@vibecheckai/cli 3.2.2 → 3.2.4

package/bin/runners/lib/scan-output.js

@@ -1,190 +1,525 @@
-/**
- * Enterprise Scan Output - Premium Format
- * Features:
- * - "SCAN" ASCII Art
- * - Fixed alignment tables
- * - "Redacted" Upsell section for Scan context
- */
-
-const chalk = require('chalk');
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// CONFIGURATION
-// ═══════════════════════════════════════════════════════════════════════════════
-
-const WIDTH = 76; 
-
-const BOX = {
-  topLeft: '╔', topRight: '╗', bottomLeft: '╚', bottomRight: '╝',
-  horizontal: '═', vertical: '║',
-  teeRight: '╠', teeLeft: '╣',
-  
-  // Table Borders (Light)
-  tTopLeft: '┌', tTopRight: '┐', tBottomLeft: '└', tBottomRight: '┘',
-  tHorizontal: '─', tVertical: '│',
-  tTeeTop: '┬', tTeeBottom: '┴', tTee: '┼', tTeeLeft: '├', tTeeRight: '┤'
-};
-
-const LOGO_SCAN = `
-  █████████   █████████   █████████   █████████
- ███░░░░░███ ███░░░░░███ ███░░░░░███ ███░░░░░███
-░███    ░░░ ░███    ░░░ ░███    ░███ ░███    ░███
-░░█████████ ░███        ░███████████ ░███    ░███
- ░░░░░░░░███░███        ░███░░░░░███ ░███    ░███
- ███    ░███░███    ███ ░███    ░███ ░███    ░███
-░░█████████ ░░█████████ ░███    ░███ ░███    ░███
- ░░░░░░░░░   ░░░░░░░░░  ░░░░    ░░░░ ░░░░    ░░░░
-`;
-
-// Column widths for the table (Must correspond to math below)
-const COL_1 = 10; // Severity
-const COL_2 = 13; // Component
-const COL_3 = 41; // Message
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// UTILITIES
-// ═══════════════════════════════════════════════════════════════════════════════
-
-function padCenter(str, width) {
-  const visibleLen = str.replace(/\u001b\[\d+m/g, '').length;
-  const padding = Math.max(0, width - visibleLen);
-  const left = Math.floor(padding / 2);
-  const right = padding - left;
-  return ' '.repeat(left) + str + ' '.repeat(right);
-}
-
-function padRight(str, len) {
-  const visibleLen = str.length; // Simplified for this usage
-  const truncated = visibleLen > len ? str.substring(0, len - 3) + '...' : str;
-  return truncated + ' '.repeat(Math.max(0, len - truncated.length));
-}
-
-function padLogoBlock(ascii, width) {
-  const lines = ascii.trim().split('\n');
-  const maxContentWidth = Math.max(...lines.map(l => l.length));
-  
-  return lines.map(line => {
-    const solidLine = line + ' '.repeat(maxContentWidth - line.length);
-    return padCenter(solidLine, width);
-  });
-}
-
-function renderProgressBar(score, width = 20) {
-  const filled = Math.round((score / 100) * width);
-  const bar = chalk.green('█'.repeat(filled)) + chalk.gray('░'.repeat(width - filled));
-  return bar;
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// MAIN FORMATTER
-// ═══════════════════════════════════════════════════════════════════════════════
-
-function formatScanOutput(result) {
-  const { 
-    score = 0, 
-    findings = [], 
-    duration = 0, 
-    scannedFiles = 0 
-  } = result;
-
-  const hasIssues = findings.length > 0;
-  const heapMB = Math.round(process.memoryUsage().heapUsed / 1024 / 1024);
-  const lines = [];
-
-  // 1. OUTER FRAME TOP
-  lines.push(chalk.gray(BOX.topLeft + BOX.horizontal.repeat(WIDTH - 2) + BOX.topRight));
-  lines.push(chalk.gray(BOX.vertical) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.vertical));
-
-  // 2. LOGO (Cyan if clean, Red if issues)
-  const logoColor = hasIssues ? chalk.red : chalk.cyan;
