@vibecheckai/cli 2.5.1

package/dist/commands/autopilot.js

@@ -0,0 +1,1539 @@
+"use strict";
+/**
+ * autopilot command
+ *
+ * Purpose:
+ * Orchestrates the Autopilot batch remediation system that:
+ * 1. Scans the project for issues
+ * 2. Groups findings into fix packs by strategy
+ * 3. Applies fixes in batches with verification
+ * 4. Rolls back on verification failure
+ *
+ * Usage:
+ *   guardrail autopilot [--dry-run] [--interactive] [--max-fixes=N] [--evidence]
+ *
+ * Failure modes:
+ * - Authentication/entitlement failures: exits with AUTH_FAILURE
+ * - Invalid project path: exits with USER_ERROR
+ * - Scan failures: exits with SYSTEM_ERROR
+ * - Verification failures in dry-run: shows plan but exits with POLICY_FAIL
+ * - Verification failures in apply mode: rolls back automatically, exits with POLICY_FAIL
+ * - Git operations failures: continues with backup-based rollback
+ *
+ * This is a PRO feature and requires autopilot entitlement.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runAutopilotCommand = runAutopilotCommand;
+exports.registerAutopilotCommand = registerAutopilotCommand;
+const path_1 = require("path");
+const fs_1 = require("fs");
+const readline = __importStar(require("readline"));
+const crypto = __importStar(require("crypto"));
+const core_1 = require('guardrail-core');
+const exit_codes_1 = require("../runtime/exit-codes");
+const evidence_1 = require("./evidence");
+const c = {
+    bold: (s) => `\x1b[1m${s}\x1b[0m`,
+    dim: (s) => `\x1b[2m${s}\x1b[0m`,
+    critical: (s) => `\x1b[35m${s}\x1b[0m`,
+    high: (s) => `\x1b[31m${s}\x1b[0m`,
+    medium: (s) => `\x1b[33m${s}\x1b[0m`,
+    low: (s) => `\x1b[36m${s}\x1b[0m`,
+    success: (s) => `\x1b[32m${s}\x1b[0m`,
+    info: (s) => `\x1b[34m${s}\x1b[0m`,
+    error: (s) => `\x1b[31m${s}\x1b[0m`,
+    cyan: (s) => `\x1b[36m${s}\x1b[0m`,
+    yellow: (s) => `\x1b[33m${s}\x1b[0m`,
+};
+/**
+ * Simple spinner implementation for progress indication
+ */
+function createSpinner(text) {
+    const frames = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'];
+    let i = 0;
+    const interval = setInterval(() => {
+        process.stdout.write(`\r${c.cyan(frames[i])} ${text}`);
+        i = (i + 1) % frames.length;
+    }, 80);
+    return {
+        stop: (success = true, message) => {
+            clearInterval(interval);
+            const icon = success ? c.success('✓') : c.error('✗');
+            process.stdout.write(`\r${icon} ${message || text}${' '.repeat(20)}\n`);
+        },
+    };
+}
+/**
+ * Format duration in human-readable format
+ */
+function formatDuration(ms) {
+    if (ms < 1000)
+        return `${ms}ms`;
+    if (ms < 60000)
+        return `${(ms / 1000).toFixed(1)}s`;
+    const minutes = Math.floor(ms / 60000);
+    const seconds = Math.floor((ms % 60000) / 1000);
+    return `${minutes}m ${seconds}s`;
+}
+/**
+ * Format file count with appropriate suffix
+ */
+function formatCount(count, singular, plural) {
+    const suffix = count === 1 ? singular : plural || `${singular}s`;
+    return `${count} ${suffix}`;
+}
+/**
+ * Create a simple table row
+ */
+function tableRow(...cells) {
+    return `  ${cells.join('  ')}`;
+}
+/**
+ * Create a separator line
+ */
+function separator(length = 80) {
+    return c.dim('─'.repeat(length));
+}
+/**
+ * Detect if running in CI/CD environment
+ */
+function isCIEnvironment() {
+    return !!(process.env.CI ||
+        process.env.CONTINUOUS_INTEGRATION ||
+        process.env.GITHUB_ACTIONS ||
+        process.env.GITLAB_CI ||
+        process.env.JENKINS_URL ||
+        process.env.BUILDKITE ||
+        process.env.CIRCLECI ||
+        process.env.TRAVIS ||
+        process.env.TEAMCITY_VERSION);
+}
+/**
+ * Load autopilot configuration from .guardrail/autopilot.json if it exists
+ */
+function loadAutopilotConfig(projectPath) {
+    const configPath = (0, path_1.join)(projectPath, '.guardrail', 'autopilot.json');
+    if (!(0, fs_1.existsSync)(configPath)) {
+        return {};
+    }
+    try {
+        const configContent = (0, fs_1.readFileSync)(configPath, 'utf8');
+        const config = JSON.parse(configContent);
+        // Validate and return only known options
+        const validOptions = {};
+        if (typeof config.profile === 'string' &&
+            ['quick', 'full', 'ship', 'ci'].includes(config.profile)) {
+            validOptions.profile = config.profile;
+        }
+        if (typeof config.maxFixes === 'number' && config.maxFixes > 0) {
+            validOptions.maxFixes = config.maxFixes;
+        }
+        if (typeof config.verify === 'boolean') {
+            validOptions.verify = config.verify;
+        }
+        if (typeof config.force === 'boolean') {
+            validOptions.force = config.force;
+        }
+        if (typeof config.branchStrategy === 'string' &&
+            ['none', 'worktree', 'copy'].includes(config.branchStrategy)) {
+            validOptions.branchStrategy = config.branchStrategy;
+        }
+        if (typeof config.audit === 'boolean') {
+            validOptions.audit = config.audit;
+        }
+        if (typeof config.compliance === 'boolean') {
+            validOptions.compliance = config.compliance;
+        }
+        if (typeof config.evidence === 'boolean') {
+            validOptions.evidence = config.evidence;
+        }
+        if (config.security && typeof config.security === 'object') {
+            validOptions.security = config.security;
+        }
+        if (Array.isArray(config.complianceFrameworks)) {
+            validOptions.complianceFrameworks = config.complianceFrameworks;
+        }
+        return validOptions;
+    }
+    catch (err) {
+        // Invalid config file, ignore
+        return {};
+    }
+}
+/**
+ * Validate enterprise security requirements
+ */
+function validateSecurityRequirements(config, options) {
+    if (config.security?.requireEvidence &&
+        !options.evidence &&
+        !options.dryRun) {
+        return {
+            valid: false,
+            error: 'Evidence generation required by enterprise security policy. Use --evidence flag.',
+        };
+    }
+    if (config.security?.requireVerification && options.verify === false) {
+        return {
+            valid: false,
+            error: 'Verification required by enterprise security policy. Cannot use --no-verify.',
+        };
+    }
+    if (!config.security?.allowHighRisk && !options.force) {
+        // This would be checked during pack application
+        // Just a placeholder for enterprise security validation
+    }
+    return { valid: true };
+}
+/**
+ * Create a simple progress bar
+ */
+function createProgressBar(current, total, width = 30) {
+    if (total === 0)
+        return c.dim('[' + ' '.repeat(width) + ']');
+    const percentage = Math.min(100, Math.round((current / total) * 100));
+    const filled = Math.round((current / total) * width);
+    const empty = width - filled;
+    const filledBar = c.success('█'.repeat(filled));
+    const emptyBar = c.dim('░'.repeat(empty));
+    return `[${filledBar}${emptyBar}] ${percentage}%`;
+}
+/**
+ * Display progress bar for pack processing
+ */
+function displayPackProgress(current, total, packName) {
+    const bar = createProgressBar(current, total);
+    process.stdout.write(`\r${c.cyan('⚙')} Processing packs: ${bar} ${c.dim(`(${current}/${total})`)} ${c.dim(packName)}`);
+    if (current === total) {
+        process.stdout.write('\n');
+    }
+}
+/**
+ * Prompt user for confirmation (non-interactive defaults to false for safety)
+ */
+async function promptConfirm(message, defaultValue = false) {
+    if (!process.stdin.isTTY || !process.stdout.isTTY) {
+        return defaultValue;
+    }
+    const rl = readline.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    return new Promise((resolve) => {
+        const hint = defaultValue ? '[Y/n]' : '[y/N]';
+        rl.question(`${message} ${hint}: `, (answer) => {
+            rl.close();
+            const lower = answer.toLowerCase().trim();
+            if (lower === '') {
+                resolve(defaultValue);
+            }
+            else {
+                resolve(lower === 'y' || lower === 'yes');
+            }
+        });
+    });
+}
+/**
+ * Enhanced interactive pack selection for --interactive mode
+ */
+async function selectPacksInteractively(packs) {
+    if (!process.stdin.isTTY || !process.stdout.isTTY || packs.length === 0) {
+        return packs;
+    }
+    const selected = new Set();
+    let currentIndex = 0;
+    // Initially select all packs
