@ship-safe/cli 1.0.2 → 1.1.0

package/dist/index.js

@@ -11,8 +11,9 @@ import { Command, InvalidArgumentError, Option } from "commander";
 // src/commands/scan.ts
 import { resolve as resolve2, join as join4 } from "path";
 import { existsSync as existsSync5, readFileSync as readFileSync5 } from "fs";
-import chalk4 from "chalk";
+import chalk5 from "chalk";
 import ora2 from "ora";
+import { select } from "@inquirer/prompts";
 import { parse as parseYaml } from "yaml";
 
 // ../../node_modules/.pnpm/zod@3.25.76/node_modules/zod/v3/external.js
@@ -6903,144 +6904,215 @@ function collectFiles(rootDir, options) {
 }
 
 // src/lib/output.ts
+import chalk2 from "chalk";
+
+// src/lib/banner.ts
 import chalk from "chalk";
-var SEVERITY_LABEL = {
-  critical: chalk.bgRed.white.bold(" CRITICAL "),
-  high: chalk.bgYellow.black.bold(" HIGH "),
-  medium: chalk.bgHex("#ca8a04").black.bold(" MEDIUM "),
-  low: chalk.bgBlue.white.bold(" LOW "),
-  info: chalk.bgGray.white(" INFO ")
+var SHIELD = chalk.hex("#FF6B2B");
+var DIM_ORANGE = chalk.hex("#FF8C42");
+var BRAND2 = chalk.hex("#FF6B2B").bold;
+function printBanner() {
+  console.log("");
+  console.log(
+    SHIELD("   \u256D\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256E")
+  );
+  console.log(
+    SHIELD("   \u2502") + chalk.bold.white("   \u{1F6E1}\uFE0F  ShipSafe Security Scanner       ") + SHIELD("\u2502")
+  );
+  console.log(
+    SHIELD("   \u2502") + chalk.dim("   Ship fast. Ship safe.                ") + SHIELD("\u2502")
+  );
+  console.log(
+    SHIELD("   \u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256F")
+  );
+  console.log("");
+}
+function printDivider(width = 50) {
+  console.log(chalk.dim("  " + "\u2500".repeat(width)));
+}
+function printError(text) {
+  console.log(chalk.red(`  \u2717 ${text}`));
+}
+function printInfo(text) {
+  console.log(chalk.dim(`  ${text}`));
+}
+function printScanSummaryBox(stats) {
+  const label = chalk.dim;
+  const value = chalk.white.bold;
+  console.log("");
+  printDivider();
+  console.log("");
+  console.log(
+    `  ${label("Files:")} ${value(String(stats.files))}  ${chalk.dim("\xB7")}  ${label("Lines:")} ${value(stats.lines.toLocaleString())}  ${chalk.dim("\xB7")}  ${label("Time:")} ${value(`${stats.duration}ms`)}`
+  );
+  console.log("");
+  if (stats.findings === 0) {
+    console.log(chalk.green.bold("  \u2713 No security issues found!"));
+  } else {
+    const parts = [];
+    if (stats.critical > 0) parts.push(chalk.red.bold(`${stats.critical} critical`));
+    if (stats.high > 0) parts.push(chalk.yellow.bold(`${stats.high} high`));
+    if (stats.medium > 0) parts.push(chalk.hex("#ca8a04").bold(`${stats.medium} medium`));
+    if (stats.low > 0) parts.push(chalk.blue(`${stats.low} low`));
+    console.log(
+      `  ${chalk.bold.white(`${stats.findings} issues found:`)}  ${parts.join(chalk.dim("  \xB7  "))}`
+    );
+  }
+  console.log("");
+  printDivider();
+}
+function printUpsellBox(criticalHigh) {
+  console.log("");
+  console.log(DIM_ORANGE("  \u256D\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256E"));
+  console.log(
+    DIM_ORANGE("  \u2502") + BRAND2("  \u{1F512} Unlock AI-Powered Deep Analysis              ") + DIM_ORANGE("\u2502")
+  );
+  console.log(DIM_ORANGE("  \u2502                                                 \u2502"));
+  if (criticalHigh > 0) {
+    console.log(
