@runhalo/cli 1.2.1 → 1.2.2

package/README.md

@@ -1,64 +1,130 @@
 # @runhalo/cli
 
-**Halo CLI** — scan your codebase for COPPA 2.0 privacy risks.
+**Halo CLI** — scan your codebase for children's privacy violations across 13 jurisdictions.
 
 [![npm](https://img.shields.io/npm/v/@runhalo/cli.svg)](https://www.npmjs.com/package/@runhalo/cli)
 [![License: Apache 2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)
 
-## What it does
+## What It Does
 
-One command scans your entire codebase for potential COPPA 2.0 violations and ethical design issues in children's apps. Powered by tree-sitter AST analysis with **20 COPPA rules** and **5 ethical design rules**.
+One command scans your entire codebase for COPPA, ASAA, AADC, and 14 more regulatory frameworks. **180 rules across 17 packs covering 13 jurisdictions.** Three-tier analysis: regex pre-filter → AST structural analysis → AI Review Board (Pro).
+
+**COPPA 2.0 enforcement begins April 22, 2026.** Penalties up to $53,088 per violation per day.
 
 ## Quickstart
 
 ```bash
-# Scan current directory
+# Scan current directory (free — 5 scans/day)
 npx @runhalo/cli scan .
 
 # Scan a specific directory
 npx @runhalo/cli scan ./src
 
+# AI Review Board (Pro — 3 agents verify every finding)
+npx @runhalo/cli scan . --review --license-key YOUR_KEY
+
 # JSON output for CI pipelines
 npx @runhalo/cli scan . --format json
 
 # SARIF output for GitHub Security tab
 npx @runhalo/cli scan . --format sarif --output results.sarif
 
+# PDF compliance report
+npx @runhalo/cli scan . --report
+
 # Filter by severity
 npx @runhalo/cli scan . --severity critical,high
+
+# Scan with specific regulatory pack
+npx @runhalo/cli scan . --pack coppa,asaa
 ```
 
 ## Example Output
 
 ```
-  Halo COPPA Risk Scanner v0.1.1
+🔍 Scanning 847 files (180 rules · 13 jurisdictions)...
 
-  Scanning... 142 files analyzed
+⚠  Found 12 issue(s) across 5 file(s) — 3 match active enforcement patterns
+
+📊 COPPA Compliance Score: 62/100 (D)
 
   src/auth/social-login.ts:24
     coppa-auth-001  Unverified social login detected     CRITICAL
+    │ Penalty: $53,088/violation/day (cf. FTC v. Epic Games, $275M)
+    │ Fix: Add age-gate before social authentication
 
   src/services/analytics.ts:89
     coppa-tracking-003  Third-party ad tracker found      HIGH
+    │ Risk: $1.2M (cf. FTC v. OpenX, $2M, 2021)
+
+  src/pages/signup.tsx:42
+    asaa-av-004  Only checks under-13, not 13-17          CRITICAL
+    │ ASAA requires age verification for ALL minors under 18
+
+💡 12 potential violations found — upgrade to Pro for AI-verified results.
+   ┌─────────────────────────────────────────────────────┐
+   │ What Pro gives you on this scan:                     │
+   │  • AI Review Board eliminates ~85% of false positives│
+   │  • Dollar risk exposure per violation ($K-$M)        │
+   │  • Comparable enforcement cases (FTC, ICO precedent) │
+   │  • Fix suggestions with code scaffolding             │
+   └─────────────────────────────────────────────────────┘
+```
 
-  src/components/Chat.tsx:15
-    coppa-ext-011  Unmoderated third-party chat           HIGH
+## Regulatory Coverage
+
+| Pack | Rules | Jurisdiction |
+|:-----|:-----:|:-------------|
+| COPPA 2.0 Core | 25 | US Federal |
+| ASAA (App Store Accountability Act) | 20 | US Multi-State |
+| UK Age Appropriate Design Code | 19 | United Kingdom |
+| California AADCA | 15 | US — California |
+| EU AI Act (Children) | 15 | European Union |
+| AU Online Safety Act | 12 | Australia |
+| EU DSA Article 28 | 10 | European Union |
+| AI-Generated Code Audit | 6 | International |
+| AU Safety by Design | 6 | Australia |
+| GDPR Article 8 | 5 | European Union |
+| Ethical Design | 5 | International |
+| India DPDP Act | 5 | India |
+| Utah SB 142 | 5 | US — Utah |
+| Behavioral Design | 4 | International |
+| Brazil LGPD | 4 | Brazil |
+| Canada PIPEDA | 4 | Canada |
+| South Korea PIPA | 3 | South Korea |
+
+## AI Review Board (Pro)
+
+Three AI agents verify every finding:
+
+- **Knox** (Regulatory) — "If a regulator would flag this, I flag this."
+- **Trace** (Code Context) — "I care about what the code actually DOES."
+- **Reese** (Red Team Defense) — "Every false positive is a broken promise."
+
+Only findings that survive all three agents reach you. 88% false positive dismiss rate.
+
+```bash
+# Activate your Pro license
+npx @runhalo/cli activate YOUR_LICENSE_KEY
 
-  3 potential issues found | 142 files scanned | 97 checks passing
+# Run with AI Review Board
+npx @runhalo/cli scan . --review
 ```
 
