@vibecheckai/cli 3.2.0 → 3.2.2

package/bin/runners/lib/unified-output.js

@@ -1,189 +1,193 @@
 /**
- * Unified Output System
- * 
- * Provides consistent, deterministic output across all vibecheck commands.
- * This is what makes vibecheck feel "enterprise-grade".
+ * Unified Output System - World Class
+ * * The central nervous system for Vibecheck's CLI output.
+ * Delivers consistent, high-fidelity visualization and strict exit code compliance.
  */
 
-// Graceful fallback for missing compiled modules
-let EXIT_CODES, formatVerdictOutput;
+"use strict";
 
-// Exit codes per product spec:
-// 0 = SHIP / no blockers
-// 1 = WARN (allowed if you choose)
-// 2 = BLOCK / blockers found
-EXIT_CODES = {
+const chalk = require('chalk'); 
+const os = require('os');
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// CONFIGURATION & CONSTANTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const EXIT_CODES = {
   SHIP: 0,      // Ready to ship, no blockers
-  PASS: 0,      // Alias for SHIP
-  WARN: 1,      // Warnings found (allowed)
-  BLOCK: 2,     // Blockers found, do not ship
-  FAIL: 2,      // Alias for BLOCK
-  MISCONFIG: 2, // Configuration error = block
-  INTERNAL: 2,  // Internal error = block (safe default)
+  WARN: 1,      // Warnings found (allowed via flag)
+  BLOCK: 2,     // Blockers found (hard stop)
+  INTERNAL: 2,  // Internal error (hard stop)
+  MISCONFIG: 2, // Configuration error (hard stop)
 };
 
-try {
-  const verdictFormatter = require('../../../dist/lib/cli/verdict-formatter');
-  formatVerdictOutput = verdictFormatter.formatVerdictOutput;
-} catch (err) {
-  // Fallback when dist not built
-  formatVerdictOutput = (verdict, options) => {
-    const c = {
-      reset: '\x1b[0m',
-      green: '\x1b[32m',
-      red: '\x1b[31m',
-      yellow: '\x1b[33m',
-      cyan: '\x1b[36m',
-      dim: '\x1b[2m',
-      bold: '\x1b[1m',
-    };
-    
-    if (!verdict) return 'No verdict available';
-    
-    const icon = verdict.verdict === 'PASS' ? `${c.green}✓${c.reset}` : 
-                 verdict.verdict === 'FAIL' ? `${c.red}✗${c.reset}` : 
-                 `${c.yellow}⚠${c.reset}`;
-    
-    let output = `\n${icon} ${c.bold}${verdict.verdict}${c.reset}\n`;
-    
-    if (verdict.summary) {
-      output += `\n${c.dim}Summary:${c.reset}\n`;
-      output += `  Blockers: ${verdict.summary.blockers || 0}\n`;
-      output += `  Warnings: ${verdict.summary.warnings || 0}\n`;
-    }
-    
-    if (verdict.findings && verdict.findings.length > 0) {
-      output += `\n${c.dim}Findings:${c.reset}\n`;
-      for (const finding of verdict.findings.slice(0, 10)) {
-        const sevColor = finding.severity === 'critical' ? c.red : 
-                        finding.severity === 'high' ? c.red : 
-                        finding.severity === 'medium' ? c.yellow : c.dim;
-        output += `  ${sevColor}[${finding.severity?.toUpperCase() || 'INFO'}]${c.reset} ${finding.title || finding.message || 'Unknown issue'}\n`;
-        if (finding.file) {
-          output += `    ${c.cyan}${finding.file}${finding.line ? `:${finding.line}` : ''}${c.reset}\n`;
-        }
-      }
-      if (verdict.findings.length > 10) {
-        output += `  ${c.dim}... and ${verdict.findings.length - 10} more${c.reset}\n`;
-      }
-    }
-    
-    return output;
-  };
+const WIDTH = 76;
+
+const BOX = {
+  tl: '╔', tr: '╗', bl: '╚', br: '╝', h: '═', v: '║',
+  trT: '╠', tlT: '╣',
+  // Light (Inner)
+  ltl: '┌', ltr: '┐', lbl: '└', lbr: '┘', lh: '─', lv: '│',
+  lt: '┬', lb: '┴', lx: '┼', ltrT: '├', ltlT: '┤'
+};
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// VISUAL RENDERING ENGINE
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function padCenter(str, width) {
+  const visibleLen = str.replace(/\u001b\[\d+m/g, '').length;
+  const padding = Math.max(0, width - visibleLen);
+  const left = Math.floor(padding / 2);
+  return ' '.repeat(left) + str + ' '.repeat(padding - left);
 }
 