+    packs.forEach((_, i) => selected.add(i));
+    return new Promise((resolve) => {
+        const rl = readline.createInterface({
+            input: process.stdin,
+            output: process.stdout,
+        });
+        const render = () => {
+            console.clear();
+            console.log(`\n${c.bold('🤖 AUTOPILOT FIX PACK SELECTION')}\n`);
+            console.log(`${c.dim('Select packs to apply (Space to toggle, Enter to confirm, Q to quit)')}\n`);
+            console.log(`${separator(70)}\n`);
+            packs.forEach((pack, i) => {
+                const isSelected = selected.has(i);
+                const isCurrent = i === currentIndex;
+                const checkbox = isSelected ? `${c.success('[✓]')}` : `${c.dim('[ ]')}`;
+                const cursor = isCurrent ? `${c.info('❯')}` : ' ';
+                const riskColor = pack.estimatedRisk === 'high'
+                    ? c.high
+                    : pack.estimatedRisk === 'medium'
+                        ? c.medium
+                        : c.low;
+                const priorityBadge = pack.priority <= 3
+                    ? c.high('⚡')
+                    : pack.priority <= 5
+                        ? c.medium('●')
+                        : c.dim('○');
+                console.log(`  ${cursor} ${checkbox} ${priorityBadge} ${c.bold(pack.name)}`);
+                console.log(`      ${c.dim(pack.description)}`);
+                console.log(`      ${c.dim(`Findings: ${pack.findings.length} | Files: ${pack.impactedFiles.length} | Risk: ${riskColor(pack.estimatedRisk.toUpperCase())}`)}`);
+                console.log('');
+            });
+            console.log(`${separator(70)}\n`);
+            const selectedCount = selected.size;
+            console.log(`${c.info(`Selected: ${selectedCount}/${packs.length} pack${selectedCount !== 1 ? 's' : ''}`)}\n`);
+        };
+        render();
+        // Enable raw mode for key detection
+        if (process.stdin.setRawMode) {
+            process.stdin.setRawMode(true);
+        }
+        process.stdin.on('data', (key) => {
+            const char = key.toString();
+            if (char === '\u0003' || char.toLowerCase() === 'q') {
+                // Ctrl+C or Q - quit
+                if (process.stdin.setRawMode) {
+                    process.stdin.setRawMode(false);
+                }
+                rl.close();
+                resolve([]);
+            }
+            else if (char === '\r' || char === '\n') {
+                // Enter - confirm
+                if (process.stdin.setRawMode) {
+                    process.stdin.setRawMode(false);
+                }
+                rl.close();
+                const selectedPacks = packs.filter((_, i) => selected.has(i));
+                resolve(selectedPacks);
+            }
+            else if (char === ' ') {
+                // Space - toggle selection
+                if (selected.has(currentIndex)) {
+                    selected.delete(currentIndex);
+                }
+                else {
+                    selected.add(currentIndex);
+                }
+                render();
+            }
+            else if (char === '\u001b[A') {
+                // Up arrow
+                currentIndex = Math.max(0, currentIndex - 1);
+                render();
+            }
+            else if (char === '\u001b[B') {
+                // Down arrow
+                currentIndex = Math.min(packs.length - 1, currentIndex + 1);
+                render();
+            }
+        });
+    });
+}
+/**
+ * Convert autopilot results to SARIF format
+ */
+function toSarifAutopilot(result) {
+    let version = '1.0.0';
+    try {
+        const pkg = require('../../package.json');
+        version = pkg.version || '1.0.0';
+    }
+    catch { }
+    const runs = [];
+    const run = {
+        tool: {
+            driver: {
+                name: 'guardrail-autopilot',
+                version,
+                informationUri: 'https://guardrail.dev',
+                rules: [],
+            },
+        },
+        results: [],
+        invocations: [
+            {
+                executionSuccessful: result.mode === 'apply'
+                    ? result.verification?.passed !== false
+                    : true,
+                startTimeUtc: result.timestamp,
+                endTimeUtc: result.mode === 'apply'
+                    ? result.endTime
+                    : result.timestamp,
+            },
+        ],
+    };
+    if (result.mode === 'plan') {
+        for (const pack of result.packs) {
+            for (const finding of pack.findings) {
+                run.results.push({
+                    ruleId: `autopilot-${pack.category}`,
+                    level: finding.severity === 'critical' || finding.severity === 'high'
+                        ? 'error'
+                        : finding.severity === 'medium'
+                            ? 'warning'
+                            : 'note',
+                    message: { text: finding.message },
+                    locations: [
+                        {
+                            physicalLocation: {
+                                artifactLocation: { uri: finding.file },
+                                region: { startLine: finding.line },
+                            },
+                        },
+                    ],
+                    properties: {
+                        category: pack.category,
+                        packId: pack.id,
+                        fixable: finding.fixable,
+                    },
+                });
+            }
+        }
+    }
+    else {
+        const applyResult = result;
+        for (const fix of applyResult.appliedFixes) {
+            run.results.push({
+                ruleId: `autopilot-fix-${fix.packId}`,
+                level: fix.success ? 'note' : 'warning',
+                message: {
+                    text: fix.success
+                        ? 'Fix applied successfully'
+                        : `Fix failed: ${fix.error || 'Unknown error'}`,
+                },
+                locations: [
+                    {
+                        physicalLocation: {
+                            artifactLocation: { uri: fix.file },
+                        },
+                    },
+                ],
+                properties: {
+                    packId: fix.packId,
+                    findingId: fix.findingId,
+                    success: fix.success,
+                },
+            });
+        }
+    }
+    runs.push(run);
+    return {
+        $schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
+        version: '2.1.0',
+        runs,
+    };
+}
+/**
+ * Enhanced plan results output with better formatting
+ */
+function outputPlanResult(result, options) {
+    if (options.format === 'sarif' || options.sarif) {
+        const sarif = toSarifAutopilot(result);
+        console.log(JSON.stringify(sarif, null, 2));
+        return;
+    }
+    if (options.json) {
+        console.log(JSON.stringify(result, null, 2));
+        return;
+    }
+    console.log(`\n${separator(80)}`);
+    console.log(`${c.bold('📋 AUTOPILOT PLAN')}`);
+    console.log(`${separator(80)}\n`);
+    // Summary section
+    console.log(`${c.bold('Summary')}`);
+    console.log(`${c.dim('├─')} Project: ${c.info(result.projectPath)}`);
+    console.log(`${c.dim('├─')} Profile: ${c.info(result.profile)}`);
+    console.log(`${c.dim('├─')} Timestamp: ${c.dim(result.timestamp)}`);
+    console.log(`${c.dim('└─')} Estimated Duration: ${c.yellow(result.estimatedDuration)}\n`);
+    // Findings overview
+    console.log(`${c.bold('Findings Overview')}`);
+    console.log(`${c.dim('├─')} Total Findings: ${c.bold(result.totalFindings.toString())}`);
+    console.log(`${c.dim('├─')} Fixable: ${c.success(result.fixableFindings.toString())}`);
+    console.log(`${c.dim('└─')} Fix Packs: ${c.info(result.packs.length.toString())}\n`);
+    // Risk assessment
+    console.log(`${c.bold('Risk Assessment')}`);
+    console.log(`${c.dim('├─')} ${c.low('Low Risk:')} ${result.riskAssessment.low}`);
+    console.log(`${c.dim('├─')} ${c.medium('Medium Risk:')} ${result.riskAssessment.medium}`);
+    console.log(`${c.dim('└─')} ${c.high('High Risk:')} ${result.riskAssessment.high}\n`);
+    if (result.packs.length === 0) {
+        console.log(`${c.success('✓')} ${c.bold('No fixable issues found')}\n`);
+        return;
+    }
+    // Fix packs table with filtering support
+    const filteredPacks = result.packs; // Could be filtered by options.filterCategory, etc.