-  padLogoBlock(LOGO_SCAN, WIDTH - 2).forEach(line => {
-    lines.push(chalk.gray(BOX.vertical) + logoColor(line) + chalk.gray(BOX.vertical));
-  });
-  
-  const subTitle = hasIssues ? 'INTEGRITY SCAN • ISSUES DETECTED' : 'INTEGRITY SCAN • CLEAN';
-  lines.push(chalk.gray(BOX.vertical) + padCenter(chalk.bold.white(subTitle), WIDTH - 2) + chalk.gray(BOX.vertical));
-  lines.push(chalk.gray(BOX.vertical) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.vertical));
-
-  // 3. TELEMETRY
-  lines.push(chalk.gray(BOX.teeRight + BOX.horizontal.repeat(WIDTH - 2) + BOX.teeLeft));
-  const stats = `📡 TELEMETRY  │ ⏱  ${duration}ms  │ 📂 ${scannedFiles} Files  │ 📦 ${heapMB}MB`;
-  lines.push(chalk.gray(BOX.vertical) + padCenter(stats, WIDTH - 2) + chalk.gray(BOX.vertical));
-  lines.push(chalk.gray(BOX.teeRight + BOX.horizontal.repeat(WIDTH - 2) + BOX.teeLeft));
-
-  if (!hasIssues) {
-    // -- CLEAN STATE --
-    lines.push(chalk.gray(BOX.vertical) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.vertical));
-    lines.push(chalk.gray(BOX.vertical) + padCenter(chalk.green('✅  NO STATIC ISSUES FOUND'), WIDTH - 2) + chalk.gray(BOX.vertical));
-    lines.push(chalk.gray(BOX.vertical) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.vertical));
-  } else {
-    // -- ISSUES STATE --
-    lines.push(chalk.gray(BOX.vertical) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.vertical));
-    const scoreBar = renderProgressBar(score, 20);
-    lines.push(chalk.gray(BOX.vertical) + padCenter(`HEALTH SCORE    [${scoreBar}] ${score} / 100`, WIDTH + 18) + chalk.gray(BOX.vertical));
-    lines.push(chalk.gray(BOX.vertical) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.vertical));
-
-    // 4. FINDINGS TABLE
-    lines.push(chalk.gray(BOX.vertical) + padCenter('DETECTED VULNERABILITIES (STATIC)', WIDTH - 2) + chalk.gray(BOX.vertical));
-
-    // Table Construction
-    const C1 = COL_1, C2 = COL_2, C3 = COL_3;
-    const tTop = `  ${BOX.tTopLeft}${BOX.tHorizontal.repeat(C1)}${BOX.tTeeTop}${BOX.tHorizontal.repeat(C2)}${BOX.tTeeTop}${BOX.tHorizontal.repeat(C3)}${BOX.tTopRight}  `;
-    const tMid = `  ${BOX.tTeeLeft}${BOX.tHorizontal.repeat(C1)}${BOX.tTee}${BOX.tHorizontal.repeat(C2)}${BOX.tTee}${BOX.tHorizontal.repeat(C3)}${BOX.tTeeRight}  `;
-    const tBot = `  ${BOX.tBottomLeft}${BOX.tHorizontal.repeat(C1)}${BOX.tTeeBottom}${BOX.tHorizontal.repeat(C2)}${BOX.tTeeBottom}${BOX.tHorizontal.repeat(C3)}${BOX.tBottomRight}  `;
-
-    lines.push(chalk.gray(BOX.vertical) + chalk.gray(tTop) + chalk.gray(BOX.vertical));
-    const header = `  ${BOX.tVertical}${padRight(' SEVERITY', C1)}${BOX.tVertical}${padRight(' TYPE', C2)}${BOX.tVertical}${padRight(' FINDING', C3)}${BOX.tVertical}  `;
-    lines.push(chalk.gray(BOX.vertical) + chalk.bold(header) + chalk.gray(BOX.vertical));
-    lines.push(chalk.gray(BOX.vertical) + chalk.gray(tMid) + chalk.gray(BOX.vertical));
-
-    // Rows
-    const topItems = findings.slice(0, 5);
-    topItems.forEach(item => {
-      const severity = item.severity === 'critical' ? chalk.red('🛑 CRIT  ') : chalk.yellow('🟡 WARN  ');
-      const type = padRight(' ' + (item.type || 'Unknown'), C2);
-      const desc = padRight(' ' + (item.message || ''), C3);
-      
-      const row = `  ${chalk.gray(BOX.tVertical)}${padRight(severity, C1)}${chalk.gray(BOX.tVertical)}${type}${chalk.gray(BOX.tVertical)}${desc}${chalk.gray(BOX.tVertical)}  `;