+      DIM_ORANGE("  \u2502  ") + chalk.white(`Found ${criticalHigh} critical/high issues. AI finds`) + " ".repeat(Math.max(0, 46 - `Found ${criticalHigh} critical/high issues. AI finds`.length)) + DIM_ORANGE("\u2502")
+    );
+    console.log(
+      DIM_ORANGE("  \u2502  ") + chalk.dim("auth logic flaws, business logic bugs & more.") + " ".repeat(3) + DIM_ORANGE("\u2502")
+    );
+  } else {
+    console.log(
+      DIM_ORANGE("  \u2502  ") + chalk.dim("Surface scan clean. AI finds auth logic,") + " ".repeat(8) + DIM_ORANGE("\u2502")
+    );
+    console.log(
+      DIM_ORANGE("  \u2502  ") + chalk.dim("RLS policies & business logic bugs.") + " ".repeat(13) + DIM_ORANGE("\u2502")
+    );
+  }
+  console.log(DIM_ORANGE("  \u2502                                                 \u2502"));
+  console.log(
+    DIM_ORANGE("  \u2502  ") + chalk.white("\u2192 Run ") + BRAND2("shipsafe login") + chalk.white(" to get started") + " ".repeat(13) + DIM_ORANGE("\u2502")
+  );
+  console.log(DIM_ORANGE("  \u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256F"));
+}
+
+// src/lib/output.ts
+var SEVERITY_BADGE = {
+  critical: chalk2.bgRed.white.bold(" CRITICAL "),
+  high: chalk2.bgYellow.black.bold("   HIGH   "),
+  medium: chalk2.bgHex("#ca8a04").black.bold("  MEDIUM  "),
+  low: chalk2.bgBlue.white.bold("   LOW    "),
+  info: chalk2.bgGray.white("   INFO   ")
 };
 var SEVERITY_COLOR = {
-  critical: chalk.red,
-  high: chalk.yellow,
-  medium: chalk.hex("#ca8a04"),
-  low: chalk.blue,
-  info: chalk.gray
+  critical: chalk2.red,
+  high: chalk2.yellow,
+  medium: chalk2.hex("#ca8a04"),
+  low: chalk2.blue,
+  info: chalk2.gray
 };
-function formatFinding(finding, index) {
+function formatFinding(finding) {
   const lines = [];
   const color = SEVERITY_COLOR[finding.severity];
   lines.push(
-    `
-${SEVERITY_LABEL[finding.severity]} ${chalk.bold(finding.title)}`
+    `${SEVERITY_BADGE[finding.severity]}  ${chalk2.bold.white(finding.title)}`
   );
   lines.push(
-    chalk.gray(`  ${finding.file}:${finding.line}`) + (finding.cwe ? chalk.gray(` (${finding.cwe})`) : "")
+    chalk2.dim("  \u{1F4C4} ") + chalk2.cyan(finding.file) + chalk2.dim(`:${finding.line}`) + (finding.cwe ? chalk2.dim(` \xB7 ${finding.cwe}`) : "")
   );
-  lines.push(`  ${finding.description}`);
+  lines.push(`  ${chalk2.dim(finding.description)}`);
   if (finding.snippet) {
     lines.push("");
-    for (const snippetLine of finding.snippet.split("\n")) {
+    const snippetLines = finding.snippet.split("\n");
+    for (const snippetLine of snippetLines) {
       if (snippetLine.startsWith(">")) {
-        lines.push(`  ${color(snippetLine)}`);
+        lines.push(`  ${color.bold(snippetLine)}`);
       } else {
-        lines.push(`  ${chalk.gray(snippetLine)}`);
+        lines.push(`  ${chalk2.gray(snippetLine)}`);
       }
     }
   }
   lines.push("");
-  lines.push(chalk.green(`  Fix: ${finding.fix.description}`));
+  lines.push(chalk2.green(`  \u{1F4A1} Fix: ${finding.fix.description}`));
   if (finding.fix.suggestion) {
-    lines.push(chalk.green.dim(`  Suggestion: ${finding.fix.suggestion}`));
+    lines.push(chalk2.green.dim(`     ${finding.fix.suggestion}`));
   }
   return lines.join("\n");
 }
 function formatTableOutput(result, options = {}) {
   const lines = [];
-  lines.push("");
-  lines.push(chalk.bold.cyan("  ShipSafe Security Scan Results"));
