@quantracode/vibecheck 0.0.2 → 0.2.1

package/README.md

@@ -63,6 +63,70 @@ vibecheck scan --emit-intent-map
 
 # Explain a scan report
 vibecheck explain ./scan.json
+
+# Start the web viewer
+vibecheck view
+
+# Open viewer with specific artifact
+vibecheck view -a ./scan.json
+```
+
+## View Command
+
+The `view` command starts a local web viewer to explore scan results interactively.
+
+```bash
+# Start viewer (auto-detects artifacts in current directory)
+vibecheck view
+
+# Specify artifact file explicitly
+vibecheck view -a ./vibecheck-scan.json
+vibecheck view --artifact ./scan-results.json
+
+# Use a different port
+vibecheck view --port 8080
+
+# Don't auto-open browser
+vibecheck view --no-open
+
+# Force update the viewer to latest version
+vibecheck view --update
+
+# Clear cached viewer files
+vibecheck view --clear-cache
+```
+
+### View Command Options
+
+| Option | Description | Default |
+|--------|-------------|---------|
+| `-p, --port <port>` | Port to run the viewer on | `3000` |
+| `-a, --artifact <path>` | Path to artifact file to open | Auto-detected |
+| `--no-open` | Don't automatically open the browser | Opens browser |
+| `--update` | Force update the viewer to latest version | - |
+| `--clear-cache` | Clear the cached viewer and exit | - |
+
+### How It Works
+
+1. **Auto-download**: The viewer is automatically downloaded from npm on first run and cached in `~/.vibecheck/viewer/`
+2. **Auto-detect artifacts**: Looks for scan artifacts in common locations:
+   - `vibecheck-artifacts/artifact.json`
+   - `vibecheck-artifact.json`
+   - `.vibecheck/artifact.json`
+   - `scan-results.json`
+3. **Auto-load**: When an artifact is detected, it's automatically loaded into the viewer
+4. **Local-only**: The viewer runs entirely on your machine with no external connections
+
+### Workflow Example
+
+```bash
+# 1. Run a scan
+vibecheck scan --out vibecheck-artifacts/artifact.json
+
+# 2. View results (artifact auto-detected)
+vibecheck view
+
+# Browser opens to http://localhost:3000 with results loaded
 ```
 
 ### Command Line Options

package/dist/index.js

@@ -414,7 +414,7 @@ function readJsonSync(filePath) {
 }
 
 // src/utils/fingerprint.ts
-import crypto from "crypto";
+import crypto2 from "crypto";
 function generateFingerprint(parts) {
   const data = [
     parts.ruleId,
@@ -423,14 +423,14 @@ function generateFingerprint(parts) {
     parts.route ?? "",
     parts.startLine?.toString() ?? ""
   ].join("::");
-  return crypto.createHash("sha256").update(data).digest("hex").slice(0, 16);
+  return crypto2.createHash("sha256").update(data).digest("hex").slice(0, 16);
 }
 function generateFindingId(parts) {
   const fp = generateFingerprint(parts);
   return `${parts.ruleId.toLowerCase()}-${fp.slice(0, 8)}`;
 }
 function hashPath(dirPath) {
-  return crypto.createHash("sha256").update(dirPath).digest("hex").slice(0, 16);
+  return crypto2.createHash("sha256").update(dirPath).digest("hex").slice(0, 16);
 }
 
 // src/utils/git-info.ts
@@ -3928,13 +3928,13 @@ var abusePack = {
 };
 
 // src/phase3/proof-trace-builder.ts
-import crypto2 from "crypto";
+import crypto3 from "crypto";
 import path3 from "path";
 import { SyntaxKind as SyntaxKind2 } from "ts-morph";
 var MAX_TRACE_DEPTH = 2;
 function generateRouteId(routePath, method, file) {
   const normalized = `${method}:${routePath}:${file}`.toLowerCase();
-  return crypto2.createHash("sha256").update(normalized).digest("hex").slice(0, 12);
+  return crypto3.createHash("sha256").update(normalized).digest("hex").slice(0, 12);
 }
 function filePathToRoutePath(filePath) {
   const normalized = filePath.replace(/\\/g, "/");
@@ -4296,7 +4296,7 @@ function buildAllProofTraces(ctx, routes) {
 }
 
 // src/phase3/intent-miner.ts
-import crypto3 from "crypto";
+import crypto4 from "crypto";
 import path4 from "path";
 import { SyntaxKind as SyntaxKind3 } from "ts-morph";
 var INTENT_PATTERNS = [
@@ -4331,7 +4331,7 @@ var SECURITY_IMPORTS = [
 ];
 function generateIntentId(type, file, line, evidence) {
   const normalized = `${type}:${file}:${line}:${evidence.slice(0, 50)}`.toLowerCase();
-  return crypto3.createHash("sha256").update(normalized).digest("hex").slice(0, 12);
+  return crypto4.createHash("sha256").update(normalized).digest("hex").slice(0, 12);
 }
 function mineIntentClaims(ctx, sourceFile, routes) {
   const claims = [];
@@ -4525,7 +4525,7 @@ function mineAllIntentClaims(ctx, routes) {
 }
 
 // src/phase3/scanners/comment-claim-unproven.ts
-import crypto4 from "crypto";
+import crypto5 from "crypto";
 var RULE_ID20 = "VC-HALL-010";
 async function scanCommentClaimUnproven(ctx) {
   const findings = [];
@@ -4655,15 +4655,15 @@ function generateRemediation2(claim) {
   }
 }
 function generateFindingId2(claim) {
-  return `f-${crypto4.randomUUID().slice(0, 8)}`;
+  return `f-${crypto5.randomUUID().slice(0, 8)}`;
 }
 function generateFingerprint2(claim) {
   const data = `${RULE_ID20}:${claim.location.file}:${claim.location.startLine}:${claim.type}`;
-  return `sha256:${crypto4.createHash("sha256").update(data).digest("hex")}`;
+  return `sha256:${crypto5.createHash("sha256").update(data).digest("hex")}`;
 }
 
 // src/phase3/scanners/middleware-assumed-not-matching.ts
-import crypto5 from "crypto";
+import crypto6 from "crypto";
 var RULE_ID21 = "VC-HALL-011";
 var MIDDLEWARE_EXPECTATION_SIGNALS = [
   // Comments
@@ -4799,15 +4799,15 @@ function generateRemediation3(route, currentMatchers) {
   return `Update the middleware matcher to include this route. Current matchers: ${JSON.stringify(currentMatchers)}. Consider adding "${suggestedPattern}" or add explicit auth in the handler.`;
 }
 function generateFindingId3(route) {
-  return `f-${crypto5.randomUUID().slice(0, 8)}`;
+  return `f-${crypto6.randomUUID().slice(0, 8)}`;
 }
 function generateFingerprint3(route) {
   const data = `${RULE_ID21}:${route.file}:${route.method}:${route.path}`;
-  return `sha256:${crypto5.createHash("sha256").update(data).digest("hex")}`;
+  return `sha256:${crypto6.createHash("sha256").update(data).digest("hex")}`;
 }
 
 // src/phase3/scanners/validation-claimed-missing.ts
-import crypto6 from "crypto";
+import crypto7 from "crypto";
 import path5 from "path";
 var RULE_ID22 = "VC-HALL-012";
 async function scanValidationClaimedMissing(ctx) {
@@ -4908,7 +4908,7 @@ function createFinding(route, claim, issueType, description, additionalEvidence)
     });
   }
   return {
-    id: `f-${crypto6.randomUUID().slice(0, 8)}`,
+    id: `f-${crypto7.randomUUID().slice(0, 8)}`,
     severity: "medium",
     confidence: 0.8,
     category: "hallucinations",
@@ -4961,7 +4961,7 @@ function checkUnusedValidationImports(ctx, routes, claims) {
       const fileRoutes = routes.filter((r) => r.file === claim.location.file);
       if (fileRoutes.length > 0) {
         findings.push({
-          id: `f-${crypto6.randomUUID().slice(0, 8)}`,
+          id: `f-${crypto7.randomUUID().slice(0, 8)}`,
           severity: "medium",
           confidence: 0.7,
           category: "hallucinations",
@@ -4980,7 +4980,7 @@ function checkUnusedValidationImports(ctx, routes, claims) {
           remediation: {
             recommendedFix: "Define validation schemas using the imported library, or remove the unused import."