+    console.log(`${c.bold('Fix Packs')} ${c.dim(`(${filteredPacks.length} pack${filteredPacks.length !== 1 ? 's' : ''})`)}`);
+    console.log(`${separator(80)}`);
+    console.log(tableRow(c.bold('Pack'), c.bold('Findings'), c.bold('Files'), c.bold('Risk'), c.bold('Priority')));
+    console.log(`${separator(80)}`);
+    for (const pack of filteredPacks) {
+        const riskLabel = pack.estimatedRisk === 'high'
+            ? c.high('HIGH')
+            : pack.estimatedRisk === 'medium'
+                ? c.medium('MEDIUM')
+                : c.low('LOW');
+        const priorityIcon = pack.priority <= 3
+            ? c.high('⚡')
+            : pack.priority <= 5
+                ? c.medium('●')
+                : c.dim('○');
+        console.log(tableRow(`${priorityIcon} ${pack.name}`, pack.findings.length.toString(), pack.impactedFiles.length.toString(), riskLabel, pack.priority.toString()));
+        console.log(`${c.dim('  └─')} ${c.dim(pack.description)}`);
+        if (pack.impactedFiles.length > 0 && pack.impactedFiles.length <= 5) {
+            console.log(`${c.dim('  └─')} Files: ${c.dim(pack.impactedFiles.join(', '))}`);
+        }
+        else if (pack.impactedFiles.length > 5) {
+            console.log(`${c.dim('  └─')} Files: ${c.dim(pack.impactedFiles.slice(0, 3).join(', ') + ` ... +${pack.impactedFiles.length - 3} more`)}`);
+        }
+        console.log('');
+    }
+    console.log(`${separator(80)}\n`);
+    // Batch operation summary
+    if (filteredPacks.length > 1) {
+        const totalFindings = filteredPacks.reduce((sum, p) => sum + p.findings.length, 0);
+        const totalFiles = new Set(filteredPacks.flatMap((p) => p.impactedFiles))
+            .size;
+        console.log(`${c.bold('Batch Summary')}`);
+        console.log(`${c.dim('├─')} Total Packs: ${c.info(filteredPacks.length.toString())}`);
+        console.log(`${c.dim('├─')} Total Findings: ${c.info(totalFindings.toString())}`);
+        console.log(`${c.dim('└─')} Unique Files: ${c.info(totalFiles.toString())}\n`);
+    }
+}
+/**
+ * Enhanced apply results output with detailed statistics
+ */
+function outputApplyResult(result, options) {
+    if (options.format === 'sarif' || options.sarif) {
+        const sarif = toSarifAutopilot(result);
+        console.log(JSON.stringify(sarif, null, 2));
+        return;
+    }
+    if (options.json) {
+        console.log(JSON.stringify(result, null, 2));
+        return;
+    }
+    // Comparison mode handled in scan results section
+    console.log(`\n${separator(80)}`);
+    console.log(`${c.bold('🤖 AUTOPILOT APPLY RESULTS')}`);
+    console.log(`${separator(80)}\n`);
+    // Execution summary
+    console.log(`${c.bold('Execution Summary')}`);
+    console.log(`${c.dim('├─')} Project: ${c.info(result.projectPath)}`);
+    console.log(`${c.dim('├─')} Profile: ${c.info(result.profile)}`);
+    console.log(`${c.dim('├─')} Run ID: ${c.dim(result.runId || 'N/A')}`);
+    console.log(`${c.dim('├─')} Duration: ${c.yellow(formatDuration(result.duration))}`);
+    // Performance metrics
+    if (result.appliedFixes.length > 0 && result.duration > 0) {
+        const fixesPerSecond = (result.appliedFixes.length /
+            (result.duration / 1000)).toFixed(1);
+        console.log(`${c.dim('└─')} Performance: ${c.info(`${fixesPerSecond} fixes/sec`)}`);
+    }
+    else {
+        console.log(`${c.dim('└─')} Performance: ${c.dim('N/A')}`);
+    }
+    console.log('');
+    // Pack statistics
+    console.log(`${c.bold('Pack Statistics')}`);
+    const packSuccessRate = result.packsAttempted > 0
+        ? ((result.packsSucceeded / result.packsAttempted) * 100).toFixed(1)
+        : '0.0';
+    console.log(`${c.dim('├─')} Attempted: ${result.packsAttempted}`);
+    console.log(`${c.dim('├─')} ${c.success('Succeeded:')} ${result.packsSucceeded}`);
+    console.log(`${c.dim('├─')} ${c.error('Failed:')} ${result.packsFailed}`);
+    console.log(`${c.dim('└─')} Success Rate: ${c.yellow(`${packSuccessRate}%`)}\n`);
+    // Fix statistics
+    const successfulFixes = result.appliedFixes.filter((f) => f.success);
+    const failedFixes = result.appliedFixes.filter((f) => !f.success);
+    const fixSuccessRate = result.appliedFixes.length > 0
+        ? ((successfulFixes.length / result.appliedFixes.length) * 100).toFixed(1)
+        : '0.0';
+    console.log(`${c.bold('Fix Statistics')}`);
+    console.log(`${c.dim('├─')} Total Applied: ${result.appliedFixes.length}`);
+    console.log(`${c.dim('├─')} ${c.success('Successful:')} ${successfulFixes.length}`);
+    console.log(`${c.dim('├─')} ${c.error('Failed:')} ${failedFixes.length}`);
+    console.log(`${c.dim('└─')} Success Rate: ${c.yellow(`${fixSuccessRate}%`)}\n`);
+    // Verification results
+    if (result.verification) {
+        const v = result.verification;
+        console.log(`${c.bold('Verification Results')}`);
+        console.log(`${c.dim('├─')} Typecheck: ${v.typecheck.passed ? c.success('✓ PASS') : c.error('✗ FAIL')}`);
+        if (v.typecheck.errors.length > 0) {
+            v.typecheck.errors.slice(0, 3).forEach((err) => {
+                console.log(`${c.dim('│  └─')} ${c.dim(err.substring(0, 70))}${err.length > 70 ? '...' : ''}`);
+            });
+        }
+        console.log(`${c.dim('├─')} Build: ${v.build.passed ? c.success('✓ PASS') : c.error('✗ FAIL')}`);
+        if (v.build.errors.length > 0) {
+            v.build.errors.slice(0, 3).forEach((err) => {
+                console.log(`${c.dim('│  └─')} ${c.dim(err.substring(0, 70))}${err.length > 70 ? '...' : ''}`);
+            });
+        }
+        console.log(`${c.dim('├─')} Tests: ${v.tests.passed ? c.success('✓ PASS') : c.error('✗ FAIL')}`);
+        if (v.tests.errors.length > 0) {
+            v.tests.errors.slice(0, 3).forEach((err) => {
+                console.log(`${c.dim('│  └─')} ${c.dim(err.substring(0, 70))}${err.length > 70 ? '...' : ''}`);
+            });
+        }
+        console.log(`${c.dim('└─')} Overall: ${v.passed ? c.success('✓ PASS') : c.error('✗ FAIL')} ${c.dim(`(${formatDuration(v.duration)})`)}\n`);
+    }
+    // Scan results comparison
+    console.log(`${c.bold('Scan Results Comparison')}`);
+    const successfulFixesCount = result.appliedFixes.filter((f) => f.success).length;
+    const improvement = successfulFixesCount > 0
+        ? c.success(`-${successfulFixesCount}`)
+        : c.dim('0');
+    console.log(`${c.dim('├─')} Findings Before: ${c.yellow((result.remainingFindings + successfulFixesCount).toString())}`);
+    console.log(`${c.dim('├─')} Fixes Applied: ${improvement}`);
+    console.log(`${c.dim('├─')} Remaining Findings: ${c.yellow(result.remainingFindings.toString())}`);
+    const improvementPercent = result.remainingFindings + successfulFixesCount > 0
+        ? ((successfulFixesCount /
+            (result.remainingFindings + successfulFixesCount)) *
+            100).toFixed(1)
+        : '0.0';
+    console.log(`${c.dim('├─')} Improvement: ${c.success(`${improvementPercent}%`)}`);
+    const verdictLabel = result.newScanVerdict === 'pass'
+        ? c.success('PASS')
+        : result.newScanVerdict === 'fail'
+            ? c.error('FAIL')
+            : c.dim('SKIPPED');
+    console.log(`${c.dim('└─')} New Scan Verdict: ${verdictLabel}\n`);
+    // Enterprise compliance summary
+    if (options.compliance) {
+        const complianceMetrics = generateComplianceMetrics(result);
+        console.log(`${c.bold('Compliance Summary')}`);
+        console.log(`${c.dim('├─')} Change Control: ${complianceMetrics.compliance.changeControl.verificationPassed ? c.success('VERIFIED') : c.error('NOT VERIFIED')}`);
+        console.log(`${c.dim('├─')} Audit Trail: ${result.runId ? c.success('AVAILABLE') : c.error('NOT AVAILABLE')}`);
+        console.log(`${c.dim('├─')} Quality Gates: ${complianceMetrics.compliance.qualityGates.overallPassed ? c.success('PASSED') : c.error('FAILED')}`);
+        console.log(`${c.dim('└─')} Remediation Rate: ${c.info(`${complianceMetrics.compliance.remediation.improvementPercent}%`)}\n`);