-  lines.push(chalk.gray("  " + "\u2500".repeat(50)));
-  lines.push("");
   const { summary } = result;
-  lines.push(
-    `  ${chalk.bold("Files scanned:")} ${summary.filesScanned}  |  ${chalk.bold("Lines:")} ${summary.linesScanned.toLocaleString()}  |  ${chalk.bold("Duration:")} ${result.durationMs}ms`
-  );
-  lines.push("");
+  printScanSummaryBox({
+    files: summary.filesScanned,
+    lines: summary.linesScanned,
+    duration: result.durationMs,
+    findings: summary.total,
+    critical: summary.bySeverity.critical,
+    high: summary.bySeverity.high,
+    medium: summary.bySeverity.medium,
+    low: summary.bySeverity.low
+  });
   if (summary.total === 0) {
-    lines.push(chalk.green.bold("  No security issues found!"));
     if (!options.isLoggedIn) {
-      lines.push("");
       lines.push(
-        chalk.gray(
-          `  No issues in surface scan. Run ${chalk.bold.white("shipsafe login")} to unlock deep AI analysis.`
+        chalk2.dim(
+          `  Run ${chalk2.bold.white("shipsafe login")} to unlock deep AI analysis.`
         )
       );
+      lines.push("");
     }
-    lines.push("");
     return lines.join("\n");
   }
-  const severityLine = [
-    summary.bySeverity.critical > 0 ? chalk.red.bold(`${summary.bySeverity.critical} critical`) : null,
-    summary.bySeverity.high > 0 ? chalk.yellow.bold(`${summary.bySeverity.high} high`) : null,
-    summary.bySeverity.medium > 0 ? chalk.hex("#ca8a04").bold(`${summary.bySeverity.medium} medium`) : null,
-    summary.bySeverity.low > 0 ? chalk.blue(`${summary.bySeverity.low} low`) : null,
-    summary.bySeverity.info > 0 ? chalk.gray(`${summary.bySeverity.info} info`) : null
-  ].filter(Boolean).join("  |  ");
-  lines.push(`  ${chalk.bold("Findings:")} ${summary.total}  (${severityLine})`);
   const sorted = [...result.findings].sort(
     (a, b) => SEVERITY_ORDER[a.severity] - SEVERITY_ORDER[b.severity]
   );
-  for (let i = 0; i < sorted.length; i++) {
-    lines.push(formatFinding(sorted[i], i));
+  let currentSeverity = null;
+  let countInSeverity = 0;
+  for (const finding of sorted) {
+    if (finding.severity !== currentSeverity) {
+      if (currentSeverity !== null) {
+        lines.push("");
+      }
+      currentSeverity = finding.severity;
+      countInSeverity = sorted.filter(
+        (f) => f.severity === currentSeverity
+      ).length;
+      lines.push(
+        chalk2.dim("  \u2500\u2500\u2500\u2500 ") + SEVERITY_COLOR[currentSeverity].bold(
+          `${currentSeverity.toUpperCase()} (${countInSeverity})`
+        ) + chalk2.dim(" " + "\u2500".repeat(35))
+      );
+      lines.push("");
+    }
+    lines.push(formatFinding(finding));
+    lines.push("");
   }
   if (options.diff) {
     const { newFindings, resolvedFindings } = options.diff;
     if (newFindings.length > 0 || resolvedFindings.length > 0) {
-      lines.push("");
-      lines.push(chalk.bold("  Changes since last scan:"));
+      printDivider();
+      lines.push(chalk2.bold.white("  \u{1F4CA} Changes since last scan:"));
       if (newFindings.length > 0) {
         lines.push(
-          chalk.red(`    \u2B06 ${newFindings.length} new issue${newFindings.length === 1 ? "" : "s"} introduced`)
+          chalk2.red(
+            `     \u2191 ${newFindings.length} new issue${newFindings.length === 1 ? "" : "s"} introduced`
+          )
         );
       }
