\u6790' : 'Attacker Profiles',
-        },
-    ];
-    renderCompactMenu(currentLang === 'zh-TW' ? '\u871C\u7F50\u7CFB\u7D71' : 'Honeypot System', items);
-    const choice = await waitForCompactChoice(items, currentLang);
-    if (!choice)
-        return;
-    console.log('');
-    const { executeCli } = await import('@panguard-ai/panguard-trap');
-    switch (choice.key) {
-        case '1':
-            await executeCli(['config', '--services', 'ssh,http']);
-            break;
-        case '2':
-            await executeCli(['config', '--services', 'ssh,http,ftp,telnet,mysql,redis,smb,rdp']);
-            break;
-        case '3':
-            await executeCli(['status']);
-            break;
-        case '4':
-            await executeCli(['profiles']);
-            break;
+    if (currentLang === 'zh-TW') {
+        console.log('  \u871C\u7F50\u7CFB\u7D71 \u2014 \u5373\u5C07\u63A8\u51FA');
+        console.log('');
+        console.log('  \u8A98\u990C\u670D\u52D9\uFF08SSH\u3001HTTP\u3001FTP\uFF09\u5075\u6E2C\u8207\u5206\u6790\u653B\u64CA\u8005\u529F\u80FD\u958B\u767C\u4E2D\u3002');
+        console.log('  \u8FFD\u8E64\u9032\u5EA6: https://github.com/panguard-ai/panguard-ai');
     }
+    else {
+        console.log('  Honeypot System \u2014 Coming Soon');
+        console.log('');
+        console.log('  Decoy services (SSH, HTTP, FTP) to detect and profile');
+        console.log('  attackers are under active development.');
+        console.log('  Follow progress: https://github.com/panguard-ai/panguard-ai');
+    }
+    console.log('');
 }
 // ---------------------------------------------------------------------------
 // [5] Notifications
@@ -904,7 +1011,17 @@ async function actionThreat() {
         ? `  \u5373\u5C07\u555F\u52D5\u5A01\u8105\u60C5\u5831 REST API \u4F3A\u670D\u5668 (port ${port})`
         : `  Starting Threat Cloud REST API server (port ${port})...`));
     console.log('');
-    const { ThreatCloudServer } = await import('@panguard-ai/threat-cloud');
+    let ThreatCloudServer;
+    try {
+        const mod = '@panguard-ai/threat-cloud';
+        const tc = await import(/* webpackIgnore: true */ mod);
+        ThreatCloudServer = tc.ThreatCloudServer;
+    }
+    catch {
+        console.log(c.red('  Threat Cloud server package is not available.'));
+        console.log(c.dim('  Your Guard client connects to Threat Cloud automatically.'));
+        return;
+    }
     const sp = spinner(currentLang === 'zh-TW'
         ? '\u6B63\u5728\u555F\u52D5 Threat Cloud API...'
         : 'Starting Threat Cloud API server...');
@@ -941,7 +1058,6 @@ async function actionThreat() {
 async function actionDemo() {
     breadcrumb(['Panguard', currentLang === 'zh-TW' ? '\u529F\u80FD\u5C55\u793A' : 'Feature Demo']);
     const { runScan } = await import('@panguard-ai/panguard-scan');
-    const { generateComplianceReport, generateSummaryText } = await import('@panguard-ai/panguard-report');
     const title = currentLang === 'zh-TW' ? '\u529F\u80FD\u5C55\u793A' : 'Feature Demo';
     console.log(`  ${theme.brandBold(title)}`);
     console.log(c.dim(currentLang === 'zh-TW'
@@ -982,59 +1098,14 @@ async function actionDemo() {
         });
     }
     console.log('');
-    // 2. Compliance Report
+    // 2. Compliance Report (Coming Soon)
     console.log(c.dim(currentLang === 'zh-TW'
-        ? '  2. \u5408\u898F\u5831\u544A (ISO 27001)'
-        : '  2. Compliance Report (ISO 27001)'));
-    console.log('');
-    const reportSp = spinner(currentLang === 'zh-TW'
-        ? '\u6B63\u5728\u7522\u751F ISO 27001 \u5831\u544A...'