-/**
- * Format scan output with unified contract
- */
-function formatScanOutput(result, options = {}) {
-  const { verbose = false, json = false } = options;
-  
-  if (json) {
-    return JSON.stringify(result, null, 2);
-  }
-  
-  return formatVerdictOutput(result.verdict, { verbose, json });
+function padRight(str, len) {
+  const visibleLen = str.length;
+  const truncated = visibleLen > len ? str.substring(0, len - 3) + '...' : str;
+  return truncated + ' '.repeat(Math.max(0, len - truncated.length));
 }
 
-/**
- * Get exit code from verdict
- * Per spec: 0=SHIP, 1=WARN, 2=BLOCK
- */
-function getExitCode(verdict) {
-  if (!verdict) return EXIT_CODES.BLOCK; // Safe default
-  
-  switch (verdict.verdict) {
-    case 'SHIP':
-    case 'PASS':
-      return EXIT_CODES.SHIP;    // 0
-    case 'WARN':
-      return EXIT_CODES.WARN;    // 1
-    case 'BLOCK':
-    case 'FAIL':
-      return EXIT_CODES.BLOCK;   // 2
-    case 'ERROR':
-    case 'MISCONFIG':
-      return EXIT_CODES.BLOCK;   // 2 (safe default)
-    default:
-      return EXIT_CODES.BLOCK;   // 2 (safe default)
-  }
+function renderProgressBar(score, width = 20) {
+  const filled = Math.round((score / 100) * width);
+  return chalk.green('█'.repeat(filled)) + chalk.gray('░'.repeat(width - filled));
 }
 
-/**
- * Handle errors with proper exit codes
- */
-function handleError(error, context = '') {
-  const errorType = classifyError(error);
+// --- The Core Formatter ---
+
+function renderVerdict(verdictData, options = {}) {
+  const { 
+    score = 0, 
+    findings = [], 
+    duration = 0, 
+    scannedFiles = 0 
+  } = verdictData;
+
+  const lines = [];
+  const hasIssues = findings.length > 0;
   
-  let exitCode = EXIT_CODES.INTERNAL;
-  let message = error.message || 'Unknown error';
-  let nextStep = 'Run: vibecheck doctor';
+  // 1. FRAME HEADER
+  lines.push(chalk.gray(BOX.tl + BOX.h.repeat(WIDTH - 2) + BOX.tr));
+  lines.push(chalk.gray(BOX.v) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.v));
+
+  // 2. CLEAN HEADER (No ASCII Logo)
+  const titleColor = hasIssues ? chalk.red.bold : chalk.cyan.bold;
+  const subTitle = hasIssues ? 'INTEGRITY SCAN • ISSUES DETECTED' : 'INTEGRITY SCAN • CLEAN';
   