+    }
+    // Git information
+    if (result.gitBranch || result.gitCommit) {
+        console.log(`${c.bold('Git Integration')}`);
+        if (result.gitBranch) {
+            console.log(`${c.dim('├─')} Branch: ${c.info(result.gitBranch)}`);
+        }
+        if (result.gitCommit) {
+            console.log(`${c.dim('└─')} Commit: ${c.dim(result.gitCommit)}\n`);
+        }
+        else {
+            console.log('');
+        }
+    }
+    // File change statistics
+    const filesChanged = new Set(result.appliedFixes.map((f) => f.file));
+    if (filesChanged.size > 0) {
+        console.log(`${c.bold('Files Changed')}`);
+        const fileCount = filesChanged.size;
+        const filesList = Array.from(filesChanged).slice(0, 10);
+        console.log(`${c.dim('├─')} Total: ${c.info(fileCount.toString())} ${fileCount === 1 ? 'file' : 'files'}`);
+        if (filesList.length > 0) {
+            console.log(`${c.dim('├─')} Changed files:`);
+            filesList.forEach((file, i) => {
+                const isLast = i === filesList.length - 1 && fileCount <= 10;
+                const prefix = isLast ? '└─' : '│';
+                const fixCount = result.appliedFixes.filter((f) => f.file === file && f.success).length;
+                console.log(`${c.dim(`  ${prefix}`)} ${c.dim(file)} ${c.yellow(`(${fixCount} fix${fixCount !== 1 ? 'es' : ''})`)}`);
+            });
+            if (fileCount > 10) {
+                console.log(`${c.dim(`  └─`)} ... and ${fileCount - 10} more files`);
+            }
+        }
+        console.log('');
+    }
+    // Errors with recovery suggestions
+    if (result.errors.length > 0) {
+        console.log(`${c.error('Errors')}`);
+        result.errors.slice(0, 10).forEach((error, i) => {
+            const prefix = i === result.errors.length - 1 && result.errors.length <= 10
+                ? '└─'
+                : '├─';
+            console.log(`${c.dim(`  ${prefix}`)} ${c.error('✗')} ${error}`);
+            // Add recovery suggestions for common errors
+            const errorLower = error.toLowerCase();
+            if (errorLower.includes('git') && errorLower.includes('branch')) {
+                console.log(`${c.dim('    →')} ${c.info('Suggestion:')} Check git status and ensure you are on a clean branch`);
+            }
+            else if (errorLower.includes('verification') ||
+                errorLower.includes('build')) {
+                console.log(`${c.dim('    →')} ${c.info('Suggestion:')} Run with --no-verify to skip verification, or fix build errors manually`);
+            }
+            else if (errorLower.includes('permission') ||
+                errorLower.includes('access')) {
+                console.log(`${c.dim('    →')} ${c.info('Suggestion:')} Check file permissions and ensure you have write access`);
+            }
+        });
+        if (result.errors.length > 10) {
+            console.log(`${c.dim(`  └─`)} ... and ${result.errors.length - 10} more errors`);
+        }
+        console.log('');
+    }
+    // Final verdict
+    const passed = result.verification?.passed && result.newScanVerdict === 'pass';
+    console.log(`${separator(80)}`);
+    console.log(`${c.bold('VERDICT:')} ${passed ? c.success('✓ PASS') : c.error('✗ FAIL')}`);
+    if (!passed && result.runId) {
+        console.log(`${c.dim('Run ID:')} ${c.info(result.runId)} ${c.dim('(use --rollback --run-id to revert)')}`);
+    }
+    console.log(`${separator(80)}\n`);
+    // Next steps
+    if (!options.json && options.format !== 'sarif') {
+        console.log(`${c.bold('Next Steps')}`);
+        if (passed) {
+            if (result.gitBranch) {
+                console.log(`${c.dim('→')} Review changes: ${c.info(`git diff ${result.gitBranch}`)}`);
+                console.log(`${c.dim('→')} Test your application to ensure everything works as expected`);
+                console.log(`${c.dim('→')} Commit changes: ${c.info(`git commit -m "Autopilot fixes (runId: ${result.runId})"`)}`);
+                // CI/CD integration hint
+                if (isCIEnvironment()) {
+                    console.log(`${c.dim('→')} ${c.info('CI/CD:')} Changes are on branch ${c.info(result.gitBranch)}, ready for PR/merge`);
+                }
+            }
+            else {
+                console.log(`${c.dim('→')} Review the changes in your project files`);
+                console.log(`${c.dim('→')} Test your application to ensure everything works as expected`);
+            }
+        }
+        else {
+            console.log(`${c.dim('→')} Review errors above and fix issues manually if needed`);
+            if (result.runId) {
+                console.log(`${c.dim('→')} Rollback changes: ${c.info(`guardrail autopilot --rollback --run-id ${result.runId}`)}`);
+            }
+            console.log(`${c.dim('→')} Re-run autopilot after fixing issues: ${c.info('guardrail autopilot')}`);
+            // CI/CD integration hint for failures
+            if (isCIEnvironment()) {
+                console.log(`${c.dim('→')} ${c.info('CI/CD:')} Pipeline will fail - fix issues or use ${c.info('--no-verify')} to skip verification`);
+            }
+        }
+        console.log('');
+    }
+}
+/**
+ * Enhanced rollback results output
+ */
+function outputRollbackResult(result, options) {
+    if (options.json) {
+        console.log(JSON.stringify(result, null, 2));
+        return;
+    }
+    console.log(`\n${separator(80)}`);
+    console.log(`${c.bold('↩️  AUTOPILOT ROLLBACK')}`);
+    console.log(`${separator(80)}\n`);
+    console.log(`${c.bold('Rollback Details')}`);
+    console.log(`${c.dim('├─')} Run ID: ${c.info(result.runId)}`);
+    console.log(`${c.dim('├─')} Method: ${c.info(result.method)}`);
+    console.log(`${c.dim('└─')} Timestamp: ${c.dim(result.timestamp)}\n`);
+    if (result.success) {
+        console.log(`${c.success('✓')} ${c.bold(result.message)}\n`);
+    }
+    else {
+        console.log(`${c.error('✗')} ${c.bold(result.message)}\n`);
+    }
+}
+/**
+ * Enhanced progress callback with spinner integration
+ */
+function createProgressCallback(options) {
+    let currentSpinner = null;
+    let lastStage = '';
+    const stageTimings = {};
+    return (stage, message) => {
+        if (options.json)
+            return; // Skip progress in JSON mode
+        if (stage !== lastStage) {
+            if (currentSpinner) {
+                currentSpinner.stop(true);
+                if (lastStage) {
+                    stageTimings[lastStage] = Date.now();
+                }
+            }
+            const stageLabels = {
+                scan: 'Scanning project',
+                group: 'Grouping findings',
+                workspace: 'Preparing workspace',
+                git: 'Git operations',
+                fix: 'Applying fixes',
+                verify: 'Verifying changes',
+                apply: 'Applying to project',
+                rescan: 'Running verification scan',
+                rollback: 'Rolling back',
+            };
+            const label = stageLabels[stage] || stage;
+            currentSpinner = createSpinner(`${label}... ${c.dim(message)}`);
+            lastStage = stage;
+        }
+    };
+}
+/**
+ * Generate enterprise compliance metrics
+ */
+function generateComplianceMetrics(result) {
+    const successfulFixes = result.appliedFixes.filter((f) => f.success);
+    const filesChanged = new Set(result.appliedFixes.map((f) => f.file));
+    return {
+        timestamp: result.timestamp,
+        runId: result.runId,
+        compliance: {
+            changeControl: {
+                changesApplied: successfulFixes.length,
+                filesModified: filesChanged.size,
+                verificationPassed: result.verification?.passed || false,
+                rollbackAvailable: !!result.runId,
+            },
+            auditTrail: {
+                evidenceGenerated: false, // Set when evidence is generated
+                gitBranch: result.gitBranch,