-        : 'Generating ISO 27001 report...');
-    try {
-        const findings = [
-            {
-                findingId: 'DEMO-001',
-                severity: 'high',
-                title: 'Missing information security policy',
-                description: 'No formal information security policy document found.',
-                category: 'policy',
-                timestamp: new Date(),
-                source: 'panguard-scan',
-            },
-            {
-                findingId: 'DEMO-002',
-                severity: 'medium',
-                title: 'Unencrypted data at rest',
-                description: 'Database storage does not use encryption at rest.',
-                category: 'encryption',
-                timestamp: new Date(),
-                source: 'panguard-scan',
-            },
-        ];
-        const report = generateComplianceReport(findings, 'iso27001', 'en', {
-            includeRecommendations: true,
-        });
-        const summary = generateSummaryText(report);
-        reportSp.succeed(currentLang === 'zh-TW'
-            ? 'ISO 27001 \u5831\u544A\u5DF2\u7522\u751F'
-            : 'ISO 27001 report generated');
-        const summaryLines = summary.split('\n').slice(0, 10);
-        for (const line of summaryLines) {
-            console.log(`  ${c.dim(line)}`);
-        }
-        console.log(c.dim('  ...'));
-        results.push({
-            name: currentLang === 'zh-TW' ? '\u5408\u898F\u5831\u544A' : 'Report',
-            status: 'ok',
-        });
-    }
-    catch (err) {
-        reportSp.fail(`${err instanceof Error ? err.message : err}`);
-        results.push({
-            name: currentLang === 'zh-TW' ? '\u5408\u898F\u5831\u544A' : 'Report',
-            status: 'fail',
-        });
-    }
+        ? '  2. \u5408\u898F\u5831\u544A \u2014 \u5373\u5C07\u63A8\u51FA'
+        : '  2. Compliance Report \u2014 Coming Soon'));
+    results.push({
+        name: currentLang === 'zh-TW' ? '\u5408\u898F\u5831\u544A' : 'Report',
+        status: 'warn',
+    });
     console.log('');
     // 3. Guard Engine
     console.log(c.dim(currentLang === 'zh-TW' ? '  3. \u5B88\u8B77\u5F15\u64CE' : '  3. Guard Engine'));
@@ -1057,24 +1128,14 @@ async function actionDemo() {
         });
     }
     console.log('');
-    // 4. Honeypot
-    console.log(c.dim(currentLang === 'zh-TW' ? '  4. \u871C\u7F50\u7CFB\u7D71' : '  4. Honeypot System'));
-    console.log('');
-    try {
-        const { executeCli: trapCLI } = await import('@panguard-ai/panguard-trap');
-        await trapCLI(['config', '--services', 'ssh,http']);
-        results.push({
-            name: currentLang === 'zh-TW' ? '\u871C\u7F50\u7CFB\u7D71' : 'Trap',
-            status: 'ok',
-        });
-    }
-    catch (err) {
-        console.log(`  ${c.critical(err instanceof Error ? err.message : String(err))}`);
-        results.push({
-            name: currentLang === 'zh-TW' ? '\u871C\u7F50\u7CFB\u7D71' : 'Trap',
-            status: 'fail',
-        });
-    }
+    // 4. Honeypot (Coming Soon)
+    console.log(c.dim(currentLang === 'zh-TW'
+        ? '  4. \u871C\u7F50\u7CFB\u7D71 \u2014 \u5373\u5C07\u63A8\u51FA'
+        : '  4. Honeypot System \u2014 Coming Soon'));
+    results.push({
+        name: currentLang === 'zh-TW' ? '\u871C\u7F50\u7CFB\u7D71' : 'Trap',
+        status: 'warn',
+    });
     console.log('');
     // 5. Notifications
     console.log(c.dim(currentLang === 'zh-TW' ? '  5. \u901A\u77E5\u7CFB\u7D71' : '  5. Notification System'));
@@ -1121,13 +1182,202 @@ async function actionDemo() {
         ], currentLang);
 }
 // ---------------------------------------------------------------------------
-// Prompt commands: Upgrade
+// [8] Skill Auditor