           },
-          fingerprint: `sha256:${crypto6.createHash("sha256").update(`${RULE_ID22}:${claim.location.file}:import_unused`).digest("hex")}`
+          fingerprint: `sha256:${crypto7.createHash("sha256").update(`${RULE_ID22}:${claim.location.file}:import_unused`).digest("hex")}`
         });
       }
     }
@@ -4989,11 +4989,11 @@ function checkUnusedValidationImports(ctx, routes, claims) {
 }
 function generateFingerprint4(route, issueType) {
   const data = `${RULE_ID22}:${route.file}:${route.method}:${issueType}`;
-  return `sha256:${crypto6.createHash("sha256").update(data).digest("hex")}`;
+  return `sha256:${crypto7.createHash("sha256").update(data).digest("hex")}`;
 }
 
 // src/phase3/scanners/auth-by-ui-server-gap.ts
-import crypto7 from "crypto";
+import crypto8 from "crypto";
 import path6 from "path";
 var RULE_ID23 = "VC-AUTH-010";
 var CLIENT_AUTH_PATTERNS = [
@@ -5049,7 +5049,7 @@ async function scanAuthByUiServerGap(ctx) {
       if (matchingUnprotected) {
         const clientAuthLocation = findClientAuthLocation(sourceFile, fullText);
         findings.push({
-          id: `f-${crypto7.randomUUID().slice(0, 8)}`,
+          id: `f-${crypto8.randomUUID().slice(0, 8)}`,
           severity: "critical",
           confidence: 0.85,
           category: "auth",
@@ -5185,7 +5185,7 @@ Client-side auth checks are for UX only and must never be the sole protection me
 }
 function generateFingerprint5(componentFile, route) {
   const data = `${RULE_ID23}:${componentFile}:${route.file}:${route.method}`;
-  return `sha256:${crypto7.createHash("sha256").update(data).digest("hex")}`;
+  return `sha256:${crypto8.createHash("sha256").update(data).digest("hex")}`;
 }
 
 // src/phase3/scanners/index.ts
@@ -7899,6 +7899,1093 @@ Examples:
   });
 }
 
+// src/commands/view.ts
+import { existsSync as existsSync3 } from "fs";
+import { resolve as resolve2, join as join3 } from "path";
+
+// src/utils/static-server.ts
+import { createServer } from "http";
+import { existsSync, readFileSync as readFileSync2, statSync } from "fs";
+import { join, extname } from "path";
+var MIME_TYPES = {
+  ".html": "text/html; charset=utf-8",
+  ".js": "application/javascript; charset=utf-8",
+  ".mjs": "application/javascript; charset=utf-8",
+  ".css": "text/css; charset=utf-8",
+  ".json": "application/json; charset=utf-8",
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".svg": "image/svg+xml",
+  ".ico": "image/x-icon",
+  ".woff": "font/woff",
+  ".woff2": "font/woff2",
+  ".ttf": "font/ttf",
+  ".eot": "application/vnd.ms-fontobject",
+  ".txt": "text/plain; charset=utf-8",
+  ".xml": "application/xml",
+  ".webp": "image/webp",
+  ".webm": "video/webm",
+  ".mp4": "video/mp4",
+  ".map": "application/json"
+};
+function getMimeType(filePath) {
+  const ext = extname(filePath).toLowerCase();
+  return MIME_TYPES[ext] || "application/octet-stream";
+}
+function resolveFilePath(staticDir, urlPath) {
+  let decodedPath;
+  try {
+    decodedPath = decodeURIComponent(urlPath);
+  } catch {
+    return null;
+  }
+  const queryIndex = decodedPath.indexOf("?");
+  if (queryIndex !== -1) {
+    decodedPath = decodedPath.substring(0, queryIndex);
+  }
+  let filePath = join(staticDir, decodedPath === "/" ? "index.html" : decodedPath);
+  const normalizedPath = join(filePath);
+  if (!normalizedPath.startsWith(staticDir)) {
+    return null;
+  }
+  if (existsSync(filePath)) {
+    const stat = statSync(filePath);
+    if (stat.isDirectory()) {
+      filePath = join(filePath, "index.html");
+      if (!existsSync(filePath)) {
+        return null;
+      }
+    }
+    return filePath;
+  }
+  if (existsSync(filePath + ".html")) {
+    return filePath + ".html";
+  }
+  const indexPath = join(staticDir, "index.html");
+  if (existsSync(indexPath)) {
+    return indexPath;
+  }
+  return null;
+}
+function handleRequest(staticDir, req, res) {
+  const urlPath = req.url || "/";
+  const filePath = resolveFilePath(staticDir, urlPath);
+  if (!filePath) {
+    res.writeHead(404, { "Content-Type": "text/plain" });
+    res.end("Not Found");
+    return;
+  }
+  try {
+    const content = readFileSync2(filePath);
+    const contentType = getMimeType(filePath);
+    res.writeHead(200, {
+      "Content-Type": contentType,
+      "Content-Length": content.length,
+      "Cache-Control": "no-cache",
+      "X-Content-Type-Options": "nosniff"
+    });
+    res.end(content);
+  } catch (err) {
+    res.writeHead(500, { "Content-Type": "text/plain" });
+    res.end("Internal Server Error");
+  }
+}
+async function startStaticServer(options) {
+  const { staticDir, port, host = "127.0.0.1", artifactPath } = options;
+  return new Promise((resolve3, reject) => {
+    const server = createServer((req, res) => {
+      const urlPath = req.url || "/";
+      if (urlPath === "/__vibecheck__/artifact" || urlPath === "/__vibecheck__/artifact.json") {
+        if (artifactPath && existsSync(artifactPath)) {
+          try {
+            const content = readFileSync2(artifactPath);
+            res.writeHead(200, {
+              "Content-Type": "application/json",
+              "Content-Length": content.length,
+              "Cache-Control": "no-cache",
+              "Access-Control-Allow-Origin": "*"
+            });
+            res.end(content);
+            return;
+          } catch {
+            res.writeHead(500, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: "Failed to read artifact" }));
+            return;
+          }
+        } else {
+          res.writeHead(404, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "No artifact available" }));
+          return;
+        }
+      }
+      if (req.method === "OPTIONS" && urlPath.startsWith("/__vibecheck__/")) {
+        res.writeHead(204, {
+          "Access-Control-Allow-Origin": "*",
+          "Access-Control-Allow-Methods": "GET, OPTIONS",
+          "Access-Control-Allow-Headers": "Content-Type"
+        });