-  switch (errorType) {
-    case 'MISCONFIG':
-      exitCode = EXIT_CODES.MISCONFIG;
-      message = `Configuration error: ${message}`;
-      nextStep = 'Run: vibecheck doctor --fix';
-      break;
-    case 'MISSING_DEPS':
-      exitCode = EXIT_CODES.MISCONFIG;
-      message = `Missing dependencies: ${message}`;
-      nextStep = 'Run: vibecheck doctor';
-      break;
-    case 'PERMISSION':
-      exitCode = EXIT_CODES.MISCONFIG;
-      message = `Permission error: ${message}`;
-      nextStep = 'Check file permissions and run: vibecheck doctor';
-      break;
-    default:
-      exitCode = EXIT_CODES.INTERNAL;
-      message = `Internal error: ${message}`;
-      nextStep = 'This looks like a bug. Run: vibecheck doctor';
+  // Add some vertical padding for elegance
+  lines.push(chalk.gray(BOX.v) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.v));
+  lines.push(chalk.gray(BOX.v) + padCenter(titleColor(subTitle), WIDTH - 2) + chalk.gray(BOX.v));
+  lines.push(chalk.gray(BOX.v) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.v));
+
+  // 3. TELEMETRY
+  lines.push(chalk.gray(BOX.trT + BOX.h.repeat(WIDTH - 2) + BOX.tlT));
+  const heapMB = Math.round(process.memoryUsage().heapUsed / 1024 / 1024);
+  const stats = `📡 TELEMETRY  │ ⏱  ${duration}ms  │ 📂 ${scannedFiles || '?'} Files  │ 📦 ${heapMB}MB`;
+  lines.push(chalk.gray(BOX.v) + padCenter(stats, WIDTH - 2) + chalk.gray(BOX.v));
+  lines.push(chalk.gray(BOX.trT + BOX.h.repeat(WIDTH - 2) + BOX.tlT));
+
+  if (!hasIssues) {
+    // CLEAN STATE
+    lines.push(chalk.gray(BOX.v) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.v));
+    lines.push(chalk.gray(BOX.v) + padCenter(chalk.green('✅  NO STATIC ISSUES FOUND'), WIDTH - 2) + chalk.gray(BOX.v));
+    lines.push(chalk.gray(BOX.v) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.v));
+  } else {
+    // ISSUES STATE
+    lines.push(chalk.gray(BOX.v) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.v));
+    const scoreBar = renderProgressBar(score, 20);
+    lines.push(chalk.gray(BOX.v) + padCenter(`HEALTH SCORE    [${scoreBar}] ${score} / 100`, WIDTH + 18) + chalk.gray(BOX.v));
+    lines.push(chalk.gray(BOX.v) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.v));
+
+    // TABLE HEADER
+    lines.push(chalk.gray(BOX.v) + padCenter('DETECTED VULNERABILITIES', WIDTH - 2) + chalk.gray(BOX.v));
+    
+    // Hardcoded column widths for perfect alignment
+    const C1=10, C2=13, C3=41; 
+    
+    const tTop = `  ${BOX.ltl}${BOX.lh.repeat(C1)}${BOX.lt}${BOX.lh.repeat(C2)}${BOX.lt}${BOX.lh.repeat(C3)}${BOX.ltr}  `;
+    const tMid = `  ${BOX.ltrT}${BOX.lh.repeat(C1)}${BOX.lx}${BOX.lh.repeat(C2)}${BOX.lx}${BOX.lh.repeat(C3)}${BOX.ltlT}  `;
+    const tBot = `  ${BOX.lbl}${BOX.lh.repeat(C1)}${BOX.lb}${BOX.lh.repeat(C2)}${BOX.lb}${BOX.lh.repeat(C3)}${BOX.lbr}  `;
+
+    lines.push(chalk.gray(BOX.v) + chalk.gray(tTop) + chalk.gray(BOX.v));
+    const header = `  ${BOX.lv}${padRight(' SEVERITY', C1)}${BOX.lv}${padRight(' TYPE', C2)}${BOX.lv}${padRight(' FINDING', C3)}${BOX.lv}  `;
+    lines.push(chalk.gray(BOX.v) + chalk.bold(header) + chalk.gray(BOX.v));
+    lines.push(chalk.gray(BOX.v) + chalk.gray(tMid) + chalk.gray(BOX.v));
+
+    // ROWS
+    findings.slice(0, 5).forEach(f => {
+      const sev = (f.severity === 'critical' || f.severity === 'BLOCK') ? chalk.red('🛑 CRIT  ') : chalk.yellow('🟡 WARN  ');
+      const row = `  ${chalk.gray(BOX.lv)}${sev}${chalk.gray(BOX.lv)}${padRight(' '+(f.category||'General'), C2)}${chalk.gray(BOX.lv)}${padRight(' '+(f.message||f.title), C3)}${chalk.gray(BOX.lv)}  `;
+      lines.push(chalk.gray(BOX.v) + row + chalk.gray(BOX.v));
+    });
+
+    lines.push(chalk.gray(BOX.v) + chalk.gray(tBot) + chalk.gray(BOX.v));
+    lines.push(chalk.gray(BOX.v) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.v));
+
+    // UPSELL (REDACTED STYLE)
+    lines.push(chalk.gray(BOX.trT + BOX.h.repeat(WIDTH - 2) + BOX.tlT));
+    const lockTitle = chalk.white.bold('🔒 DEEP SCAN ANALYSIS: ') + chalk.gray('UNAVAILABLE');
+    lines.push(chalk.gray(BOX.v) + padCenter(lockTitle, WIDTH + 9) + chalk.gray(BOX.v));
+    lines.push(chalk.gray(BOX.v) + padCenter(chalk.gray('─'.repeat(60)), WIDTH + 9) + chalk.gray(BOX.v));
+    
+    // Redacted lines
+    ['Runtime API Schema Validation', 'Live Auth Boundary Verification', 'Env Config Resolution'].forEach(txt => {
+       const line = chalk.dim(`░░ [REDACTED] 🔒 ${txt}`);
+       lines.push(chalk.gray(BOX.v) + padCenter(line, WIDTH + 9) + chalk.gray(BOX.v));
+    });
+    
+    lines.push(chalk.gray(BOX.v) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.v));
+    lines.push(chalk.gray(BOX.v) + padCenter('Run ' + chalk.cyan('vibecheck upgrade pro') + ' to unlock.', WIDTH + 9) + chalk.gray(BOX.v));
   }
-  
-  return {
-    exitCode,
-    message: `${context ? `[${context}] ` : ''}${message}`,
-    nextStep,
-    errorType,
-  };
+
+  // BOTTOM FRAME
+  lines.push(chalk.gray(BOX.v) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.v));
+  lines.push(chalk.gray(BOX.bl + BOX.h.repeat(WIDTH - 2) + BOX.br));
+
+  return lines.join('\n');
 }
 