 ## Output Formats
 
 | Format | Flag | Use Case |
 |:-------|:-----|:---------|
-| Text | `--format text` (default) | Terminal output |
+| Text | `--format text` (default) | Terminal output with color |
 | JSON | `--format json` | CI pipelines, tooling |
 | SARIF | `--format sarif` | GitHub Security tab |
+| HTML | `--format html` | Shareable web report |
+| PDF | `--report` | Compliance documentation |
 
 ## GitHub Action
 
 ```yaml
-name: Halo COPPA Audit
+name: Halo Compliance Scan
 on:
   pull_request:
     paths: ['**.ts', '**.js', '**.tsx', '**.jsx', '**.py']
@@ -67,8 +133,8 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v5
         with:
           node-version: '20'
       - run: npx @runhalo/cli scan . --format sarif --output results.sarif
@@ -77,21 +143,43 @@ jobs:
           sarif_file: results.sarif
 ```
 
+## Pricing
+
+| Tier | Price | What You Get |
+|:-----|:------|:-------------|
+| **Free** | $0/forever | 5 scans/day, 25 COPPA rules, CLI + VS Code |
+| **Pro** | $29/month | Unlimited scans, all 180 rules, AI Review Board, PDF reports |
+| **Business** | $99/month | + Teams (5 seats), recurring scans, compliance attestation |
+| **Enterprise** | Custom | + Custom rules, unlimited repos, SLA support |
+
+[View pricing →](https://runhalo.dev/#pricing)
+
 ## Suppression
 
 Suppress individual findings with inline comments:
 
 ```typescript
-// halo-ignore coppa-auth-001
+// halo-ignore coppa-auth-001 — age gate handled by middleware
 const auth = signInWithPopup(provider);
 ```
 
 Or use a `.haloignore` file at your project root.
 
-## Full Documentation
+## Languages Supported
+
+TypeScript, JavaScript, TSX, JSX, Python, Swift, Go, Java, Kotlin, HTML
 
-See the [Halo monorepo](https://github.com/runhalo/halo) for the complete rule reference, VS Code extension, MCP server, and more.
+## Links
+
+- [Website](https://runhalo.dev)
+- [VS Code Extension](https://marketplace.visualstudio.com/items?itemName=runhalo.halo-vscode)
+- [GitHub](https://github.com/runhalo/halo)
+- [Report an Issue](https://github.com/runhalo/halo/issues)
 
 ## License
 
 Apache 2.0 — [Mindful Media](https://mindfulmedia.org)
+
+---
+
+*Halo is a developer tool that identifies potential compliance risks. It is not legal advice. Consult qualified legal counsel for your specific compliance obligations.*

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@runhalo/cli",
-  "version": "1.2.1",
-  "description": "Halo CLI — child online safety compliance scanner. 160 rules across 16 packs covering COPPA, UK AADC, EU DSA, EU AI Act, and more.",
+  "version": "1.2.2",
+  "description": "Halo CLI — child online safety compliance scanner. 180 rules across 17 packs, 13 jurisdictions. COPPA, ASAA, UK AADC, EU DSA, GDPR, and more. Three-agent AI Review Board.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "bin": {
@@ -21,15 +21,22 @@
   },
   "keywords": [
     "coppa",
+    "coppa-2",
     "privacy",
     "child-safety",
+    "children",
     "compliance",
     "aadc",
+    "asaa",
     "dsa",
+    "gdpr",
     "online-safety",
+    "age-verification",
     "cli",
     "scanner",
-    "linter"
+    "linter",
+    "regulatory",
+    "ai-review"
   ],
   "repository": {
     "type": "git",