+        res.end();
+        return;
+      }
+      handleRequest(staticDir, req, res);
+    });
+    server.on("error", (err) => {
+      if (err.code === "EADDRINUSE") {
+        reject(new Error(`Port ${port} is already in use`));
+      } else {
+        reject(err);
+      }
+    });
+    server.listen(port, host, () => {
+      const url = `http://${host}:${port}`;
+      resolve3({
+        server,
+        url,
+        stop: () => new Promise((res) => {
+          server.close(() => res());
+        })
+      });
+    });
+  });
+}
+async function findAvailablePort(startPort, maxAttempts = 10) {
+  for (let i = 0; i < maxAttempts; i++) {
+    const port = startPort + i;
+    const available = await isPortAvailable(port);
+    if (available) {
+      return port;
+    }
+  }
+  throw new Error(
+    `Could not find available port in range ${startPort}-${startPort + maxAttempts - 1}`
+  );
+}
+function isPortAvailable(port) {
+  return new Promise((resolve3) => {
+    const server = createServer();
+    server.once("error", (err) => {
+      if (err.code === "EADDRINUSE") {
+        resolve3(false);
+      } else {
+        resolve3(false);
+      }
+    });
+    server.once("listening", () => {
+      server.close(() => resolve3(true));
+    });
+    server.listen(port, "127.0.0.1");
+  });
+}
+
+// src/utils/viewer-cache.ts
+import { existsSync as existsSync2, mkdirSync, writeFileSync as writeFileSync3, readFileSync as readFileSync3, rmSync } from "fs";
+import { join as join2 } from "path";
+import { homedir } from "os";
+import { execSync as execSync2 } from "child_process";
+import { extract } from "tar";
+var CACHE_DIR = join2(homedir(), ".vibecheck");
+var VIEWER_DIR = join2(CACHE_DIR, "viewer");
+var VIEWER_DIST_DIR = join2(VIEWER_DIR, "dist");
+var VERSION_FILE = join2(VIEWER_DIR, ".version");
+var VIEWER_PACKAGE = "@quantracode/vibecheck-viewer";
+function getInstalledVersion() {
+  if (!existsSync2(VERSION_FILE)) {
+    return null;
+  }
+  try {
+    return readFileSync3(VERSION_FILE, "utf-8").trim();
+  } catch {
+    return null;
+  }
+}
+function setInstalledVersion(version) {
+  writeFileSync3(VERSION_FILE, version, "utf-8");
+}
+async function getLatestVersion() {
+  try {
+    const result = execSync2(`npm view ${VIEWER_PACKAGE} version`, {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"]
+    });
+    return result.trim();
+  } catch {
+    throw new Error(
+      `Failed to fetch latest version of ${VIEWER_PACKAGE}. Check your network connection.`
+    );
+  }
+}
+async function downloadPackage(version) {
+  const tarballUrl = execSync2(
+    `npm view ${VIEWER_PACKAGE}@${version} dist.tarball`,
+    {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"]
+    }
+  ).trim();
+  if (existsSync2(VIEWER_DIR)) {
+    rmSync(VIEWER_DIR, { recursive: true, force: true });
+  }
+  mkdirSync(VIEWER_DIR, { recursive: true });
+  const response = await fetch(tarballUrl);
+  if (!response.ok) {
+    throw new Error(`Failed to download viewer: ${response.statusText}`);
+  }
+  const tarPath = join2(CACHE_DIR, "viewer.tgz");
+  const buffer = Buffer.from(await response.arrayBuffer());
+  writeFileSync3(tarPath, buffer);
+  await extract({
+    file: tarPath,
+    cwd: VIEWER_DIR,
+    strip: 1
+    // Remove the 'package' directory prefix
+  });
+  rmSync(tarPath, { force: true });
+}
+async function ensureViewer(forceUpdate = false) {
+  mkdirSync(CACHE_DIR, { recursive: true });
+  const installedVersion = getInstalledVersion();
+  let latestVersion;
+  try {
+    latestVersion = await getLatestVersion();
+  } catch (error) {
+    if (installedVersion && existsSync2(join2(VIEWER_DIST_DIR, "index.html"))) {
+      return {
+        path: VIEWER_DIST_DIR,
+        version: installedVersion
+      };
+    }
+    throw error;
+  }
+  const needsUpdate = forceUpdate || !installedVersion || installedVersion !== latestVersion || !existsSync2(join2(VIEWER_DIST_DIR, "index.html"));
+  if (needsUpdate) {
+    console.log(
+      installedVersion ? `Updating viewer from ${installedVersion} to ${latestVersion}...` : `Installing viewer v${latestVersion}...`
+    );
+    await downloadPackage(latestVersion);
+    setInstalledVersion(latestVersion);
+    console.log("Viewer installed successfully.\n");
+  }
+  return {
+    path: VIEWER_DIST_DIR,
+    version: latestVersion
+  };
+}
+function clearViewerCache() {
+  if (existsSync2(VIEWER_DIR)) {
+    rmSync(VIEWER_DIR, { recursive: true, force: true });
+    console.log("Viewer cache cleared.");
+  } else {
+    console.log("No viewer cache to clear.");
+  }
+}
+
+// src/utils/open-browser.ts
+import { spawn } from "child_process";
+function openBrowser(url) {
+  const platform = process.platform;
+  let command;
+  let args;
+  switch (platform) {
+    case "win32":
+      command = "cmd";
+      args = ["/c", "start", "", url.replace(/&/g, "^&")];
+      break;
+    case "darwin":
+      command = "open";
+      args = [url];
+      break;
+    default:
+      command = "xdg-open";
+      args = [url];
+      break;
+  }
+  try {
+    const child = spawn(command, args, {
+      detached: true,
+      stdio: "ignore",
+      shell: platform === "win32"
+    });
+    child.unref();
+  } catch {
+    console.log(`Could not automatically open browser.`);
+    console.log(`Please open ${url} manually.`);
+  }
+}
+
+// src/commands/view.ts
+var DEFAULT_PORT = 3e3;
+function printBanner(url, hasArtifact) {
+  const width = 76;
+  console.log(`
+\x1B[36m  \u256D${"\u2500".repeat(width)}\u256E\x1B[0m`);
+  console.log(
+    `\x1B[36m  \u2502\x1B[0m  \x1B[1mVIBECHECK VIEWER\x1B[0m${" ".repeat(width - 19)}\x1B[36m\u2502\x1B[0m`
+  );
+  console.log(`\x1B[36m  \u2570${"\u2500".repeat(width)}\u256F\x1B[0m
+`);
+  console.log(`  \x1B[32m\u25CF\x1B[0m Server running at: \x1B[1m\x1B[36m${url}\x1B[0m
+`);
+  if (hasArtifact) {
+    console.log(`  \x1B[32m\u25CF\x1B[0m Scan artifact will be loaded automatically.