-function classifyError(error) {
-  const message = (error.message || '').toLowerCase();
-  const code = error.code || '';
-  
-  if (code === 'ENOENT' || message.includes('not found') || message.includes('missing')) {
-    return 'MISSING_DEPS';
-  }
-  
-  if (code === 'EACCES' || code === 'EPERM' || message.includes('permission')) {
-    return 'PERMISSION';
-  }
-  
-  if (message.includes('config') || message.includes('environment') || message.includes('env')) {
-    return 'MISCONFIG';
-  }
-  
-  return 'INTERNAL';
+// ═══════════════════════════════════════════════════════════════════════════════
+// PUBLIC API
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function formatScanOutput(result, options = {}) {
+  const { json = false } = options;
+  if (json) return JSON.stringify(result, null, 2);
+  return renderVerdict(result, options);
+}
+
+function getExitCode(verdict) {
+  if (!verdict) return EXIT_CODES.BLOCK;
+  const v = (typeof verdict === 'string' ? verdict : verdict.verdict).toUpperCase();
+  if (v === 'SHIP' || v === 'PASS') return EXIT_CODES.SHIP;
+  if (v === 'WARN') return EXIT_CODES.WARN;
+  return EXIT_CODES.BLOCK;
 }
 
-/**
- * Print error with proper formatting
- */
 function printError(error, context = '') {
-  const handled = handleError(error, context);
+  const isConfig = error.message.toLowerCase().includes('config') || error.code === 'ENOENT';
+  const exitCode = isConfig ? EXIT_CODES.MISCONFIG : EXIT_CODES.INTERNAL;
   
-  console.error(`\n${handled.message}`);
-  console.error(`\n${handled.nextStep}\n`);
+  const lines = [];
+  lines.push('');
+  lines.push(chalk.bgRed.white.bold(` 🛑 SYSTEM ALERT: ${context || 'INTERNAL_ERROR'} `));
+  lines.push(chalk.red('─'.repeat(WIDTH)));
+  lines.push(`${chalk.bold('Error:')}   ${error.message}`);
+  if (error.code) lines.push(`${chalk.bold('Code:')}    ${error.code}`);
+  lines.push('');
   