       if (resolvedFindings.length > 0) {
         lines.push(
-          chalk.green(`    \u2B07 ${resolvedFindings.length} issue${resolvedFindings.length === 1 ? "" : "s"} resolved`)
+          chalk2.green(
+            `     \u2193 ${resolvedFindings.length} issue${resolvedFindings.length === 1 ? "" : "s"} resolved`
+          )
         );
       }
     }
   }
   if (options.suppressedCount && options.suppressedCount > 0) {
     lines.push(
-      chalk.gray(`
-  ${options.suppressedCount} finding${options.suppressedCount === 1 ? "" : "s"} suppressed via .shipsafeignore`)
+      chalk2.dim(
+        `
+  ${options.suppressedCount} finding${options.suppressedCount === 1 ? "" : "s"} suppressed via .shipsafeignore`
+      )
     );
   }
-  lines.push("");
-  lines.push(chalk.gray("  " + "\u2500".repeat(50)));
   if (!options.isLoggedIn && summary.total > 0) {
     const criticalHigh = summary.bySeverity.critical + summary.bySeverity.high;
-    lines.push("");
-    if (criticalHigh > 0) {
-      lines.push(
-        chalk.yellow(
-          `  Found ${criticalHigh} critical/high issue${criticalHigh === 1 ? "" : "s"}. Deep AI analysis can find auth logic flaws,`
-        )
-      );
-      lines.push(
-        chalk.yellow(
-          `  business logic bugs, and more \u2014 run ${chalk.bold("shipsafe login")} to unlock.`
-        )
-      );
-    } else {
-      lines.push(
-        chalk.gray(
-          `  Surface scan clean. Run ${chalk.bold.white("shipsafe login")} for deep AI analysis`
-        )
-      );
-      lines.push(
-        chalk.gray(
-          `  covering auth logic, RLS policies, and business logic review.`
-        )
-      );
-    }
-  } else if (!options.isLoggedIn && summary.total === 0) {
-    lines.push(
-      chalk.gray(
-        `  No issues in surface scan. Run ${chalk.bold.white("shipsafe login")} to unlock deep AI analysis.`
-      )
-    );
+    printUpsellBox(criticalHigh);
   }
   lines.push("");
   return lines.join("\n");
@@ -7089,7 +7161,7 @@ function formatSarifOutput(result) {
 }
 
 // src/commands/login.ts
-import chalk2 from "chalk";
+import chalk3 from "chalk";
 import ora from "ora";
 import { readFileSync as readFileSync2, writeFileSync, mkdirSync, existsSync as existsSync2, unlinkSync } from "fs";
 import { homedir } from "os";
@@ -7101,7 +7173,7 @@ function getStoredToken() {
     if (!existsSync2(TOKEN_FILE)) return null;
     const data = JSON.parse(readFileSync2(TOKEN_FILE, "utf-8"));
     if (data.expiresAt < Date.now()) {
-      console.log(chalk2.yellow("Session expired. Please login again."));
+      console.log(chalk3.yellow("Session expired. Please login again."));
       return null;
     }
     return data;
@@ -7128,7 +7200,7 @@ async function fetchProfile(apiUrl, rawToken) {
 }
 async function loginCommand(options) {
   const apiUrl = options.apiUrl || "https://ship-safe.co";
-  console.log(chalk2.bold("\nShipSafe CLI Login\n"));
+  console.log(chalk3.bold("\nShipSafe CLI Login\n"));
   const spinner = ora("Requesting device code...").start();
   try {
     const res = await fetch(`${apiUrl}/api/cli/device-code`, {
@@ -7138,7 +7210,7 @@ async function loginCommand(options) {
     if (!res.ok) {
       spinner.fail("Failed to request device code");
       console.log(
-        chalk2.red(
+        chalk3.red(
           "Could not connect to ShipSafe. Make sure the server is running."