+                gitCommit: result.gitCommit,
+                runId: result.runId,
+            },
+            qualityGates: {
+                typecheckPassed: result.verification?.typecheck.passed || false,
+                buildPassed: result.verification?.build.passed || false,
+                testsPassed: result.verification?.tests.passed || false,
+                overallPassed: result.verification?.passed || false,
+            },
+            remediation: {
+                findingsBefore: result.remainingFindings + successfulFixes.length,
+                findingsAfter: result.remainingFindings,
+                improvementPercent: result.remainingFindings + successfulFixes.length > 0
+                    ? ((successfulFixes.length /
+                        (result.remainingFindings + successfulFixes.length)) *
+                        100).toFixed(1)
+                    : '0.0',
+            },
+        },
+    };
+}
+/**
+ * Generate markdown report from autopilot results
+ */
+function generateMarkdownReport(result, projectPath) {
+    const filesChanged = new Set(result.appliedFixes.map((f) => f.file));
+    const successfulFixes = result.appliedFixes.filter((f) => f.success);
+    const failedFixes = result.appliedFixes.filter((f) => !f.success);
+    const complianceMetrics = generateComplianceMetrics(result);
+    const report = [
+        '# Autopilot Execution Report',
+        '',
+        `**Run ID:** ${result.runId || 'N/A'}`,
+        `**Timestamp:** ${result.timestamp}`,
+        `**Profile:** ${result.profile}`,
+        `**Duration:** ${formatDuration(result.duration)}`,
+        '',
+        '## Summary',
+        '',
+        `- **Packs Attempted:** ${result.packsAttempted}`,
+        `- **Packs Succeeded:** ${result.packsSucceeded}`,
+        `- **Packs Failed:** ${result.packsFailed}`,
+        `- **Total Fixes Applied:** ${result.appliedFixes.length}`,
+        `- **Successful Fixes:** ${successfulFixes.length}`,
+        `- **Failed Fixes:** ${failedFixes.length}`,
+        `- **Files Changed:** ${filesChanged.size}`,
+        `- **Remaining Findings:** ${result.remainingFindings}`,
+        '',
+        '## Compliance Metrics',
+        '',
+        `- **Change Control:** ${complianceMetrics.compliance.changeControl.changesApplied} changes applied to ${complianceMetrics.compliance.changeControl.filesModified} files`,
+        `- **Verification:** ${complianceMetrics.compliance.qualityGates.overallPassed ? 'PASSED' : 'FAILED'}`,
+        `- **Audit Trail:** ${complianceMetrics.compliance.auditTrail.runId ? 'Available' : 'Not available'}`,
+        `- **Improvement:** ${complianceMetrics.compliance.remediation.improvementPercent}% reduction in findings`,
+        '',
+        '## Verification Results',
+        '',
+    ];
+    if (result.verification) {
+        const v = result.verification;
+        report.push(`- **Typecheck:** ${v.typecheck.passed ? '✅ PASS' : '❌ FAIL'}`, `- **Build:** ${v.build.passed ? '✅ PASS' : '❌ FAIL'}`, `- **Tests:** ${v.tests.passed ? '✅ PASS' : '❌ FAIL'}`, `- **Overall:** ${v.passed ? '✅ PASS' : '❌ FAIL'}`, '');
+    }
+    else {
+        report.push('- Verification skipped', '');
+    }
+    report.push('## Files Changed', '', ...Array.from(filesChanged)
+        .slice(0, 50)
+        .map((file) => {
+        const fixCount = successfulFixes.filter((f) => f.file === file).length;
+        return `- \`${file}\` (${fixCount} fix${fixCount !== 1 ? 'es' : ''})`;
+    }), filesChanged.size > 50
+        ? `\n... and ${filesChanged.size - 50} more files`
+        : '', '');
+    if (result.gitBranch || result.gitCommit) {
+        report.push('## Git Integration', '');
+        if (result.gitBranch) {
+            report.push(`- **Branch:** ${result.gitBranch}`);
+        }
+        if (result.gitCommit) {
+            report.push(`- **Commit:** ${result.gitCommit}`);
+        }
+        report.push('');
+    }
+    if (result.errors.length > 0) {
+        report.push('## Errors', '');
+        result.errors.forEach((error) => {
+            report.push(`- ${error}`);
+        });
+        report.push('');
+    }
+    report.push('## Verdict', '');
+    const passed = result.verification?.passed && result.newScanVerdict === 'pass';
+    report.push(passed ? '✅ **PASS**' : '❌ **FAIL**');
+    return report.join('\n');
+}
+/**
+ * Save markdown report to file
+ */
+function saveMarkdownReport(result, projectPath, options) {
+    if (options.json || !options.report)
+        return;
+    try {
+        const reportDir = (0, path_1.join)(projectPath, '.guardrail', 'reports');
+        if (!(0, fs_1.existsSync)(reportDir)) {
+            (0, fs_1.mkdirSync)(reportDir, { recursive: true });
+        }
+        const timestamp = new Date()
+            .toISOString()
+            .replace(/[:.]/g, '-')
+            .split('T')[0];
+        const runId = result.runId || 'unknown';
+        const reportPath = (0, path_1.join)(reportDir, `autopilot-${timestamp}-${String(runId).slice(0, 8)}.md`);
+        const report = generateMarkdownReport(result, projectPath);
+        (0, fs_1.writeFileSync)(reportPath, report, 'utf8');
+        console.log(`${c.info('📄')} Report saved: ${c.dim(reportPath)}\n`);
+    }
+    catch (err) {
+        console.log(`${c.error('⚠')} ${c.dim('Failed to save report, continuing...')}\n`);
+    }
+}
+/**
+ * Write enterprise audit log
+ */
+function writeAuditLog(entry, projectPath) {
+    try {
+        const auditDir = (0, path_1.join)(projectPath, '.guardrail', 'audit');
+        if (!(0, fs_1.existsSync)(auditDir)) {
+            (0, fs_1.mkdirSync)(auditDir, { recursive: true });
+        }
+        const timestamp = new Date()
+            .toISOString()
+            .replace(/[:.]/g, '-')
+            .split('T')[0];
+        const auditFile = (0, path_1.join)(auditDir, `autopilot-audit-${timestamp}.jsonl`);
+        // Append to audit log (JSONL format for easy streaming)
+        const logLine = JSON.stringify(entry) + '\n';
+        (0, fs_1.writeFileSync)(auditFile, logLine, { flag: 'a' });
+    }
+    catch (err) {
+        // Audit logging should not fail the operation
+    }
+}
+/**
+ * Save autopilot state for resume capability
+ */
+function saveAutopilotState(runId, state, projectPath) {
+    try {
+        const stateDir = (0, path_1.join)(projectPath, '.guardrail', 'autopilot-state');
+        if (!(0, fs_1.existsSync)(stateDir)) {
+            (0, fs_1.mkdirSync)(stateDir, { recursive: true });
+        }
+        const statePath = (0, path_1.join)(stateDir, `${runId}.json`);
+        const stateData = {
+            runId,
+            timestamp: new Date().toISOString(),
+            ...state,
+        };
+        (0, fs_1.writeFileSync)(statePath, JSON.stringify(stateData, null, 2), 'utf8');
+    }
+    catch (err) {
+        // Silently fail - state saving is optional
+    }
+}
+/**
+ * Load autopilot state for resume
+ */
+function loadAutopilotState(runId, projectPath) {
+    try {
+        const statePath = (0, path_1.join)(projectPath, '.guardrail', 'autopilot-state', `${runId}.json`);
+        if (!(0, fs_1.existsSync)(statePath)) {
+            return null;
+        }
+        const stateContent = (0, fs_1.readFileSync)(statePath, 'utf8');
+        return JSON.parse(stateContent);
+    }
+    catch (err) {
+        return null;
+    }
+}
+/**
+ * List previous autopilot runs
+ */
+function listAutopilotRuns(projectPath) {
+    const stateDir = (0, path_1.join)(projectPath, '.guardrail', 'autopilot-state');
+    if (!(0, fs_1.existsSync)(stateDir)) {
+        return [];
+    }
+    try {
+        const files = (0, fs_1.readdirSync)(stateDir).filter((f) => f.endsWith('.json'));
+        const runs = [];
+        for (const file of files) {
+            try {
+                const filePath = (0, path_1.join)(stateDir, file);
+                const content = (0, fs_1.readFileSync)(filePath, 'utf8');
+                const state = JSON.parse(content);
+                const stat = (0, fs_1.statSync)(filePath);