+`);
+  } else {
+    console.log(`  \x1B[90mDrag and drop a scan artifact (JSON) onto the page to view results.\x1B[0m`);
+    console.log(`  \x1B[90mOr run: vibecheck scan --out artifact.json\x1B[0m
+`);
+  }
+  console.log(`  \x1B[90mPress Ctrl+C to stop the server.\x1B[0m
+`);
+}
+async function runViewCommand(options) {
+  if (options.clearCache) {
+    clearViewerCache();
+    return;
+  }
+  const requestedPort = parseInt(options.port, 10);
+  if (isNaN(requestedPort) || requestedPort < 1 || requestedPort > 65535) {
+    console.error(`\x1B[31mError: Invalid port number: ${options.port}\x1B[0m`);
+    console.error("Port must be a number between 1 and 65535.");
+    process.exit(1);
+  }
+  const portAvailable = await isPortAvailable(requestedPort);
+  let port = requestedPort;
+  if (!portAvailable) {
+    console.log(`\x1B[33mPort ${requestedPort} is already in use.\x1B[0m`);
+    try {
+      port = await findAvailablePort(requestedPort + 1);
+      console.log(`Using port ${port} instead.
+`);
+    } catch (error) {
+      console.error(
+        `\x1B[31mError: Could not find an available port.\x1B[0m`
+      );
+      console.error(`
+Try specifying a different port:`);
+      console.error(`  vibecheck view --port 8080
+`);
+      console.error(`Or stop the process using port ${requestedPort}:`);
+      if (process.platform === "win32") {
+        console.error(`  netstat -ano | findstr :${requestedPort}`);
+        console.error(`  taskkill /PID <pid> /F`);
+      } else {
+        console.error(`  lsof -i :${requestedPort}`);
+        console.error(`  kill <pid>`);
+      }
+      process.exit(1);
+    }
+  }
+  let viewerInfo;
+  try {
+    viewerInfo = await ensureViewer(options.update);
+  } catch (error) {
+    console.error(`\x1B[31mError: Failed to install viewer.\x1B[0m`);
+    if (error instanceof Error) {
+      console.error(error.message);
+    }
+    console.error(`
+Check your network connection and try again.`);
+    console.error(`You may also try: vibecheck view --clear-cache
+`);
+    process.exit(1);
+  }
+  if (!existsSync3(join3(viewerInfo.path, "index.html"))) {
+    console.error(`\x1B[31mError: Viewer files not found.\x1B[0m`);
+    console.error(`Try reinstalling: vibecheck view --update
+`);
+    process.exit(1);
+  }
+  let artifactPath;
+  if (options.artifact) {
+    artifactPath = resolve2(options.artifact);
+    if (!existsSync3(artifactPath)) {
+      console.log(
+        `\x1B[33mWarning: Artifact file not found: ${options.artifact}\x1B[0m
+`
+      );
+      artifactPath = void 0;
+    }
+  } else {
+    const commonPaths = [
+      "vibecheck-artifacts/artifact.json",
+      "vibecheck-artifact.json",
+      ".vibecheck/artifact.json",
+      "scan-results.json"
+    ];
+    for (const p of commonPaths) {
+      const fullPath = resolve2(p);
+      if (existsSync3(fullPath)) {
+        artifactPath = fullPath;
+        console.log(`\x1B[90mAuto-detected artifact: ${p}\x1B[0m`);
+        break;
+      }
+    }
+  }
+  let serverResult;
+  try {
+    serverResult = await startStaticServer({
+      staticDir: viewerInfo.path,
+      port,
+      artifactPath
+    });
+  } catch (error) {
+    console.error(`\x1B[31mError: Failed to start server.\x1B[0m`);
+    if (error instanceof Error) {
+      console.error(error.message);
+    }
+    process.exit(1);
+  }
+  const url = serverResult.url;
+  printBanner(url, !!artifactPath);
+  if (options.open) {
+    setTimeout(() => {
+      openBrowser(url);
+    }, 300);
+  }
+  const shutdown = async () => {
+    console.log("\n\x1B[90mShutting down viewer...\x1B[0m");
+    await serverResult.stop();
+    process.exit(0);
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+  await new Promise(() => {
+  });
+}
+function registerViewCommand(program2) {
+  program2.command("view").description("Start the VibeCheck web viewer to explore scan results").option(
+    "-p, --port <port>",
+    "Port to run the viewer on",
+    String(DEFAULT_PORT)
+  ).option("--no-open", "Don't automatically open the browser").option("--update", "Force update the viewer to latest version").option("--clear-cache", "Clear the cached viewer and exit").option(
+    "-a, --artifact <path>",
+    "Path to artifact file to open (optional)"
+  ).addHelpText(
+    "after",
+    `
+Examples:
+  $ vibecheck view                        Start viewer on default port (3000)
+  $ vibecheck view --port 8080            Start viewer on port 8080
+  $ vibecheck view --no-open              Start without opening browser
+  $ vibecheck view --update               Update viewer to latest version
+  $ vibecheck view --clear-cache          Clear cached viewer files
+
+Workflow:
+  1. Run a scan:    vibecheck scan --out scan.json
+  2. Start viewer:  vibecheck view
+  3. Drop scan.json onto the page to view results
+`
+  ).action(runViewCommand);
+}
+
+// src/commands/license.ts
+import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, existsSync as existsSync4, mkdirSync as mkdirSync2, unlinkSync } from "fs";
+import { homedir as homedir2 } from "os";
+import { join as join4 } from "path";
+import chalk from "chalk";
+import readline from "readline";
+
+// ../license/dist/types.js
+var PLAN_FEATURES = {
+  free: [],
+  pro: [
+    "baseline",
+    "policy_customization",
+    "abuse_classification",
+    "architecture_maps",
+    "signed_export"
+  ],
+  enterprise: [
+    "baseline",
+    "policy_customization",
+    "abuse_classification",
+    "architecture_maps",
+    "signed_export",
+    "sso",
+    "audit_logs",
+    "custom_rules"
+  ]
+};
+var PLAN_NAMES = {
+  free: "Free",
+  pro: "Pro",
+  enterprise: "Enterprise"
+};
+function isDemoLicense(licenseId) {
+  return licenseId.startsWith("demo-") || licenseId.startsWith("trial-");
+}
+
+// ../license/dist/constants.js
+var VIBECHECK_PUBLIC_KEY_B64 = "MCowBQYDK2VwAyEAN2JawZEm3mmUmYXAg+uPjh9XSLMmfwdg2Hrq3W8ueoU=";