-      lines.push(chalk.gray(BOX.vertical) + row + chalk.gray(BOX.vertical));
-    });
-
-    lines.push(chalk.gray(BOX.vertical) + chalk.gray(tBot) + chalk.gray(BOX.vertical));
-    lines.push(chalk.gray(BOX.vertical) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.vertical));
-  }
-
-  // 5. LOCKED / UPSELL SECTION (Redacted for SCAN context)
-  lines.push(chalk.gray(BOX.teeRight + BOX.horizontal.repeat(WIDTH - 2) + BOX.teeLeft));
-  
-  const lockTitle = chalk.white.bold('🔒 DEEP SCAN ANALYSIS: ') + chalk.gray('UNAVAILABLE');
-  lines.push(chalk.gray(BOX.vertical) + padCenter(lockTitle, WIDTH + 9) + chalk.gray(BOX.vertical));
-  lines.push(chalk.gray(BOX.vertical) + padCenter(chalk.gray('─'.repeat(60)), WIDTH + 9) + chalk.gray(BOX.vertical));
-
-  lines.push(chalk.gray(BOX.vertical) + padCenter(chalk.dim('Static analysis is limited. The following runtime vectors'), WIDTH + 9) + chalk.gray(BOX.vertical));
-  lines.push(chalk.gray(BOX.vertical) + padCenter(chalk.dim('cannot be verified without the Vibecheck Truth Engine.'), WIDTH + 9) + chalk.gray(BOX.vertical));
-  lines.push(chalk.gray(BOX.vertical) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.vertical));
-
-  // Redacted Lines
-  const redacted = [
-    '░░ [REDACTED] 🔒 Runtime API Schema Validation (Drift Detection)',
-    '░░ [REDACTED] 🔒 Live Auth Boundary Verification (RBAC)',
-    '░░ [REDACTED] 🔒 Environment Variable Resolution (Config)'
-  ];
-
-  redacted.forEach(r => {
-    lines.push(chalk.gray(BOX.vertical) + padCenter(chalk.dim(r), WIDTH + 9) + chalk.gray(BOX.vertical));
-  });
-
-  lines.push(chalk.gray(BOX.vertical) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.vertical));
-  
-  // CTA
-  lines.push(chalk.gray(BOX.vertical) + padCenter(chalk.bold('👉 UNLOCK INSIGHTS:'), WIDTH + 4) + chalk.gray(BOX.vertical));
-  lines.push(chalk.gray(BOX.vertical) + padCenter('Run ' + chalk.cyan('vibecheck upgrade pro') + ' to enable Deep Scan.', WIDTH + 13) + chalk.gray(BOX.vertical));
-
-  // BOTTOM FRAME
-  lines.push(chalk.gray(BOX.vertical) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.vertical));
-  lines.push(chalk.gray(BOX.bottomLeft + BOX.horizontal.repeat(WIDTH - 2) + BOX.bottomRight));
-
-  return lines.join('\n');
-}
-
-module.exports = { formatScanOutput };
+/**
+ * Enterprise Scan Output - Premium Format
+ * Features:
+ * - "SCAN" ASCII Art
+ * - Fixed alignment tables
+ * - "Redacted" Upsell section for Scan context
+ */
+
+// Use ANSI codes directly (chalk v5 is ESM-only, this is CommonJS)
+const ESC = '\x1b';
+const chalk = {
+  reset: `${ESC}[0m`,
+  bold: `${ESC}[1m`,
+  dim: `${ESC}[2m`,
+  red: `${ESC}[31m`,
+  green: `${ESC}[32m`,
+  yellow: `${ESC}[33m`,
+  cyan: `${ESC}[36m`,
+  magenta: `${ESC}[35m`,
+  white: `${ESC}[37m`,
+  gray: `${ESC}[90m`,
+};
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// CONFIGURATION
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const WIDTH = 76; 
+
+const BOX = {
+  topLeft: '╔', topRight: '╗', bottomLeft: '╚', bottomRight: '╝',
+  horizontal: '═', vertical: '║',
+  teeRight: '╠', teeLeft: '╣',
+  
+  // Table Borders (Light)
+  tTopLeft: '┌', tTopRight: '┐', tBottomLeft: '└', tBottomRight: '┘',
+  tHorizontal: '─', tVertical: '│',
+  tTeeTop: '┬', tTeeBottom: '┴', tTee: '┼', tTeeLeft: '├', tTeeRight: '┤'