         )
       );
@@ -7146,10 +7218,10 @@ async function loginCommand(options) {
     }
     const { deviceCode, userCode, verificationUrl, expiresIn } = await res.json();
     spinner.stop();
-    console.log(chalk2.bold("To login, open this URL in your browser:\n"));
-    console.log(chalk2.cyan(`  ${verificationUrl}
+    console.log(chalk3.bold("To login, open this URL in your browser:\n"));
+    console.log(chalk3.cyan(`  ${verificationUrl}
 `));
-    console.log(`Enter this code: ${chalk2.bold.green(userCode)}
+    console.log(`Enter this code: ${chalk3.bold.green(userCode)}
 `);
     const pollSpinner = ora("Waiting for authorization...").start();
     const startTime = Date.now();
@@ -7180,17 +7252,17 @@ async function loginCommand(options) {
           }
           storeToken(tokenData);
           pollSpinner.succeed(
-            chalk2.green(`Logged in as ${chalk2.bold(pollData.email)}`)
+            chalk3.green(`Logged in as ${chalk3.bold(pollData.email)}`)
           );
           if (profile?.cliTier) {
             console.log(
-              chalk2.cyan(
+              chalk3.cyan(
                 `  CLI plan: ${profile.cliTier} (${profile.aiQuota.remaining} AI scans remaining)`
               )
             );
           } else {
             console.log(
-              chalk2.dim(
+              chalk3.dim(
                 "  No CLI plan. Upgrade at ship-safe.co/pricing for AI-powered scanning."
               )
             );
@@ -7199,7 +7271,7 @@ async function loginCommand(options) {
         }
         if (pollData.status === "expired") {
           pollSpinner.fail(
-            chalk2.yellow(
+            chalk3.yellow(
               "Your login link expired. Run `shipsafe login` again."
             )
           );
@@ -7209,7 +7281,7 @@ async function loginCommand(options) {
         networkErrors++;
         if (networkErrors >= 3) {
           pollSpinner.fail(
-            chalk2.red(
+            chalk3.red(
               "Lost connection to ShipSafe. Check your internet and run `shipsafe login` again."
             )
           );
@@ -7219,7 +7291,7 @@ async function loginCommand(options) {
       }
     }
     pollSpinner.fail(
-      chalk2.yellow(
+      chalk3.yellow(
         "Your login link expired. Run `shipsafe login` again."
       )
     );
@@ -7227,13 +7299,13 @@ async function loginCommand(options) {
     spinner.fail("Could not connect to ShipSafe");
     if (error instanceof Error && (error.message.includes("fetch") || error.message.includes("ECONNREFUSED"))) {
       console.log(
-        chalk2.red(
+        chalk3.red(
           "Make sure you have an internet connection and try again."
         )
       );
     } else {
       console.log(
-        chalk2.red(
+        chalk3.red(
           error instanceof Error ? error.message : "Unknown error \u2014 try again."
         )
       );
@@ -7244,18 +7316,18 @@ async function logoutCommand() {
   try {
     if (existsSync2(TOKEN_FILE)) {
       unlinkSync(TOKEN_FILE);
-      console.log(chalk2.green("Logged out successfully."));
+      console.log(chalk3.green("Logged out successfully."));
     } else {
-      console.log(chalk2.yellow("Not currently logged in."));
+      console.log(chalk3.yellow("Not currently logged in."));
     }
   } catch {
-    console.log(chalk2.red("Failed to logout."));
+    console.log(chalk3.red("Failed to logout."));
   }
 }
 async function whoamiCommand(options) {
   const token = getStoredToken();
   if (!token) {
-    console.log(chalk2.yellow("Not logged in. Run `shipsafe login` to login."));
+    console.log(chalk3.yellow("Not logged in. Run `shipsafe login` to login."));
     return;
   }
   const apiUrl = options.apiUrl || "https://ship-safe.co";
@@ -7269,26 +7341,26 @@ async function whoamiCommand(options) {
       aiQuota: profile.aiQuota
     });
     spinner.stop();
-    console.log(chalk2.bold("\nShipSafe Account\n"));
-    console.log(`  Email:    ${chalk2.cyan(profile.email)}`);
-    console.log(`  Web tier: ${chalk2.cyan(profile.tier)}`);
+    console.log(chalk3.bold("\nShipSafe Account\n"));
+    console.log(`  Email:    ${chalk3.cyan(profile.email)}`);
+    console.log(`  Web tier: ${chalk3.cyan(profile.tier)}`);
     if (profile.cliTier) {
-      console.log(`  CLI plan: ${chalk2.green(profile.cliTier)}`);
+      console.log(`  CLI plan: ${chalk3.green(profile.cliTier)}`);
       console.log(
-        `  AI scans: ${chalk2.cyan(`${profile.aiQuota.used}/${profile.aiQuota.limit}`)} used this month (${chalk2.green(`${profile.aiQuota.remaining}`)} remaining)`
+        `  AI scans: ${chalk3.cyan(`${profile.aiQuota.used}/${profile.aiQuota.limit}`)} used this month (${chalk3.green(`${profile.aiQuota.remaining}`)} remaining)`
       );
     } else {
-      console.log(`  CLI plan: ${chalk2.dim("none")}`);
+      console.log(`  CLI plan: ${chalk3.dim("none")}`);
       console.log(
-        chalk2.dim("  Upgrade at ship-safe.co/pricing for AI-powered scanning.")