+function isDemoModeAllowed() {
+  if (typeof window !== "undefined") {
+    return window.location.hostname === "localhost" || window.location.hostname === "127.0.0.1";
+  }
+  if (typeof process !== "undefined") {
+    return process.env.NODE_ENV === "development" || process.env.NODE_ENV === "test" || process.env.VIBECHECK_ALLOW_DEMO === "true";
+  }
+  return false;
+}
+
+// ../license/dist/verify.js
+async function importPublicKey(keyB64) {
+  const keyData = Uint8Array.from(atob(keyB64), (c) => c.charCodeAt(0));
+  return crypto.subtle.importKey("spki", keyData, { name: "Ed25519" }, false, ["verify"]);
+}
+async function verifySignature(payload, signatureB64, publicKey) {
+  try {
+    const signature = Uint8Array.from(atob(signatureB64), (c) => c.charCodeAt(0));
+    const data = new TextEncoder().encode(payload);
+    return crypto.subtle.verify({ name: "Ed25519" }, publicKey, signature, data);
+  } catch {
+    return false;
+  }
+}
+function parseLicenseKey(licenseKey) {
+  try {
+    const parts = licenseKey.trim().split(".");
+    if (parts.length !== 2)
+      return null;
+    const [payloadB64, signature] = parts;
+    const payloadJson = atob(payloadB64);
+    const payload = JSON.parse(payloadJson);
+    if (!payload.id || !payload.plan || !payload.email || !payload.issuedAt) {
+      return null;
+    }
+    return { payload, signature };
+  } catch {
+    return null;
+  }
+}
+async function validateLicense(licenseKey, options = {}) {
+  const license = parseLicenseKey(licenseKey);
+  if (!license) {
+    return { valid: false, license: null, error: "Invalid license format" };
+  }
+  const isDemo = isDemoLicense(license.payload.id);
+  if (isDemo && !isDemoModeAllowed()) {
+    return {
+      valid: false,
+      license: null,
+      error: "Demo licenses are not valid in production",
+      isDemo: true
+    };
+  }
+  if (license.payload.expiresAt) {
+    const expiryDate = new Date(license.payload.expiresAt);
+    if (expiryDate < /* @__PURE__ */ new Date()) {
+      return {
+        valid: false,
+        license,
+        error: "License has expired",
+        isDemo
+      };
+    }
+  }
+  if (isDemo) {
+    console.info("[License] Demo license detected - valid in development mode");
+    return { valid: true, license, error: void 0, isDemo: true };
+  }
+  if (options.skipSignature) {
+    return { valid: true, license, error: void 0, isDemo: false };
+  }
+  try {
+    const publicKeyB64 = options.publicKey ?? VIBECHECK_PUBLIC_KEY_B64;
+    const publicKey = await importPublicKey(publicKeyB64);
+    const payloadB64 = licenseKey.split(".")[0];
+    const isValid = await verifySignature(atob(payloadB64), license.signature, publicKey);
+    if (!isValid) {
+      return {
+        valid: false,
+        license: null,
+        error: "Invalid license signature",
+        isDemo: false
+      };
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Unknown cryptographic error";
+    return {
+      valid: false,
+      license: null,
+      error: `License verification failed: ${message}`,
+      isDemo: false
+    };
+  }
+  return { valid: true, license, error: void 0, isDemo: false };
+}
+function getDaysRemaining(license) {
+  if (!license.payload.expiresAt)
+    return null;
+  const expiryDate = new Date(license.payload.expiresAt);
+  const now = /* @__PURE__ */ new Date();
+  const diff = expiryDate.getTime() - now.getTime();
+  return Math.ceil(diff / (1e3 * 60 * 60 * 24));
+}
+
+// ../license/dist/issue.js
+import { createPrivateKey, createPublicKey, sign, generateKeyPairSync } from "crypto";
+import { randomUUID } from "crypto";
+function generateKeyPair() {
+  const { publicKey, privateKey } = generateKeyPairSync("ed25519", {
+    publicKeyEncoding: { type: "spki", format: "der" },
+    privateKeyEncoding: { type: "pkcs8", format: "der" }
+  });
+  return {
+    publicKey: Buffer.from(publicKey).toString("base64"),
+    privateKey: Buffer.from(privateKey).toString("base64")
+  };
+}
+function signPayload(payloadJson, privateKeyB64) {
+  const privateKeyDer = Buffer.from(privateKeyB64, "base64");
+  const privateKey = createPrivateKey({
+    key: privateKeyDer,
+    format: "der",
+    type: "pkcs8"
+  });
+  const signature = sign(null, Buffer.from(payloadJson), privateKey);
+  return signature.toString("base64");
+}
+function createLicense(options, privateKeyB64) {
+  const now = /* @__PURE__ */ new Date();
+  const planFeatures = PLAN_FEATURES[options.plan] ?? [];
+  const additionalFeatures = options.features ?? [];
+  const allFeatures = [.../* @__PURE__ */ new Set([...planFeatures, ...additionalFeatures])];
+  const payload = {
+    id: options.id ?? randomUUID(),
+    plan: options.plan,
+    name: options.name,
+    email: options.email,
+    issuedAt: now.toISOString(),
+    expiresAt: options.expiresAt?.toISOString() ?? null,
+    features: allFeatures,
+    ...options.seats && { seats: options.seats }
+  };
+  const payloadJson = JSON.stringify(payload);
+  const payloadB64 = Buffer.from(payloadJson).toString("base64");
+  const signature = signPayload(payloadJson, privateKeyB64);
+  return `${payloadB64}.${signature}`;
+}
+function createDemoLicense(plan = "pro", daysValid = 30) {
+  const now = /* @__PURE__ */ new Date();
+  const expiresAt = new Date(now.getTime() + daysValid * 24 * 60 * 60 * 1e3);
+  const payload = {
+    id: `demo-${Date.now()}`,
+    plan,
+    name: "Demo User",
+    email: "demo@vibecheck.dev",
+    issuedAt: now.toISOString(),
+    expiresAt: expiresAt.toISOString(),
+    features: PLAN_FEATURES[plan] ?? []
+  };
+  const payloadJson = JSON.stringify(payload);
+  const payloadB64 = Buffer.from(payloadJson).toString("base64");
+  const demoSignature = Buffer.from(`demo-signature-${payload.id}`).toString("base64");
+  return `${payloadB64}.${demoSignature}`;
+}
+function derivePublicKey(privateKeyB64) {