+                runs.push({
+                    runId: state.runId || file.replace('.json', ''),
+                    timestamp: state.timestamp || stat.mtime.toISOString(),
+                    mode: state.mode || 'unknown',
+                });
+            }
+            catch {
+                // Skip invalid files
+            }
+        }
+        return runs.sort((a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime());
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Export plan to JSON file
+ */
+function exportPlan(plan, projectPath, outputPath) {
+    const exportDir = (0, path_1.join)(projectPath, '.guardrail', 'exports');
+    if (!(0, fs_1.existsSync)(exportDir)) {
+        (0, fs_1.mkdirSync)(exportDir, { recursive: true });
+    }
+    const timestamp = new Date()
+        .toISOString()
+        .replace(/[:.]/g, '-')
+        .split('T')[0];
+    const filename = outputPath || `autopilot-plan-${timestamp}.json`;
+    const fullPath = outputPath ? (0, path_1.resolve)(outputPath) : (0, path_1.join)(exportDir, filename);
+    (0, fs_1.writeFileSync)(fullPath, JSON.stringify(plan, null, 2), 'utf8');
+    return fullPath;
+}
+/**
+ * Import plan from JSON file
+ */
+function importPlan(planPath) {
+    try {
+        const content = (0, fs_1.readFileSync)(planPath, 'utf8');
+        const plan = JSON.parse(content);
+        // Basic validation
+        if (plan.mode === 'plan' && plan.packs && Array.isArray(plan.packs)) {
+            return plan;
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Main autopilot command handler with enhanced features
+ */
+async function runAutopilotCommand(projectPath, options) {
+    const resolvedPath = (0, path_1.resolve)(projectPath);
+    if (!(0, fs_1.existsSync)(resolvedPath)) {
+        (0, exit_codes_1.exitWith)(exit_codes_1.ExitCode.USER_ERROR, `Project path does not exist: ${resolvedPath}`);
+    }
+    // Load configuration from file and merge with CLI options
+    const fileConfig = loadAutopilotConfig(resolvedPath);
+    const mergedOptions = {
+        ...fileConfig,
+        ...options,
+        // CLI options take precedence
+        profile: options.profile || fileConfig.profile || 'ship',
+        maxFixes: options.maxFixes
+            ? parseInt(options.maxFixes, 10)
+            : fileConfig.maxFixes,
+        verify: options.verify !== undefined
+            ? options.verify !== false
+            : fileConfig.verify !== false,
+        force: options.force || fileConfig.force || false,
+    };
+    // Auto-detect CI mode
+    const isCI = isCIEnvironment();
+    if (isCI && !options.interactive && !options.json) {
+        mergedOptions.interactive = false;
+        mergedOptions.verify = mergedOptions.verify !== false;
+    }
+    const progressCallback = createProgressCallback(mergedOptions);
+    let currentSpinner = null;
+    try {
+        // Handle list runs command
+        if (mergedOptions.list) {
+            const runs = listAutopilotRuns(resolvedPath);
+            if (mergedOptions.json) {
+                console.log(JSON.stringify(runs, null, 2));
+                return;
+            }
+            console.log(`\n${separator(80)}`);
+            console.log(`${c.bold('📋 PREVIOUS AUTOPILOT RUNS')}`);
+            console.log(`${separator(80)}\n`);
+            if (runs.length === 0) {
+                console.log(`  ${c.dim('No previous runs found')}\n`);
+                return;
+            }
+            console.log(tableRow(c.bold('Run ID'), c.bold('Mode'), c.bold('Timestamp')));
+            console.log(`${separator(80)}`);
+            runs.slice(0, 20).forEach((run) => {
+                const date = new Date(run.timestamp).toLocaleString();
+                console.log(tableRow(c.info(run.runId.slice(0, 16) + '...'), c.dim(run.mode), c.dim(date)));
+            });
+            if (runs.length > 20) {
+                console.log(`${c.dim(`  ... and ${runs.length - 20} more runs`)}`);
+            }
+            console.log(`${separator(80)}\n`);
+            return;
+        }
+        // Handle import plan
+        if (mergedOptions.import) {
+            const plan = importPlan(mergedOptions.import);
+            if (!plan) {
+                (0, exit_codes_1.exitWith)(exit_codes_1.ExitCode.USER_ERROR, `Failed to import plan from ${mergedOptions.import}`);
+            }
+            outputPlanResult(plan, mergedOptions);
+            if (mergedOptions.apply) {
+                const confirmed = await promptConfirm('Apply imported plan?', false);
+                if (!confirmed) {
+                    console.log(`\n  ${c.dim('Cancelled by user')}\n`);
+                    return;
+                }
+                // Continue to apply mode with imported plan
+                // This would need to be integrated with the apply flow
+                console.log(`${c.info('→')} ${c.dim('Applying imported plan...')}\n`);
+            }
+            else {
+                return;
+            }
+        }
+        if (mergedOptions.rollback) {
+            if (!mergedOptions.runId) {
+                (0, exit_codes_1.exitWith)(exit_codes_1.ExitCode.USER_ERROR, '--run-id is required for rollback');
+            }
+            if (!mergedOptions.json) {
+                currentSpinner = createSpinner('Rolling back changes...');
+            }
+            const rollbackOptions = {
+                projectPath: resolvedPath,
+                mode: 'rollback',
+                runId: mergedOptions.runId,
+                onProgress: progressCallback,
+            };
+            const result = (await (0, core_1.runAutopilot)(rollbackOptions));
+            if (currentSpinner) {
+                currentSpinner.stop(result.success, result.success ? 'Rollback complete' : 'Rollback failed');
+            }
+            outputRollbackResult(result, mergedOptions);
+            if (!result.success) {
+                (0, exit_codes_1.exitWith)(exit_codes_1.ExitCode.SYSTEM_ERROR, result.message);
+            }
+            return;
+        }
+        // Plan mode (dry-run by default, or explicit --plan)
+        if (mergedOptions.plan || (mergedOptions.dryRun && !mergedOptions.apply)) {
+            if (!mergedOptions.json) {
+                currentSpinner = createSpinner('Generating plan...');
+            }
+            const planOptions = {
+                projectPath: resolvedPath,
+                mode: 'plan',
+                profile: mergedOptions.profile || 'ship',
+                maxFixes: mergedOptions.maxFixes,
+                onProgress: progressCallback,
+            };
+            const result = (await (0, core_1.runAutopilot)(planOptions));
+            if (currentSpinner) {
+                currentSpinner.stop(true, 'Plan generated');
+            }
+            // Save state for potential resume
+            if (result.packs.length > 0) {
+                const runId = crypto.randomBytes(8).toString('hex');
+                saveAutopilotState(runId, {
+                    mode: 'plan',
+                    options: planOptions,
+                    planResult: result,
+                }, resolvedPath);
+            }
+            // Enterprise audit logging for plan
+            if (mergedOptions.audit !== false) {
+                const user = process.env.USER ||
+                    process.env.USERNAME ||
+                    process.env.GUARDRAIL_USER ||
+                    'unknown';
+                writeAuditLog({
+                    timestamp: new Date().toISOString(),
+                    runId: crypto.randomBytes(8).toString('hex'),
+                    action: 'plan',
+                    user,
+                    projectPath: resolvedPath,
+                    outcome: 'success',
+                    details: {
+                        totalFindings: result.totalFindings,
+                        fixableFindings: result.fixableFindings,
+                        packsCount: result.packs.length,
+                        profile: result.profile,