-  return handled.exitCode;
+  const fixCmd = isConfig ? 'vibecheck doctor --fix' : 'vibecheck doctor';
+  lines.push(chalk.gray('Recovery Step:'));
+  lines.push(`$ ${chalk.cyan(fixCmd)}`);
+  lines.push('');
+
+  console.error(lines.join('\n'));
+  return exitCode;
 }
 
 module.exports = {
   formatScanOutput,
   getExitCode,
-  handleError,
   printError,
   EXIT_CODES,
 };

package/bin/runners/runAgent.js

@@ -0,0 +1,161 @@
+/**
+ * Agent Management Command Handler
+ * 
+ * Install/uninstall hooks, status checks.
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const { loadPolicy } = require("./lib/agent-firewall/policy/loader");
+
+/**
+ * Run agent command
+ * @param {object} options - Command options
+ * @param {string} options.action - Action: 'install', 'status', 'lock', 'unlock'
+ * @param {string} options.projectRoot - Project root directory
+ */
+async function runAgent(options = {}) {
+  const projectRoot = options.projectRoot || process.cwd();
+  const action = options.action || "status";
+  
+  switch (action) {
+    case "install":
+      return installHooks(projectRoot);
+      
+    case "status":
+      return showAgentStatus(projectRoot);
+      
+    case "lock":
+      return lockRepo(projectRoot);
+      
+    case "unlock":
+      return unlockRepo(projectRoot);
+      
+    default:
+      throw new Error(`Unknown action: ${action}`);
+  }
+}
+
+/**
+ * Install IDE hooks
+ */
+function installHooks(projectRoot) {
+  // Create .vibecheck directory if it doesn't exist
+  const vibecheckDir = path.join(projectRoot, ".vibecheck");
+  if (!fs.existsSync(vibecheckDir)) {
+    fs.mkdirSync(vibecheckDir, { recursive: true });
+  }
+  
+  // Create hook marker file
+  const hookFile = path.join(vibecheckDir, "agent-firewall-enabled");
+  fs.writeFileSync(hookFile, JSON.stringify({
+    enabled: true,
+    installedAt: new Date().toISOString()
+  }, null, 2));
+  
+  return {
+    success: true,
+    message: "Agent Firewall hooks installed. Firewall will intercept AI code changes."
+  };
+}
+
+/**
+ * Show agent status
+ */
+function showAgentStatus(projectRoot) {
+  const hookFile = path.join(projectRoot, ".vibecheck", "agent-firewall-enabled");
+  const installed = fs.existsSync(hookFile);
+  
+  let policy;
+  try {
+    policy = loadPolicy(projectRoot);
+  } catch {
+    policy = { mode: "observe", profile: "default" };
+  }
+  
+  return {
+    installed,
+    mode: policy.mode,
+    profile: policy.profile,
+    locked: policy.mode === "enforce" && policy.profile === "repo-lock"
+  };
+}
+
+/**
+ * Lock repo (enable repo-lock mode)
+ */
+function lockRepo(projectRoot) {
+  const { loadPolicy, savePolicy, getDefaultPolicy } = require("./lib/agent-firewall/policy/loader");
+  
+  let policy;
+  try {
+    policy = loadPolicy(projectRoot);
+  } catch {
+    policy = getDefaultPolicy();
+  }
+  
+  policy.mode = "enforce";
+  policy.profile = "repo-lock";
+  
+  // Enable all hard rules
+  if (!policy.rules) {
+    policy.rules = {};
+  }
+  
+  const hardRules = [
+    "ghost_route",
+    "ghost_env",
+    "auth_drift",
+    "contract_drift",
+    "scope_explosion",
+    "unsafe_side_effect"
+  ];
+  
+  for (const rule of hardRules) {
+    if (!policy.rules[rule]) {
+      policy.rules[rule] = {};
+    }
+    policy.rules[rule].enabled = true;
+    policy.rules[rule].severity = "block";
+  }
+  
+  savePolicy(projectRoot, policy);
+  
+  return {
+    success: true,
+    message: "Repo Lock Mode enabled. All hard rules enforced."
+  };
+}
+
+/**
+ * Unlock repo (disable repo-lock mode)
+ */
+function unlockRepo(projectRoot) {
+  const { loadPolicy, savePolicy } = require("./lib/agent-firewall/policy/loader");
+  
+  let policy;
+  try {
+    policy = loadPolicy(projectRoot);
+  } catch {
+    return {
+      success: false,
+      message: "No policy found to unlock"
+    };
+  }
+  
+  policy.mode = "observe";
+  policy.profile = "balanced";
+  
+  savePolicy(projectRoot, policy);
+  
+  return {
+    success: true,
+    message: "Repo Lock Mode disabled. Firewall in observe mode."
+  };
+}
+
+module.exports = {
+  runAgent
+};