+  const privateKeyDer = Buffer.from(privateKeyB64, "base64");
+  const privateKey = createPrivateKey({
+    key: privateKeyDer,
+    format: "der",
+    type: "pkcs8"
+  });
+  const publicKey = createPublicKey(privateKey);
+  const publicKeyDer = publicKey.export({ type: "spki", format: "der" });
+  return Buffer.from(publicKeyDer).toString("base64");
+}
+function inspectLicense(licenseKey) {
+  try {
+    const parts = licenseKey.trim().split(".");
+    if (parts.length !== 2)
+      return null;
+    const [payloadB64, signature] = parts;
+    const payloadJson = Buffer.from(payloadB64, "base64").toString("utf-8");
+    const payload = JSON.parse(payloadJson);
+    return { payload, signature };
+  } catch {
+    return null;
+  }
+}
+
+// src/commands/license.ts
+var CONFIG_DIR = join4(homedir2(), ".vibecheck");
+var LICENSE_FILE = join4(CONFIG_DIR, "license.key");
+function ensureConfigDir() {
+  if (!existsSync4(CONFIG_DIR)) {
+    mkdirSync2(CONFIG_DIR, { recursive: true });
+  }
+}
+function getStoredLicenseKey() {
+  try {
+    if (existsSync4(LICENSE_FILE)) {
+      return readFileSync4(LICENSE_FILE, "utf-8").trim();
+    }
+  } catch {
+  }
+  return null;
+}
+function storeLicenseKey(licenseKey) {
+  ensureConfigDir();
+  writeFileSync4(LICENSE_FILE, licenseKey, "utf-8");
+}
+function clearLicenseKey() {
+  try {
+    if (existsSync4(LICENSE_FILE)) {
+      unlinkSync(LICENSE_FILE);
+      return true;
+    }
+  } catch {
+  }
+  return false;
+}
+function promptInput(question) {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve3) => {
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve3(answer);
+    });
+  });
+}
+function registerLicenseCommand(program2) {
+  const license = program2.command("license").description("License management commands");
+  license.command("set").description("Activate a license key (validates locally, saves to config)").argument("[license-key]", "The license key (prompts if not provided)").action(async (licenseKey) => {
+    await setLicenseAction(licenseKey);
+  });
+  license.command("status").description("Show current license status").action(async () => {
+    await statusLicenseAction();
+  });
+  license.command("clear").description("Remove stored license").action(async () => {
+    await clearLicenseAction();
+  });
+  license.command("create").description("Create a new signed license").option("-e, --email <email>", "License holder email (optional)").option("-n, --name <name>", "License holder name (optional)").option("-p, --plan <plan>", "Plan type: pro", "pro").option("-k, --key <path>", "Path to private key file").option("--key-env <var>", "Environment variable containing private key", "VIBECHECK_PRIVATE_KEY").option("--expires <days>", "Days until expiry (0 for perpetual)", "90").option("--id <id>", "Custom license ID").option("--features <list>", "Comma-separated additional features").action(async (options) => {
+    await createLicenseAction(options);
+  });
+  license.command("demo").description("Generate a demo license for development/testing").option("-p, --plan <plan>", "Plan type: pro", "pro").option("-d, --days <days>", "Days until expiry", "30").action(async (options) => {
+    await createDemoAction(options);
+  });
+  license.command("verify").description("Verify a license key").argument("<license-key>", "The license key to verify").option("-k, --key <key>", "Public key to verify against (base64)").action(async (licenseKey, options) => {
+    await verifyLicenseAction(licenseKey, options);
+  });
+  license.command("inspect").description("Inspect a license key (without verification)").argument("<license-key>", "The license key to inspect").action(async (licenseKey) => {
+    await inspectLicenseAction(licenseKey);
+  });
+  license.command("keygen").description("Generate a new Ed25519 key pair for license signing").action(async () => {
+    await keygenAction();
+  });
+}
+async function setLicenseAction(licenseKey) {
+  console.log();
+  if (!licenseKey) {
+    licenseKey = await promptInput(chalk.cyan("Enter your license key: "));
+  }
+  licenseKey = licenseKey.trim();
+  if (!licenseKey) {
+    console.log(chalk.red("Error: No license key provided"));
+    process.exit(1);
+  }
+  console.log(chalk.gray("Validating license..."));
+  console.log();
+  try {
+    const result = await validateLicense(licenseKey);
+    if (result.valid && result.license) {
+      storeLicenseKey(licenseKey);
+      const { payload } = result.license;
+      const isDemo = isDemoLicense(payload.id);
+      const daysRemaining = getDaysRemaining(result.license);
+      if (isDemo) {
+        console.log(chalk.yellow.bold("\u26A0 Trial License Activated"));
+        console.log(chalk.gray("  This license is for development/testing only."));
+      } else {
+        console.log(chalk.green.bold("\u2713 License Activated"));
+      }
+      console.log();
+      console.log(chalk.gray("Details:"));
+      console.log(`  ${chalk.gray("Plan:")}     ${chalk.cyan(PLAN_NAMES[payload.plan])}`);
+      if (payload.name) {
+        console.log(`  ${chalk.gray("Name:")}     ${payload.name}`);
+      }
+      console.log(`  ${chalk.gray("Expires:")}  ${payload.expiresAt ?? chalk.green("Never")}`);
+      if (daysRemaining !== null) {
+        const daysColor = daysRemaining <= 14 ? chalk.yellow : chalk.gray;
+        console.log(`  ${chalk.gray("Remaining:")} ${daysColor(`${daysRemaining} days`)}`);
+      }
+      console.log(`  ${chalk.gray("Features:")} ${payload.features.join(", ") || "(none)"}`);
+      console.log();
+      console.log(chalk.gray(`License saved to: ${LICENSE_FILE}`));
+    } else {
+      console.log(chalk.red.bold("\u2717 Invalid License"));
+      console.log(chalk.red(`  ${result.error}`));
+      process.exit(1);
+    }
+  } catch (err) {
+    console.error(chalk.red("Error validating license:"), err instanceof Error ? err.message : err);