 // ---------------------------------------------------------------------------
-async function actionUpgrade() {
-    breadcrumb(['Panguard', currentLang === 'zh-TW' ? '\u5347\u7D1A\u65B9\u6848' : 'Upgrade Plan']);
-    const { upgradeCommand } = await import('./commands/upgrade.js');
-    const cmd = upgradeCommand();
-    await cmd.parseAsync(['upgrade', '--lang', currentLang], { from: 'user' });
+async function actionAudit() {
+    breadcrumb(['Panguard', currentLang === 'zh-TW' ? '\u6280\u80FD\u5BE9\u8A08' : 'Skill Auditor']);
+    const title = currentLang === 'zh-TW' ? '\u6280\u80FD\u5BE9\u8A08' : 'Skill Auditor';
+    console.log(`  ${theme.brandBold(title)}`);
+    console.log('');
+    console.log(c.dim(currentLang === 'zh-TW'
+        ? '  \u6383\u63CF AI \u4EE3\u7406\u6280\u80FD\u76EE\u9304\uFF08\u5305\u542B SKILL.md\uFF09\u4EE5\u5075\u6E2C\u5B89\u5168\u554F\u984C\u3002'
+        : '  Scan an AI agent skill directory (containing SKILL.md) for security issues.'));
+    console.log('');
+    // Ask for path to audit
+    const pathItems = [
+        {
+            key: '1',
+            label: currentLang === 'zh-TW'
+                ? '\u5BE9\u8A08\u7576\u524D\u76EE\u9304 (.)'
+                : 'Audit current directory (.)',
+        },
+        {
+            key: '2',
+            label: currentLang === 'zh-TW'
+                ? '\u8F38\u5165\u81EA\u5B9A\u8DEF\u5F91'
+                : 'Enter custom path',
+        },
+    ];
+    renderCompactMenu(currentLang === 'zh-TW' ? '\u9078\u64C7\u76EE\u6A19' : 'Select target', pathItems);
+    const choice = await waitForCompactChoice(pathItems, currentLang);
+    if (!choice)
+        return;
+    let targetPath = process.cwd();
+    if (choice.key === '2') {
+        // Read a custom path from the user via text prompt
+        const readline = await import('node:readline');
+        const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+        targetPath = await new Promise((resolve) => {
+            const prompt = currentLang === 'zh-TW' ? '  \u8DEF\u5F91: ' : '  Path: ';
+            rl.question(prompt, (answer) => {
+                rl.close();
+                resolve(answer.trim() || process.cwd());
+            });
+        });
+    }
+    const path = await import('node:path');
+    const resolvedPath = path.resolve(targetPath);
+    console.log('');
+    const sp = spinner(currentLang === 'zh-TW'
+        ? `\u6B63\u5728\u5BE9\u8A08 ${resolvedPath}...`
+        : `Auditing ${resolvedPath}...`);
+    try {
+        const { auditSkill } = await import('@panguard-ai/panguard-skill-auditor');
+        const report = await auditSkill(resolvedPath);
+        sp.succeed(currentLang === 'zh-TW' ? '\u5BE9\u8A08\u5B8C\u6210' : 'Audit complete');
+        // Display results
+        const levelColors = {
+            LOW: c.safe,
+            MEDIUM: c.caution,
+            HIGH: c.critical,
+            CRITICAL: (s) => c.bold(c.critical(s)),
+        };
+        const colorFn = levelColors[report.riskLevel] ?? c.dim;
+        console.log('');
+        console.log(box([
+            `${c.bold(currentLang === 'zh-TW' ? '\u6280\u80FD\u5BE9\u8A08\u5831\u544A' : 'Skill Audit Report')}`,
+            '',
+            `${currentLang === 'zh-TW' ? '\u6280\u80FD' : 'Skill'}:      ${report.manifest?.name ?? 'Unknown'}${report.manifest?.metadata?.version ? ` v${report.manifest.metadata.version}` : ''}`,
+            `${currentLang === 'zh-TW' ? '\u4F5C\u8005' : 'Author'}:     ${report.manifest?.metadata?.author ?? 'Unknown'}`,
+            `${currentLang === 'zh-TW' ? '\u98A8\u96AA\u5206\u6578' : 'Risk Score'}: ${colorFn(`${report.riskScore}/100 (${report.riskLevel})`)}`,
+            `${currentLang === 'zh-TW' ? '\u6642\u9593' : 'Duration'}:   ${report.durationMs}ms`,