+};
+
+const LOGO_SCAN = `
+  █████████   █████████   █████████   █████████
+ ███░░░░░███ ███░░░░░███ ███░░░░░███ ███░░░░░███
+░███    ░░░ ░███    ░░░ ░███    ░███ ░███    ░███
+░░█████████ ░███        ░███████████ ░███    ░███
+ ░░░░░░░░███░███        ░███░░░░░███ ░███    ░███
+ ███    ░███░███    ███ ░███    ░███ ░███    ░███
+░░█████████ ░░█████████ ░███    ░███ ░███    ░███
+ ░░░░░░░░░   ░░░░░░░░░  ░░░░    ░░░░ ░░░░    ░░░░
+`;
+
+// Column widths for the table (Must correspond to math below)
+const COL_1 = 10; // Severity
+const COL_2 = 13; // Component
+const COL_3 = 41; // Message
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// UTILITIES
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function padCenter(str, width) {
+  const visibleLen = str.replace(/\u001b\[\d+m/g, '').length;
+  const padding = Math.max(0, width - visibleLen);
+  const left = Math.floor(padding / 2);
+  const right = padding - left;
+  return ' '.repeat(left) + str + ' '.repeat(right);
+}
+
+function padRight(str, len) {
+  const visibleLen = str.length; // Simplified for this usage
+  const truncated = visibleLen > len ? str.substring(0, len - 3) + '...' : str;
+  return truncated + ' '.repeat(Math.max(0, len - truncated.length));
+}
+
+function padLogoBlock(ascii, width) {
+  const lines = ascii.trim().split('\n');
+  const maxContentWidth = Math.max(...lines.map(l => l.length));
+  
+  return lines.map(line => {
+    const solidLine = line + ' '.repeat(maxContentWidth - line.length);
+    return padCenter(solidLine, width);
+  });
+}
+
+function renderProgressBar(score, width = 20) {
+  const filled = Math.round((score / 100) * width);
+  const bar = `${chalk.green}█${chalk.reset}`.repeat(filled) + `${chalk.gray}░${chalk.reset}`.repeat(width - filled);
+  return bar;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// MAIN FORMATTER
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function formatScanOutput(result, options = {}) {
+  // Extract data from various possible structures
+  let score = 0;
+  let findings = [];
+  let duration = 0;
+  let scannedFiles = 0;
+  
+  // Helper function to calculate score from findings
+  function calculateScoreFromFindings(findings) {
+    if (!findings || findings.length === 0) return 100;
+    
+    // Count by severity (handle various severity formats)
+    const severityCounts = {
+      critical: 0,
+      high: 0,
+      medium: 0,
+      low: 0,
+      info: 0,
+    };
+    
+    findings.forEach(f => {
+      const sev = (f.severity || '').toLowerCase();
+      if (sev === 'critical' || sev === 'block') {
+        severityCounts.critical++;
+      } else if (sev === 'high') {
+        severityCounts.high++;
+      } else if (sev === 'medium' || sev === 'warn' || sev === 'warning') {
+        severityCounts.medium++;
+      } else if (sev === 'low') {
+        severityCounts.low++;
+      } else if (sev === 'info') {
+        severityCounts.info++;
+      } else {
+        // Default unknown severities to medium
+        severityCounts.medium++;
+      }
+    });
+    
+    // Calculate score with proper weights
+    // Critical: 25 points each, High: 15, Medium: 5, Low: 2, Info: 0
+    const deductions = 
+      (severityCounts.critical * 25) +
+      (severityCounts.high * 15) +
+      (severityCounts.medium * 5) +
+      (severityCounts.low * 2);
+    