+        chalk3.dim("  Upgrade at ship-safe.co/pricing for AI-powered scanning.")
       );
     }
     console.log();
   } else {
     spinner.stop();
-    console.log(chalk2.green(`Logged in as ${chalk2.bold(token.email)}`));
+    console.log(chalk3.green(`Logged in as ${chalk3.bold(token.email)}`));
     if (token.cliTier) {
-      console.log(chalk2.cyan(`  CLI plan: ${token.cliTier}`));
+      console.log(chalk3.cyan(`  CLI plan: ${token.cliTier}`));
     }
   }
 }
@@ -7296,7 +7368,7 @@ async function whoamiCommand(options) {
 // src/commands/ignore.ts
 import { existsSync as existsSync3, readFileSync as readFileSync3, writeFileSync as writeFileSync2, appendFileSync } from "fs";
 import { resolve, join as join2 } from "path";
-import chalk3 from "chalk";
+import chalk4 from "chalk";
 var IGNORE_FILE = ".shipsafeignore";
 function getIgnorePath(dir) {
   return resolve(dir || ".", IGNORE_FILE);
@@ -7320,7 +7392,7 @@ function ignoreCommand(ruleId, options) {
   if (existsSync3(ignorePath)) {
     const existing = loadIgnoredRules(".");
     if (existing.has(ruleId)) {
-      console.log(chalk3.yellow(`Rule "${ruleId}" is already in ${IGNORE_FILE}`));
+      console.log(chalk4.yellow(`Rule "${ruleId}" is already in ${IGNORE_FILE}`));
       return;
     }
   }
@@ -7341,18 +7413,18 @@ ${line}
 `
     );
   }
-  console.log(chalk3.green(`Added "${ruleId}" to ${IGNORE_FILE}`));
+  console.log(chalk4.green(`Added "${ruleId}" to ${IGNORE_FILE}`));
   if (options.reason) {
-    console.log(chalk3.gray(`  Reason: ${options.reason}`));
+    console.log(chalk4.gray(`  Reason: ${options.reason}`));
   }
   console.log(
-    chalk3.gray(`  This finding will be suppressed in future scans.`)
+    chalk4.gray(`  This finding will be suppressed in future scans.`)
   );
 }
 function unignoreCommand(ruleId) {
   const ignorePath = getIgnorePath();
   if (!existsSync3(ignorePath)) {
-    console.log(chalk3.yellow(`No ${IGNORE_FILE} found.`));
+    console.log(chalk4.yellow(`No ${IGNORE_FILE} found.`));
     return;
   }
   const content = readFileSync3(ignorePath, "utf-8");
@@ -7364,11 +7436,11 @@ function unignoreCommand(ruleId) {
     return lineRuleId !== ruleId;
   });
   if (filtered.length === lines.length) {
-    console.log(chalk3.yellow(`Rule "${ruleId}" is not in ${IGNORE_FILE}`));
+    console.log(chalk4.yellow(`Rule "${ruleId}" is not in ${IGNORE_FILE}`));
     return;
   }
   writeFileSync2(ignorePath, filtered.join("\n"));
-  console.log(chalk3.green(`Removed "${ruleId}" from ${IGNORE_FILE}`));
+  console.log(chalk4.green(`Removed "${ruleId}" from ${IGNORE_FILE}`));
 }
 
 // src/lib/scan-history.ts
@@ -7453,28 +7525,81 @@ function loadConfig(dir) {
 async function scanCommand(targetPath, options) {
   const resolvedPath = resolve2(targetPath);
   if (!existsSync5(resolvedPath)) {
-    console.error(chalk4.red(`Error: Path "${targetPath}" does not exist.`));
+    printError(`Path "${targetPath}" does not exist.`);
     process.exit(1);
   }
+  if (options.output === "table") {
+    printBanner();
+  }
+  let tokenData = getStoredToken();
+  if (!tokenData && !options.ci && options.output === "table") {
+    const choice = await select({
+      message: chalk5.white("How would you like to scan?"),
+      choices: [
+        {
+          name: `${chalk5.green("\u25B8")} ${chalk5.bold("Free scan")} ${chalk5.dim("\u2014 rule-based analysis, no account needed")}`,