+        ].join('\n'), { borderColor: c.sage }));
+        console.log('');
+        for (const check of report.checks) {
+            const icon = check.status === 'pass'
+                ? c.safe('\u2713')
+                : check.status === 'fail'
+                    ? c.critical('\u2717')
+                    : check.status === 'warn'
+                        ? c.caution('~')
+                        : c.dim('i');
+            const statusLabel = check.status === 'pass'
+                ? 'PASS'
+                : check.status === 'fail'
+                    ? 'FAIL'
+                    : check.status === 'warn'
+                        ? 'WARN'
+                        : 'INFO';
+            console.log(`  ${icon} [${statusLabel}] ${check.label}`);
+        }
+        console.log('');
+        if (report.findings.length > 0) {
+            console.log(c.bold(currentLang === 'zh-TW'
+                ? `  \u767C\u73FE ${report.findings.length} \u500B\u554F\u984C:`
+                : `  ${report.findings.length} finding(s):`));
+            console.log('');
+            for (const finding of report.findings) {
+                const sevColor = finding.severity === 'critical'
+                    ? c.critical
+                    : finding.severity === 'high'
+                        ? c.caution
+                        : c.dim;
+                console.log(`  ${sevColor(`[${finding.severity.toUpperCase()}]`)} ${finding.title}`);
+                console.log(`    ${c.dim(finding.description)}`);
+                if (finding.location)
+                    console.log(`    ${c.dim(`at ${finding.location}`)}`);
+                console.log('');
+            }
+        }
+        nextSteps(currentLang === 'zh-TW'
+            ? [
+                { cmd: 'scan', desc: '\u57F7\u884C\u7CFB\u7D71\u5B89\u5168\u6383\u63CF' },
+                { cmd: 'guard start', desc: '\u555F\u52D5 24/7 \u5B88\u8B77\u9632\u8B77' },
+            ]
+            : [
+                { cmd: 'scan', desc: 'Run a system security scan' },
+                { cmd: 'guard start', desc: 'Start 24/7 guard protection' },
+            ], currentLang);
+    }
+    catch (err) {
+        const errMsg = err instanceof Error ? err.message : String(err);
+        const isNoSkill = errMsg.toLowerCase().includes('skill.md') || errMsg.toLowerCase().includes('not found') || errMsg.toLowerCase().includes('enoent');
+        if (isNoSkill) {
+            sp.warn(currentLang === 'zh-TW'
+                ? '\u6B64\u76EE\u9304\u672A\u627E\u5230 AI \u6280\u80FD (SKILL.md)'
+                : 'No AI skills (SKILL.md) found in this directory');
+            console.log('');
+            console.log(c.dim(currentLang === 'zh-TW'
+                ? '  Skill Auditor \u6383\u63CF\u5305\u542B SKILL.md \u7684 AI \u6280\u80FD\u76EE\u9304\u3002'
+                : '  Skill Auditor scans AI skill directories containing a SKILL.md file.'));
+            console.log('');
+            console.log(c.dim(currentLang === 'zh-TW'
+                ? '  \u5E38\u898B\u6280\u80FD\u4F4D\u7F6E\uFF1A'
+                : '  Common skill locations:'));
+            console.log(c.dim('    ~/.claude/skills/'));
+            console.log(c.dim('    ./.claude/skills/'));
+            console.log(c.dim('    ./.mcp/'));
+            console.log(c.dim('    ./skills/'));
+            console.log('');
+            // Auto-scan known skill directories
+            const fs = await import('node:fs');
+            const path = await import('node:path');
+            const skillDirs = [
+                path.join(homedir(), '.claude', 'skills'),
+                path.join(process.cwd(), '.claude', 'skills'),
+                path.join(process.cwd(), '.mcp'),