+                    },
+                    compliance: {
+                        evidenceGenerated: false,
+                        fixesApplied: 0,
+                        filesChanged: 0,
+                    },
+                }, resolvedPath);
+            }
+            outputPlanResult(result, mergedOptions);
+            // Export plan if requested
+            if (mergedOptions.export) {
+                const exportPath = exportPlan(result, resolvedPath, mergedOptions.export);
+                console.log(`${c.info('💾')} Plan exported: ${c.dim(exportPath)}\n`);
+            }
+            // Generate evidence if requested
+            if (mergedOptions.evidence && !mergedOptions.json) {
+                const evidenceSpinner = createSpinner('Generating evidence pack...');
+                try {
+                    await (0, evidence_1.generateEvidence)('autopilot-plan', result, resolvedPath);
+                    evidenceSpinner.stop(true, 'Evidence pack generated');
+                }
+                catch (err) {
+                    evidenceSpinner.stop(false, 'Evidence generation failed');
+                    console.log(`${c.error('⚠')} ${c.dim('Evidence generation failed, continuing...')}\n`);
+                }
+            }
+            return;
+        }
+        // Apply mode
+        const applyOptions = {
+            projectPath: resolvedPath,
+            mode: 'apply',
+            profile: mergedOptions.profile || 'ship',
+            maxFixes: mergedOptions.maxFixes,
+            dryRun: mergedOptions.dryRun || false,
+            interactive: mergedOptions.interactive || false,
+            verify: mergedOptions.verify !== false,
+            runId: mergedOptions.runId,
+            force: mergedOptions.force || false,
+            branchStrategy: mergedOptions.branchStrategy,
+            onProgress: progressCallback,
+        };
+        // If interactive mode, run plan first and let user select packs
+        if (mergedOptions.interactive && !isCI) {
+            if (!mergedOptions.json) {
+                currentSpinner = createSpinner('Generating plan...');
+            }
+            const planOptions = {
+                projectPath: resolvedPath,
+                mode: 'plan',
+                profile: applyOptions.profile,
+                maxFixes: applyOptions.maxFixes,
+                onProgress: progressCallback,
+            };
+            const planResult = (await (0, core_1.runAutopilot)(planOptions));
+            if (currentSpinner) {
+                currentSpinner.stop(true, 'Plan generated');
+            }
+            if (planResult.packs.length === 0) {
+                console.log(`\n  ${c.success('✓')} ${c.bold('No fixable issues found')}\n`);
+                return;
+            }
+            outputPlanResult(planResult, { json: false });
+            const selectedPacks = await selectPacksInteractively(planResult.packs);
+            if (selectedPacks.length === 0) {
+                console.log(`\n  ${c.dim('Cancelled by user')}\n`);
+                return;
+            }
+            applyOptions.packIds = selectedPacks.map((p) => p.id);
+            const confirmed = await promptConfirm(`Apply ${selectedPacks.length} selected pack(s)?`, false);
+            if (!confirmed) {
+                console.log(`\n  ${c.dim('Cancelled by user')}\n`);
+                return;
+            }
+        }
+        if (!mergedOptions.json && !mergedOptions.dryRun) {
+            currentSpinner = createSpinner('Running autopilot...');
+        }
+        // Check if resuming from a previous run
+        if (mergedOptions.runId && !mergedOptions.rollback) {
+            const savedState = loadAutopilotState(mergedOptions.runId, resolvedPath);
+            if (savedState && savedState.planResult) {
+                if (!mergedOptions.json) {
+                    console.log(`${c.info('↻')} ${c.dim(`Resuming from run ${mergedOptions.runId}`)}\n`);
+                }
+                // Could use saved plan result here if needed
+            }
+        }
+        const result = (await (0, core_1.runAutopilot)(applyOptions));
+        if (currentSpinner) {
+            const success = result.verification?.passed && result.newScanVerdict === 'pass';
+            currentSpinner.stop(success, success ? 'Autopilot complete' : 'Autopilot completed with issues');
+        }
+        // Save state for potential resume
+        if (result.runId) {
+            saveAutopilotState(result.runId, {
+                mode: 'apply',
+                options: applyOptions,
+                applyResult: result,
+            }, resolvedPath);
+        }
+        // Enterprise audit logging
+        if (mergedOptions.audit !== false) {
+            const user = process.env.USER ||
+                process.env.USERNAME ||
+                process.env.GUARDRAIL_USER ||
+                'unknown';
+            const outcome = result.verification?.passed && result.newScanVerdict === 'pass'
+                ? 'success'
+                : result.packsSucceeded > 0
+                    ? 'partial'
+                    : 'failure';
+            const filesChanged = new Set(result.appliedFixes.map((f) => f.file));
+            writeAuditLog({
+                timestamp: new Date().toISOString(),
+                runId: result.runId || 'unknown',
+                action: 'apply',
+                user,
+                projectPath: resolvedPath,
+                outcome,
+                details: {
+                    packsAttempted: result.packsAttempted,
+                    packsSucceeded: result.packsSucceeded,
+                    packsFailed: result.packsFailed,
+                    fixesApplied: result.appliedFixes.filter((f) => f.success).length,
+                    duration: result.duration,
+                    profile: result.profile,
+                },
+                compliance: {
+                    evidenceGenerated: !!mergedOptions.evidence,
+                    gitBranch: result.gitBranch,
+                    verificationPassed: result.verification?.passed,
+                    fixesApplied: result.appliedFixes.filter((f) => f.success).length,
+                    filesChanged: filesChanged.size,
+                },
+            }, resolvedPath);
+        }
+        outputApplyResult(result, mergedOptions);
+        // Generate markdown report if requested
+        if (mergedOptions.report && !mergedOptions.json && !mergedOptions.dryRun) {
+            saveMarkdownReport(result, resolvedPath, mergedOptions);
+        }
+        // Generate evidence if requested
+        if (mergedOptions.evidence &&
+            !mergedOptions.json &&
+            !mergedOptions.dryRun) {
+            const evidenceSpinner = createSpinner('Generating evidence pack...');
+            try {
+                await (0, evidence_1.generateEvidence)('autopilot-apply', result, resolvedPath);
+                evidenceSpinner.stop(true, 'Evidence pack generated');
+            }
+            catch (err) {
+                evidenceSpinner.stop(false, 'Evidence generation failed');
+                console.log(`${c.error('⚠')} ${c.dim('Evidence generation failed, continuing...')}\n`);
+            }
+        }
+        // Determine exit code based on results
+        if (mergedOptions.dryRun) {
+            // Dry-run always exits successfully (just shows what would happen)
+            return;
+        }
+        const passed = result.verification?.passed && result.newScanVerdict === 'pass';
+        if (!passed) {
+            (0, exit_codes_1.exitWith)(exit_codes_1.ExitCode.POLICY_FAIL, 'Autopilot verification failed or scan verdict is FAIL');
+        }
+    }
+    catch (error) {
+        if (currentSpinner) {
+            currentSpinner.stop(false, 'Failed');
+        }
+        const errorMessage = error?.message || String(error);
+        console.error(`\n  ${c.error('✗')} ${c.bold('Autopilot failed:')} ${errorMessage}\n`);
+        // Provide helpful recovery suggestions