+          value: "free"
+        },
+        {
+          name: `${chalk5.hex("#FF6B2B")("\u25B8")} ${chalk5.bold("Login first")} ${chalk5.dim("\u2014 unlock AI-powered deep analysis")}`,
+          value: "login"
+        }
+      ],
+      theme: {
+        prefix: { idle: chalk5.hex("#FF6B2B")("  \u{1F6E1}\uFE0F"), done: chalk5.green("  \u2713") },
+        style: {
+          highlight: (text) => chalk5.hex("#FF6B2B")(text)
+        }
+      }
+    });
+    if (choice === "login") {
+      await loginCommand({ apiUrl: options.apiUrl });
+      tokenData = getStoredToken();
+      if (!tokenData) {
+        printInfo("Login skipped. Running free scan...\n");
+      } else {
+        console.log("");
+      }
+    } else {
+      console.log("");
+    }
+  }
   const config = loadConfig(resolvedPath);
   const severity = options.severity || config.severity || "low";
-  const spinner = ora2("Collecting files...").start();
+  const spinner = ora2({
+    text: chalk5.dim("Collecting files..."),
+    color: "yellow",
+    spinner: "dots12"
+  }).start();
   const files = collectFiles(resolvedPath, { exclude: config.exclude });
   if (files.length === 0) {
-    spinner.fail("No supported files found to scan.");
+    spinner.fail(chalk5.red("No supported files found to scan."));
     process.exit(1);
   }
-  spinner.text = `Scanning ${files.length} files...`;
+  const totalLines = files.reduce(
+    (sum, f) => sum + f.content.split("\n").length,
+    0
+  );
+  spinner.text = chalk5.dim(
+    `Scanning ${chalk5.white.bold(String(files.length))} files (${chalk5.white.bold(totalLines.toLocaleString())} lines)...`
+  );
   const result = await scan(
     { files, tier: "free" },
     (progress) => {
-      spinner.text = `${progress.stage} (${progress.findingsCount} findings)`;
+      spinner.text = chalk5.dim(
+        `${progress.stage} ${chalk5.white(`(${progress.findingsCount} findings)`)}`
+      );
     }
   );
-  spinner.stop();
-  const tokenData = getStoredToken();
+  spinner.succeed(
+    chalk5.green(`Scan complete \u2014 ${result.findings.length} findings in ${result.durationMs}ms`)
+  );
   if (tokenData?.cliTier) {
-    const aiSpinner = ora2("Running AI-powered deep analysis...").start();
+    const aiSpinner = ora2({
+      text: chalk5.dim("Running AI-powered deep analysis..."),
+      color: "yellow",
+      spinner: "dots12"
+    }).start();
     try {
       const aiRes = await fetch(`${options.apiUrl}/api/cli/ai-scan`, {
         method: "POST",
@@ -7515,31 +7640,29 @@ async function scanCommand(targetPath, options) {
           info: result.findings.filter((f) => f.severity === "info").length
         };
         aiSpinner.succeed(
-          chalk4.green(
-            `AI analysis complete: ${aiFindings.length} additional findings`
+          chalk5.green(
+            `AI analysis: ${aiFindings.length} additional findings`
           )
         );
-        console.log(
-          chalk4.dim(
-            `  AI scans: ${aiData.quota.used}/${aiData.quota.limit} used this month (${aiData.quota.remaining} remaining)`
-          )
+        printInfo(
+          `AI scans: ${aiData.quota.used}/${aiData.quota.limit} used this month (${aiData.quota.remaining} remaining)`
         );
       } else if (aiRes.status === 429) {
         aiSpinner.warn(
-          chalk4.yellow("AI scan quota reached. Showing rule-based results only.")