+    process.exit(1);
+  }
+  console.log();
+}
+async function statusLicenseAction() {
+  console.log();
+  const licenseKey = getStoredLicenseKey();
+  if (!licenseKey) {
+    console.log(chalk.gray("No license configured."));
+    console.log();
+    console.log(chalk.gray("Plan:") + " " + chalk.white("Free"));
+    console.log();
+    console.log(chalk.gray("To activate a license:"));
+    console.log(chalk.cyan("  vibecheck license set <license-key>"));
+    console.log();
+    console.log(chalk.gray("Get a license at:") + " " + chalk.blue("https://vibecheck.dev/pricing"));
+    console.log();
+    return;
+  }
+  try {
+    const result = await validateLicense(licenseKey);
+    if (result.valid && result.license) {
+      const { payload } = result.license;
+      const isDemo = isDemoLicense(payload.id);
+      const daysRemaining = getDaysRemaining(result.license);
+      if (isDemo) {
+        console.log(chalk.yellow.bold("Trial License"));
+        console.log(chalk.gray("(Development/testing only)"));
+      } else {
+        console.log(chalk.green.bold("License Active"));
+      }
+      console.log();
+      console.log(`${chalk.gray("Plan:")}       ${chalk.cyan(PLAN_NAMES[payload.plan])}`);
+      console.log(`${chalk.gray("ID:")}         ${payload.id}`);
+      if (payload.name) {
+        console.log(`${chalk.gray("Name:")}       ${payload.name}`);
+      }
+      console.log(`${chalk.gray("Issued:")}     ${payload.issuedAt}`);
+      console.log(`${chalk.gray("Expires:")}    ${payload.expiresAt ?? chalk.green("Never")}`);
+      if (daysRemaining !== null) {
+        if (daysRemaining <= 0) {
+          console.log(`${chalk.gray("Status:")}     ${chalk.red("Expired")}`);
+        } else if (daysRemaining <= 14) {
+          console.log(`${chalk.gray("Remaining:")}  ${chalk.yellow(`${daysRemaining} days`)} ${chalk.gray("(expiring soon)")}`);
+        } else {
+          console.log(`${chalk.gray("Remaining:")}  ${chalk.green(`${daysRemaining} days`)}`);
+        }
+      }
+      console.log(`${chalk.gray("Features:")}   ${payload.features.join(", ") || "(none)"}`);
+      console.log();
+      if (daysRemaining !== null && daysRemaining <= 14 && !isDemo) {
+        console.log(chalk.yellow("License expiring soon. Generate a new key from the Pro Portal:"));
+        console.log(chalk.blue("  https://vibecheck.dev/portal"));
+        console.log();
+      }
+    } else {
+      console.log(chalk.red.bold("Stored License Invalid"));
+      console.log(chalk.red(`  ${result.error}`));
+      console.log();
+      console.log(chalk.gray("Clear the invalid license with:"));
+      console.log(chalk.cyan("  vibecheck license clear"));
+      console.log();
+    }
+  } catch (err) {
+    console.error(chalk.red("Error checking license:"), err instanceof Error ? err.message : err);
+    process.exit(1);
+  }
+}
+async function clearLicenseAction() {
+  console.log();
+  const cleared = clearLicenseKey();
+  if (cleared) {
+    console.log(chalk.green("\u2713 License removed"));
+    console.log(chalk.gray(`  Deleted: ${LICENSE_FILE}`));
+  } else {
+    console.log(chalk.gray("No license to remove."));
+  }
+  console.log();
+}
+async function createLicenseAction(options) {
+  const plan = options.plan;
+  if (plan !== "pro") {
+    console.error(chalk.red("Error: Plan must be 'pro'"));
+    process.exit(1);
+  }
+  let privateKey;
+  if (options.key) {
+    if (!existsSync4(options.key)) {
+      console.error(chalk.red(`Error: Key file not found: ${options.key}`));
+      process.exit(1);
+    }
+    privateKey = readFileSync4(options.key, "utf-8").trim();
+  } else if (process.env[options.keyEnv]) {
+    privateKey = process.env[options.keyEnv];
+  }
+  if (!privateKey) {
+    console.error(chalk.red("Error: No private key provided"));
+    console.error(chalk.gray("  Use --key <path> or set VIBECHECK_PRIVATE_KEY environment variable"));
+    process.exit(1);
+  }
+  const expiresDays = parseInt(options.expires, 10);
+  const expiresAt = expiresDays > 0 ? new Date(Date.now() + expiresDays * 24 * 60 * 60 * 1e3) : null;
+  const features = options.features?.split(",").map((f) => f.trim());
+  try {
+    const licenseKey = createLicense(
+      {
+        id: options.id,
+        plan,
+        name: options.name,
+        email: options.email,
+        expiresAt,
+        features
+      },
+      privateKey
+    );
+    const license = inspectLicense(licenseKey);
+    console.log();
+    console.log(chalk.green.bold("\u2713 License created successfully"));
+    console.log();
+    if (license) {
+      console.log(chalk.gray("Details:"));
+      console.log(`  ${chalk.gray("ID:")}       ${license.payload.id}`);
+      console.log(`  ${chalk.gray("Plan:")}     ${chalk.cyan(license.payload.plan)}`);
+      if (license.payload.name) {
+        console.log(`  ${chalk.gray("Name:")}     ${license.payload.name}`);
+      }
+      if (license.payload.email) {
+        console.log(`  ${chalk.gray("Email:")}    ${license.payload.email}`);
+      }
+      console.log(`  ${chalk.gray("Issued:")}   ${license.payload.issuedAt}`);
+      console.log(`  ${chalk.gray("Expires:")}  ${license.payload.expiresAt ?? chalk.green("Never (perpetual)")}`);
+      console.log(`  ${chalk.gray("Features:")} ${license.payload.features.join(", ")}`);
+    }
+    console.log();
+    console.log(chalk.gray("License Key:"));
+    console.log(chalk.yellow(licenseKey));
+    console.log();
+  } catch (err) {
+    console.error(chalk.red("Error creating license:"), err instanceof Error ? err.message : err);
+    process.exit(1);
+  }
+}
+async function createDemoAction(options) {
+  const plan = options.plan;
+  if (plan !== "pro") {
+    console.error(chalk.red("Error: Plan must be 'pro'"));
+    process.exit(1);
+  }
+  const days = parseInt(options.days, 10);
+  const licenseKey = createDemoLicense(plan, days);