+        const errorLower = errorMessage.toLowerCase();
+        if (errorLower.includes('entitlement') || errorLower.includes('feature')) {
+            console.log(`${c.info('💡')} ${c.bold('Recovery suggestions:')}`);
+            console.log(`   ${c.dim('→')} Verify your account has access to the autopilot feature`);
+            console.log(`   ${c.dim('→')} Check your subscription tier at https://guardrail.dev/pricing`);
+            console.log(`   ${c.dim('→')} Contact support if you believe this is an error\n`);
+            (0, exit_codes_1.exitWith)(exit_codes_1.ExitCode.AUTH_FAILURE, errorMessage);
+        }
+        else if (errorLower.includes('git')) {
+            console.log(`${c.info('💡')} ${c.bold('Recovery suggestions:')}`);
+            console.log(`   ${c.dim('→')} Ensure you are in a git repository or run with a clean working tree`);
+            console.log(`   ${c.dim('→')} Check git status: git status`);
+            console.log(`   ${c.dim('→')} Autopilot will use backup-based rollback if git is unavailable\n`);
+        }
+        else if (errorLower.includes('permission') ||
+            errorLower.includes('access')) {
+            console.log(`${c.info('💡')} ${c.bold('Recovery suggestions:')}`);
+            console.log(`   ${c.dim('→')} Check file permissions in the project directory`);
+            console.log(`   ${c.dim('→')} Ensure you have write access to the project files`);
+            console.log(`   ${c.dim('→')} Try running with elevated permissions if necessary\n`);
+        }
+        else if (errorLower.includes('network') ||
+            errorLower.includes('timeout')) {
+            console.log(`${c.info('💡')} ${c.bold('Recovery suggestions:')}`);
+            console.log(`   ${c.dim('→')} Check your internet connection`);
+            console.log(`   ${c.dim('→')} Verify the Guardrail API is accessible`);
+            console.log(`   ${c.dim('→')} Retry the operation after connectivity is restored\n`);
+        }
+        // Check for entitlement errors
+        if (errorMessage.toLowerCase().includes('autopilot') &&
+            (errorMessage.toLowerCase().includes('entitlement') ||
+                errorMessage.toLowerCase().includes('feature'))) {
+            (0, exit_codes_1.exitWith)(exit_codes_1.ExitCode.AUTH_FAILURE, errorMessage);
+        }
+        (0, exit_codes_1.exitWith)(exit_codes_1.ExitCode.SYSTEM_ERROR, errorMessage);
+    }
+}
+/**
+ * Register the autopilot command
+ */
+function registerAutopilotCommand(program, requireAuth, printLogo) {
+    program
+        .command('autopilot')
+        .description('Autopilot batch remediation system (PRO feature)')
+        .addHelpText('after', `
+Examples:
+  $ guardrail autopilot --plan              Generate and display fix plan
+  $ guardrail autopilot --dry-run           Preview changes without applying
+  $ guardrail autopilot --interactive       Interactive pack selection
+  $ guardrail autopilot --max-fixes=10      Limit fixes per category
+  $ guardrail autopilot --evidence          Generate evidence pack
+  $ guardrail autopilot --report            Generate markdown report
+  $ guardrail autopilot --export plan.json  Export plan to file
+  $ guardrail autopilot --import plan.json  Import and apply plan
+  $ guardrail autopilot --list              List previous runs
+  $ guardrail autopilot --format sarif      Output as SARIF format
+  $ guardrail autopilot --compare           Show before/after comparison
+  $ guardrail autopilot --rollback --run-id <id>  Rollback previous run
+
+Features:
+  • Automated issue detection and grouping
+  • Batch fix application with verification
+  • Automatic rollback on failure
+  • Git integration with branch creation
+  • Evidence generation for compliance
+  • Interactive pack selection
+  • Detailed reporting and statistics
+  • Configuration file support (.guardrail/autopilot.json)
+  • CI/CD mode with auto-detection
+  • State persistence and resume capability
+  • Plan export/import functionality
+  • Run history and management
+  • SARIF output format for CI/CD integration
+  • Before/after comparison statistics
+  • Enterprise audit logging (JSONL format)
+  • Compliance metrics and reporting
+  • Change control tracking
+  • Quality gate enforcement
+
+Enterprise Features:
+  • Audit trail with user attribution
+  • Compliance framework support (SOC2, GDPR, etc.)
+  • Change control verification
+  • Evidence generation for audits
+  • Quality gate enforcement
+  • Rollback capability with audit trail
+
+Configuration:
+  Create .guardrail/autopilot.json to set default options:
+  {
+    "profile": "ship",
+    "maxFixes": 50,
+    "verify": true,
+    "force": false,
+    "branchStrategy": "worktree",
+    "audit": true,
+    "compliance": true,
+    "evidence": false,
+    "security": {
+      "requireEvidence": false,
+      "requireVerification": true,
+      "allowHighRisk": false,
+      "maxConcurrentFixes": 10
+    },
+    "complianceFrameworks": ["SOC2", "GDPR"]
+  }
+
+Enterprise Security:
+  • Audit logging enabled by default (disable with --no-audit)
+  • Evidence generation for compliance audits (--evidence)
+  • Quality gate enforcement (--no-verify disabled by policy)
+  • Change control tracking and verification
+  • User attribution in audit logs
+  • Rollback capability with full audit trail
+    `)
+        .option('-p, --path <path>', 'Project path to scan', '.')
+        .option('--profile <profile>', 'Scan profile: quick, full, ship, ci', 'ship')
+        .option('--dry-run', 'Show plan without applying changes', false)
+        .option('--plan', 'Generate and display plan only', false)
+        .option('--apply', 'Apply fixes (default if not --plan or --dry-run)', false)
+        .option('--rollback', 'Rollback a previous autopilot run', false)
+        .option('--run-id <id>', 'Run ID for rollback or resuming', '')
+        .option('--interactive', 'Interactive pack selection and confirmation', false)
+        .option('--max-fixes <number>', 'Maximum number of fixes per pack category', '')
+        .option('--no-verify', 'Skip verification after applying fixes', false)
+        .option('--force', 'Apply high-risk packs without confirmation', false)
+        .option('--evidence', 'Generate signed evidence pack', false)
+        .option('--report', 'Generate markdown report in .guardrail/reports', false)
+        .option('--export <file>', 'Export plan to JSON file', '')
+        .option('--import <file>', 'Import plan from JSON file', '')
+        .option('--list', 'List previous autopilot runs', false)
+        .option('--format <format>', 'Output format: table, json, sarif', 'table')
+        .option('--json', 'Output results as JSON (alias for --format json)', false)
+        .option('--sarif', 'Output results as SARIF format', false)
+        .option('--compare', 'Show before/after comparison statistics', false)
+        .option('--compliance', 'Show compliance metrics and summary', false)
+        .option('--no-audit', 'Disable enterprise audit logging', false)
+        .option('--config <file>', 'Path to autopilot config file (default: .guardrail/autopilot.json)', '')
+        .action(async (opts) => {
+        requireAuth();
+        printLogo();
+        // Normalize format options
+        if (opts.json) {
+            opts.format = 'json';
+        }
+        else if (opts.sarif) {
+            opts.format = 'sarif';
+        }
+        else if (!opts.format) {
+            opts.format = 'table';
+        }
+        // Show CI mode indicator
+        if (isCIEnvironment() &&
+            opts.format !== 'json' &&
+            opts.format !== 'sarif') {
+            console.log(`${c.dim('🔧 Running in CI/CD mode (non-interactive)')}\n`);
+        }
+        if (opts.format !== 'json' && opts.format !== 'sarif') {
+            console.log(`\n${c.bold('🤖 AUTOPILOT')}\n`);
+        }
+        await runAutopilotCommand(opts.path, opts);
+    });
+}
+//# sourceMappingURL=autopilot.js.map