+          chalk5.yellow("AI scan quota reached. Showing rule-based results only.")
         );
       } else if (aiRes.status === 401) {
         aiSpinner.warn(
-          chalk4.yellow("Session expired. Run `shipsafe login` to re-authenticate.")
+          chalk5.yellow("Session expired. Run `shipsafe login` to re-authenticate.")
         );
       } else {
         aiSpinner.warn(
-          chalk4.yellow("AI analysis unavailable. Showing rule-based results only.")
+          chalk5.yellow("AI analysis unavailable. Showing rule-based results only.")
         );
       }
     } catch {
       aiSpinner.warn(
-        chalk4.yellow("Could not reach AI scanning service. Showing rule-based results only.")
+        chalk5.yellow("Could not reach AI scanning service. Showing rule-based results only.")
       );
     }
   }
@@ -7587,7 +7710,11 @@ async function scanCommand(targetPath, options) {
   }
   const token = getStoredToken();
   if (token && options.upload) {
-    const uploadSpinner = ora2("Syncing results to dashboard...").start();
+    const uploadSpinner = ora2({
+      text: chalk5.dim("Syncing results to dashboard..."),
+      color: "yellow",
+      spinner: "dots12"
+    }).start();
     try {
       const apiFindings = result.findings.map((f) => ({
         ruleId: f.ruleId,
@@ -7620,14 +7747,10 @@ async function scanCommand(targetPath, options) {
       if (res.ok) {
         const data = await res.json();
         uploadSpinner.succeed(
-          chalk4.green(`Results synced: ${data.dashboardUrl || "view in dashboard"}`)
+          chalk5.green(`Results synced: ${data.dashboardUrl || "view in dashboard"}`)
         );
         if (data.deepScanStatus === "running") {
-          console.log(
-            chalk4.cyan(
-              "  Deep AI analysis running \u2014 check dashboard for updates."
-            )
-          );
+          printInfo("Deep AI analysis running \u2014 check dashboard for updates.");
         }
       } else if (res.status === 401) {
         uploadSpinner.warn(
@@ -7643,7 +7766,7 @@ async function scanCommand(targetPath, options) {
     }
   } else if (options.upload) {
     console.log(
-      chalk4.yellow(
+      chalk5.yellow(
         "\nNot logged in. Run `shipsafe login` first to sync results."
       )
     );
@@ -7661,7 +7784,7 @@ async function scanCommand(targetPath, options) {
 // src/commands/init.ts
 import { writeFileSync as writeFileSync4, existsSync as existsSync6 } from "fs";
 import { resolve as resolve3 } from "path";
-import chalk5 from "chalk";
+import chalk6 from "chalk";
 var DEFAULT_CONFIG = `# ShipSafe Configuration
 # https://ship-safe.co/docs/config
 
@@ -7692,11 +7815,11 @@ severity: low
 function initCommand() {
   const configPath = resolve3(".shipsafe.yml");
   if (existsSync6(configPath)) {
-    console.log(chalk5.yellow("A .shipsafe.yml already exists in this directory."));
+    console.log(chalk6.yellow("A .shipsafe.yml already exists in this directory."));
     return;
   }
   writeFileSync4(configPath, DEFAULT_CONFIG, "utf-8");
-  console.log(chalk5.green("Created .shipsafe.yml configuration file."));
+  console.log(chalk6.green("Created .shipsafe.yml configuration file."));
 }
 
 // src/index.ts

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ship-safe/cli",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "description": "Security scanner for AI-generated code — find vulnerabilities before you ship",
   "type": "module",
   "license": "MIT",
@@ -40,6 +40,7 @@
   },
   "dependencies": {
     "@anthropic-ai/sdk": "^0.39",
+    "@inquirer/prompts": "^8.3.2",
     "chalk": "^5",
     "commander": "^13",
     "ignore": "^7",
@@ -50,8 +51,8 @@
     "@types/node": "^22",
     "tsup": "^8",
     "typescript": "^5.7",
-    "@shipsafe/shared": "0.1.0",
-    "@shipsafe/scanner": "0.1.0"
+    "@shipsafe/scanner": "0.1.0",
+    "@shipsafe/shared": "0.1.0"
   },
   "scripts": {
     "build": "tsup",