+  const license = inspectLicense(licenseKey);
+  console.log();
+  console.log(chalk.yellow.bold("\u26A0 Demo License Generated"));
+  console.log(chalk.gray("  This license is for development/testing only."));
+  console.log(chalk.gray("  It will not work in production environments."));
+  console.log();
+  if (license) {
+    console.log(chalk.gray("Details:"));
+    console.log(`  ${chalk.gray("ID:")}      ${license.payload.id}`);
+    console.log(`  ${chalk.gray("Plan:")}    ${chalk.cyan(license.payload.plan)}`);
+    console.log(`  ${chalk.gray("Expires:")} ${license.payload.expiresAt}`);
+  }
+  console.log();
+  console.log(chalk.gray("License Key:"));
+  console.log(chalk.yellow(licenseKey));
+  console.log();
+}
+async function verifyLicenseAction(licenseKey, options) {
+  console.log();
+  console.log(chalk.gray("Verifying license..."));
+  try {
+    const result = await validateLicense(licenseKey, {
+      publicKey: options.key
+    });
+    if (result.valid) {
+      console.log();
+      console.log(chalk.green.bold("\u2713 License is valid"));
+      if (result.isDemo) {
+        console.log(chalk.yellow("  (Demo license - valid in development only)"));
+      }
+      if (result.license) {
+        const { payload } = result.license;
+        console.log();
+        console.log(chalk.gray("Details:"));
+        console.log(`  ${chalk.gray("ID:")}       ${payload.id}`);
+        console.log(`  ${chalk.gray("Plan:")}     ${chalk.cyan(payload.plan)}`);
+        if (payload.name) {
+          console.log(`  ${chalk.gray("Name:")}     ${payload.name}`);
+        }
+        if (payload.email) {
+          console.log(`  ${chalk.gray("Email:")}    ${payload.email}`);
+        }
+        console.log(`  ${chalk.gray("Issued:")}   ${payload.issuedAt}`);
+        console.log(`  ${chalk.gray("Expires:")}  ${payload.expiresAt ?? chalk.green("Never")}`);
+        console.log(`  ${chalk.gray("Features:")} ${payload.features.join(", ") || "(none)"}`);
+      }
+    } else {
+      console.log();
+      console.log(chalk.red.bold("\u2717 License is invalid"));
+      console.log(chalk.red(`  ${result.error}`));
+      process.exit(1);
+    }
+  } catch (err) {
+    console.error(chalk.red("Error verifying license:"), err instanceof Error ? err.message : err);
+    process.exit(1);
+  }
+  console.log();
+}
+async function inspectLicenseAction(licenseKey) {
+  const license = inspectLicense(licenseKey);
+  if (!license) {
+    console.log();
+    console.log(chalk.red.bold("\u2717 Invalid license format"));
+    console.log(chalk.gray("  Could not parse the license key."));
+    process.exit(1);
+  }
+  console.log();
+  console.log(chalk.blue.bold("License Contents"));
+  console.log(chalk.gray("(Not verified - use 'vibecheck license verify' for verification)"));
+  console.log();
+  const { payload } = license;
+  console.log(`${chalk.gray("ID:")}         ${payload.id}`);
+  console.log(`${chalk.gray("Plan:")}       ${chalk.cyan(payload.plan)}`);
+  if (payload.name) {
+    console.log(`${chalk.gray("Name:")}       ${payload.name}`);
+  }
+  if (payload.email) {
+    console.log(`${chalk.gray("Email:")}      ${payload.email}`);
+  }
+  console.log(`${chalk.gray("Issued:")}     ${payload.issuedAt}`);
+  console.log(`${chalk.gray("Expires:")}    ${payload.expiresAt ?? chalk.green("Never (perpetual)")}`);
+  console.log(`${chalk.gray("Features:")}   ${payload.features.join(", ") || "(none)"}`);
+  console.log();
+  console.log(`${chalk.gray("Signature:")}  ${license.signature.slice(0, 20)}...`);
+  console.log();
+}
+async function keygenAction() {
+  console.log();
+  console.log(chalk.blue.bold("Generating Ed25519 Key Pair"));
+  console.log();
+  const { publicKey, privateKey } = generateKeyPair();
+  const derivedPublic = derivePublicKey(privateKey);
+  if (derivedPublic !== publicKey) {
+    console.error(chalk.red("Error: Key verification failed"));
+    process.exit(1);
+  }
+  console.log(chalk.green("\u2713 Keys generated and verified"));
+  console.log();
+  console.log(chalk.gray("PUBLIC KEY") + chalk.gray(" (safe to embed in code):"));
+  console.log(chalk.cyan(publicKey));
+  console.log();
+  console.log(chalk.gray("PRIVATE KEY") + chalk.red.bold(" (\u26A0\uFE0F KEEP SECRET):"));
+  console.log(chalk.yellow(privateKey));
+  console.log();
+  console.log(chalk.gray("\u2500".repeat(60)));
+  console.log(chalk.gray("Next steps:"));
+  console.log(chalk.gray("1. Save the private key securely (password manager, HSM)"));
+  console.log(chalk.gray("2. Update VIBECHECK_PUBLIC_KEY_B64 in packages/license/src/constants.ts"));
+  console.log(chalk.gray("3. NEVER commit the private key to version control"));
+  console.log();
+}
+
 // src/index.ts
 var program = new Command();
 program.name("vibecheck").description("Security scanner for modern web applications").version("0.0.1");
@@ -7908,4 +8995,6 @@ registerDemoArtifactCommand(program);
 registerIntentCommand(program);
 registerEvaluateCommand(program);
 registerWaiversCommand(program);
+registerViewCommand(program);
+registerLicenseCommand(program);
 program.parse();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@quantracode/vibecheck",
-  "version": "0.0.2",
+  "version": "0.2.1",
   "description": "Security scanner for modern web applications",
   "type": "module",
   "main": "./dist/index.js",
@@ -55,15 +55,19 @@
     "prepublishOnly": "pnpm run build && pnpm run pack:check"
   },
   "dependencies": {
+    "chalk": "^5.4.1",
     "commander": "^12.1.0",
     "fast-glob": "^3.3.2",
     "micromatch": "^4.0.8",
+    "tar": "^7.5.2",
     "ts-morph": "^24.0.0",
     "zod": "^3.24.1"
   },
   "devDependencies": {
+    "@vibecheck/license": "workspace:*",
     "@types/micromatch": "^4.0.9",
     "@types/node": "^22.10.2",
+    "@types/tar": "^6.1.13",
     "@vibecheck/policy": "workspace:*",
     "@vibecheck/schema": "workspace:*",
     "tsup": "^8.5.1",