@runhalo/cli 0.3.0 → 0.4.1

package/dist/index.d.ts

@@ -3,7 +3,7 @@
  * Halo CLI - Child Safety Compliance Scanner
  * Usage: runhalo scan <path> [options]
  */
-import { HaloEngine, Violation, ScanResult, EngineConfig } from '@runhalo/engine';
+import { HaloEngine, Violation, ScanResult, EngineConfig, JSONRule } from '@runhalo/engine';
 type OutputFormat = 'json' | 'sarif' | 'text';
 interface CLIOptions {
     format: OutputFormat;
@@ -15,6 +15,13 @@ interface CLIOptions {
     verbose: boolean;
     ethicalPreview: boolean;
     report: string | boolean;
+    aiAudit: boolean;
+    sectorAuSbd: boolean;
+    sectorAuOsa: boolean;
+    pack: string[];
+    offline: boolean;
+    framework?: string;
+    astAnalysis?: boolean;
 }
 /**
  * Format violations as SARIF output
@@ -42,6 +49,11 @@ declare function generateHtmlReport(results: ScanResult[], scoreResult: any, fil
  * Escape HTML special characters
  */
 declare function escapeHtml(text: string): string;
+/**
+ * Generate a government-procurement-grade PDF compliance report.
+ * Uses PDFKit — pure JS, no browser dependencies, CI-safe.
+ */
+declare function generatePdfReport(results: ScanResult[], scoreResult: any, fileCount: number, projectPath: string, history?: ScanHistoryEntry[]): Promise<Buffer>;
 /**
  * Create a Halo engine instance
  */
@@ -58,17 +70,59 @@ declare const HALO_CONFIG_DIR: string;
 declare const HALO_CONFIG_PATH: string;
 declare const HALO_HISTORY_PATH: string;
 declare const MAX_HISTORY_ENTRIES = 100;
+declare const RULES_CACHE_PATH: string;
+interface RulesCache {
+    etag: string | null;
+    packs: string[];
+    rules: JSONRule[];
+    fetchedAt: string;
+}
+/**
+ * Fetch rules from the Supabase rules-fetch edge function.
+ * Returns raw JSON rules (not compiled) or null on failure.
+ */
+declare function fetchRulesFromAPI(packs: string[], verbose: boolean): Promise<{
+    rules: JSONRule[];
+    etag: string | null;
+} | null>;
+/**
+ * Read the local rules cache.
+ */
+declare function readRulesCache(): RulesCache | null;
+/**
+ * Write rules to the local cache.
+ */
+declare function writeRulesCache(etag: string | null, packs: string[], rules: JSONRule[]): void;
+/**
+ * Load bundled baseline rules from @runhalo/engine's rules.json.
+ */
+declare function loadBaselineRules(packs: string[]): JSONRule[] | null;
+/**
+ * Map CLI options to pack IDs.
+ * --pack takes precedence. Legacy flags (--ethical-preview, --ai-audit, --sector-au-sbd, --sector-au-osa) are mapped.
+ */
+declare function resolvePacks(options: CLIOptions): string[];
+/**
+ * Resolve rules with fallback chain:
+ *   API (fresh) → 304 cache hit → local cache (stale OK) → bundled baseline → null
+ */
+declare function resolveRules(packs: string[], offline: boolean, verbose: boolean): Promise<JSONRule[] | null>;
 interface HaloConfig {
     email?: string;
     prompted: boolean;
     promptedAt: string;
     consent: boolean;
+    license_key?: string;
+    tier?: 'free' | 'pro' | 'enterprise';
+    scans_today?: number;
+    scan_date?: string;
 }
 interface ScanHistoryEntry {
     scannedAt: string;
     score: number;
     grade: string;
     totalViolations: number;
+    suppressedCount: number;
     bySeverity: {
         critical: number;
         high: number;
@@ -83,6 +137,34 @@ declare function loadConfig(): HaloConfig | null;
 declare function saveConfig(config: HaloConfig): void;
 declare function loadHistory(): ScanHistoryEntry[];
 declare function saveHistory(entry: ScanHistoryEntry): void;
+declare const FREE_SCAN_LIMIT = 5;
+/**
+ * Validate a license key against Supabase validate-license edge function.
+ * Returns license info or null on failure.
+ */
+declare function validateLicenseKey(licenseKey: string): Promise<{
+    valid: boolean;
+    tier?: string;
+    email?: string;
+    status?: string;
+    expires_at?: string;
+    error?: string;
+} | null>;
+/**
+ * Activate a license key — validates via Supabase, stores in ~/.halo/config.json.
+ */
+declare function activateLicense(licenseKey: string): Promise<number>;
+/**
+ * Check scan limit for free-tier users.
+ * Returns true if scan is allowed, false if blocked.
+ * CI environments always bypass limits.
+ */
+declare function checkScanLimit(): boolean;
+/**
+ * Check if a Pro feature is available for the current user.
+ * Returns true if allowed, false with upsell message if blocked.
+ */
+declare function checkProFeature(featureName: string, flagName: string): boolean;
 /**
  * First-run email prompt — one-time, optional, non-blocking.
  * Auto-skips when: config exists, --no-prompt, !isTTY, CI env.
@@ -107,4 +189,12 @@ interface FixCLIOptions {
  * Flow: discover files → scan → filter auto-fixable → apply fixes → re-scan → write (or dry-run)
  */
 declare function fix(paths: string[], options: FixCLIOptions): Promise<number>;
-export { scan, fix, scanFile, scanDirectory, createEngine, formatSARIF, formatJSON, formatText, loadConfig, saveConfig, firstRunPrompt, loadHistory, saveHistory, formatTrend, generateHtmlReport, escapeHtml, HALO_CONFIG_DIR, HALO_CONFIG_PATH, HALO_HISTORY_PATH, MAX_HISTORY_ENTRIES };
+interface InitOptions {
+    ide: boolean;
+    force: boolean;
+}
+/**
+ * Init command — generate IDE rules files and project configuration.
+ */
+declare function init(projectPath: string, options: InitOptions): Promise<number>;
+export { scan, fix, init, scanFile, scanDirectory, createEngine, formatSARIF, formatJSON, formatText, loadConfig, saveConfig, firstRunPrompt, loadHistory, saveHistory, formatTrend, generateHtmlReport, generatePdfReport, escapeHtml, validateLicenseKey, activateLicense, checkScanLimit, checkProFeature, resolvePacks, resolveRules, fetchRulesFromAPI, readRulesCache, writeRulesCache, loadBaselineRules, FREE_SCAN_LIMIT, HALO_CONFIG_DIR, HALO_CONFIG_PATH, HALO_HISTORY_PATH, MAX_HISTORY_ENTRIES, RULES_CACHE_PATH };