+                path.join(process.cwd(), 'skills'),
+            ];
+            const foundDirs = [];
+            for (const dir of skillDirs) {
+                if (fs.existsSync(dir)) {
+                    // Check for subdirectories that might have SKILL.md
+                    try {
+                        const entries = fs.readdirSync(dir, { withFileTypes: true });
+                        for (const entry of entries) {
+                            if (entry.isDirectory()) {
+                                const skillMdPath = path.join(dir, entry.name, 'SKILL.md');
+                                if (fs.existsSync(skillMdPath)) {
+                                    foundDirs.push(path.join(dir, entry.name));
+                                }
+                            }
+                        }
+                        // Also check the directory itself
+                        if (fs.existsSync(path.join(dir, 'SKILL.md'))) {
+                            foundDirs.push(dir);
+                        }
+                    }
+                    catch {
+                        /* skip inaccessible dirs */
+                    }
+                }
+            }
+            if (foundDirs.length > 0) {
+                console.log(c.sage(currentLang === 'zh-TW'
+                    ? `  \u5728\u7CFB\u7D71\u4E2D\u627E\u5230 ${foundDirs.length} \u500B\u6280\u80FD\uFF1A`
+                    : `  Found ${foundDirs.length} skill(s) on your system:`));
+                for (const dir of foundDirs) {
+                    console.log(c.dim(`    ${dir}`));
+                }
+                console.log('');
+                console.log(c.dim(currentLang === 'zh-TW'
+                    ? `  \u57F7\u884C\uFF1Apanguard audit skill <path> \u4F86\u5BE9\u8A08\u7279\u5B9A\u6280\u80FD`
+                    : `  Run: panguard audit skill <path> to audit a specific skill`));
+            }
+            else {
+                console.log(c.dim(currentLang === 'zh-TW'
+                    ? '  \u7CFB\u7D71\u4E2D\u672A\u627E\u5230\u5DF2\u5B89\u88DD\u7684 AI \u6280\u80FD\u3002'
+                    : '  No installed AI skills found on your system.'));
+                console.log(c.dim(currentLang === 'zh-TW'
+                    ? '  \u5728\u5305\u542B AI \u6280\u80FD\u7684\u5C08\u6848\u76EE\u9304\u4E2D\u57F7\u884C\u6B64\u6307\u4EE4\u3002'
+                    : '  Run this command inside a project directory that contains AI skills.'));
+            }
+        }
+        else {
+            sp.fail(currentLang === 'zh-TW' ? '\u5BE9\u8A08\u5931\u6557' : 'Audit failed');
+            console.log(formatError(errMsg, currentLang === 'zh-TW' ? '\u6280\u80FD\u5BE9\u8A08' : 'Skill Auditor', currentLang === 'zh-TW' ? '\u8ACB\u91CD\u8A66\u6216\u6AA2\u67E5\u65E5\u8A8C' : 'Please retry or check logs'));
+        }
+    }
 }
 // ---------------------------------------------------------------------------
 // Prompt commands: Hardening
@@ -1171,15 +1421,6 @@ async function actionStatus() {
     await cmd.parseAsync(['status'], { from: 'user' });
 }
 // ---------------------------------------------------------------------------
-// Prompt commands: Login
-// ---------------------------------------------------------------------------
-async function actionLogin() {
-    breadcrumb(['Panguard', currentLang === 'zh-TW' ? '\u5E33\u865F\u767B\u5165' : 'Login']);
-    const { loginCommand } = await import('./commands/login.js');
-    const cmd = loginCommand();
-    await cmd.parseAsync(['login'], { from: 'user' });
-}
-// ---------------------------------------------------------------------------
 // Prompt commands: Config
 // ---------------------------------------------------------------------------
 async function actionConfig() {