package/bin/runners/runFirewall.js

@@ -0,0 +1,134 @@
+/**
+ * Firewall Command Handler
+ * 
+ * Main firewall command handler.
+ * Enable/disable firewall, set mode, show status and statistics.
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const { loadPolicy, savePolicy, getDefaultPolicy } = require("./lib/agent-firewall/policy/loader");
+const { getPacketStats, queryPackets } = require("./lib/agent-firewall/change-packet/store");
+const { isTruthpackFresh } = require("./lib/agent-firewall/truthpack/loader");
+
+/**
+ * Run firewall command
+ * @param {object} options - Command options
+ * @param {string} options.mode - Set mode: 'observe' or 'enforce'
+ * @param {boolean} options.status - Show firewall status
+ * @param {boolean} options.stats - Show statistics
+ * @param {string} options.projectRoot - Project root directory
+ */
+async function runFirewall(options = {}) {
+  const projectRoot = options.projectRoot || process.cwd();
+  
+  if (options.status) {
+    return showStatus(projectRoot);
+  }
+  
+  if (options.stats) {
+    return showStats(projectRoot);
+  }
+  
+  if (options.mode) {
+    return setMode(projectRoot, options.mode);
+  }
+  
+  // Default: show status
+  return showStatus(projectRoot);
+}
+
+/**
+ * Show firewall status
+ */
+function showStatus(projectRoot) {
+  try {
+    const policy = loadPolicy(projectRoot);
+    const truthpackFresh = isTruthpackFresh(projectRoot);
+    
+    const output = {
+      mode: policy.mode || "observe",
+      profile: policy.profile || "default",
+      truthpackFresh,
+      rulesEnabled: Object.keys(policy.rules || {}).filter(
+        key => policy.rules[key]?.enabled !== false
+      ).length
+    };
+    
+    return output;
+  } catch (error) {
+    return {
+      error: error.message,
+      mode: "unknown",
+      truthpackFresh: false
+    };
+  }
+}
+
+/**
+ * Show firewall statistics
+ */
+function showStats(projectRoot) {
+  try {
+    const stats = getPacketStats(projectRoot);
+    const recentPackets = queryPackets(projectRoot, { limit: 10 });
+    
+    return {
+      total: stats.total,
+      byAgent: stats.byAgent,
+      byVerdict: stats.byVerdict,
+      byDate: stats.byDate,
+      recent: recentPackets.map(p => ({
+        id: p.id,
+        timestamp: p.timestamp,
+        agentId: p.agentId,
+        verdict: p.verdict?.decision,
+        files: p.files.length
+      }))
+    };
+  } catch (error) {
+    return {
+      error: error.message,
+      total: 0
+    };
+  }
+}
+
+/**
+ * Set firewall mode
+ */
+function setMode(projectRoot, mode) {
+  if (mode !== "observe" && mode !== "enforce") {
+    throw new Error(`Invalid mode: ${mode}. Must be 'observe' or 'enforce'`);
+  }
+  
+  try {
+    let policy;
+    try {
+      policy = loadPolicy(projectRoot);
+    } catch {
+      // Policy doesn't exist, use default
+      policy = getDefaultPolicy();
+    }
+    
+    policy.mode = mode;
+    savePolicy(projectRoot, policy);
+    
+    return {
+      success: true,
+      mode,
+      message: `Firewall mode set to: ${mode}`
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: error.message
+    };
+  }
+}
+
+module.exports = {
+  runFirewall
+};