+    // Cap deductions to prevent negative scores, but allow score to go to 0
+    const calculatedScore = Math.max(0, 100 - deductions);
+    
+    // If we have findings but score is still 100, something's wrong - recalculate more aggressively
+    if (findings.length > 0 && calculatedScore === 100 && deductions === 0) {
+      // All findings were info or unknown - still deduct something
+      return Math.max(50, 100 - (findings.length * 0.1));
+    }
+    
+    return Math.round(calculatedScore);
+  }
+  
+  // Handle different input structures
+  if (result.verdict) {
+    // New unified output structure
+    if (typeof result.verdict === 'object') {
+      findings = result.findings || [];
+      
+      // Always recalculate score from findings to ensure accuracy
+      score = calculateScoreFromFindings(findings);
+      
+      // Only use provided score if it seems reasonable (not 100 when we have findings)
+      if (result.verdict.score && findings.length === 0) {
+        score = result.verdict.score;
+      } else if (result.verdict.score && result.verdict.score < score) {
+        // Use the lower (worse) score if provided score is worse
+        score = result.verdict.score;
+      }
+      
+      duration = result.timings?.total || result.duration || 0;
+      scannedFiles = result.timings?.filesScanned || result.scannedFiles || findings.length || 0;
+    } else {
+      // Legacy structure where verdict is just a string
+      findings = result.findings || [];
+      score = calculateScoreFromFindings(findings);
+      
+      // Fallback to verdict string if no findings
+      if (!score && findings.length === 0) {
+        const verdictStr = result.verdict;
+        if (verdictStr === 'PASS' || verdictStr === 'SHIP') score = 100;
+        else if (verdictStr === 'WARN') score = 70;
+        else if (verdictStr === 'FAIL' || verdictStr === 'BLOCK') score = 40;
+      }
+      
+      duration = result.timings?.total || result.duration || 0;
+      scannedFiles = result.timings?.filesScanned || result.scannedFiles || findings.length || 0;
+    }
+  } else {
+    // Direct structure
+    findings = result.findings || [];
+    score = calculateScoreFromFindings(findings);
+    
+    // Only use provided score if it seems reasonable
+    if (result.score && findings.length === 0) {
+      score = result.score;
+    } else if (result.score && result.score < score) {
+      score = result.score; // Use worse score
+    }
+    
+    duration = result.duration || result.timings?.total || 0;
+    scannedFiles = result.scannedFiles || result.timings?.filesScanned || 0;
+  }
+
+  const hasIssues = findings.length > 0;
+  const heapMB = Math.round(process.memoryUsage().heapUsed / 1024 / 1024);
+  const lines = [];
+
+  // 1. OUTER FRAME TOP
+  lines.push(`${chalk.gray}${BOX.topLeft}${BOX.horizontal.repeat(WIDTH - 2)}${BOX.topRight}${chalk.reset}`);
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${' '.repeat(WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+
+  // 2. LOGO (Cyan if clean, Red if issues)
+  const logoColorCode = hasIssues ? chalk.red : chalk.cyan;
+  padLogoBlock(LOGO_SCAN, WIDTH - 2).forEach(line => {
+    lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${logoColorCode}${line}${chalk.reset}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  });
+  
+  const subTitle = hasIssues ? 'INTEGRITY SCAN • ISSUES DETECTED' : 'INTEGRITY SCAN • CLEAN';
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(`${chalk.bold}${chalk.white}${subTitle}${chalk.reset}`, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${' '.repeat(WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+
+  // 3. TELEMETRY
+  lines.push(`${chalk.gray}${BOX.teeRight}${BOX.horizontal.repeat(WIDTH - 2)}${BOX.teeLeft}${chalk.reset}`);
+  const stats = `📡 TELEMETRY  │ ⏱  ${duration}ms  │ 📂 ${scannedFiles} Files  │ 📦 ${heapMB}MB`;
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(stats, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  lines.push(`${chalk.gray}${BOX.teeRight}${BOX.horizontal.repeat(WIDTH - 2)}${BOX.teeLeft}${chalk.reset}`);
+
+  if (!hasIssues) {
+    // -- CLEAN STATE --
+    lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${' '.repeat(WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+    lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(`${chalk.green}✅  NO STATIC ISSUES FOUND${chalk.reset}`, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+    lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${' '.repeat(WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  } else {
+    // -- ISSUES STATE --
+    lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${' '.repeat(WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+    const scoreBar = renderProgressBar(score, 20);
+    lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(`HEALTH SCORE    [${scoreBar}] ${score} / 100`, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+    lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${' '.repeat(WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+
+    // 4. FINDINGS SUMMARY BY CATEGORY
+    const categoryCounts = {};
+    findings.forEach(f => {
+      const cat = f.category || f.type || f.ruleId || 'Other';
+      categoryCounts[cat] = (categoryCounts[cat] || 0) + 1;
+    });
+    
+    const categoryLabels = {
+      'EnvContract': '🔐 Env Vars',
+      'MissingRoute': '🔗 Routes',
+      'GhostAuth': '🛡️  Auth',
+      'FakeSuccess': '⚠️  Fake Success',
+      'MockData': '🎭 Mock Data',
+      'Secrets': '🔑 Secrets',
+      'ConsoleLog': '📝 Console Logs',
+      'TodoFixme': '📋 TODOs',
+    };
+    
+    const summaryItems = Object.entries(categoryCounts)
+      .sort((a, b) => b[1] - a[1])
+      .slice(0, 6)
+      .map(([cat, count]) => {
+        const label = categoryLabels[cat] || `📌 ${cat}`;
+        return `${label}: ${chalk.bold}${count}${chalk.reset}`;
+      });
+    
+    if (summaryItems.length > 0) {
+      // Split into two lines if too long
+      const categoryText = summaryItems.join('  •  ');
+      const prefix = `${chalk.dim}Findings by Category:${chalk.reset} `;
+      const maxLineLength = WIDTH - 10; // Leave some margin
+      
+      if (categoryText.length > maxLineLength - prefix.length) {
+        // Split into two lines
+        const midPoint = Math.floor(summaryItems.length / 2);
+        const line1 = summaryItems.slice(0, midPoint).join('  •  ');
+        const line2 = summaryItems.slice(midPoint).join('  •  ');
+        lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(`${prefix}${line1}`, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+        lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(`${' '.repeat(prefix.length)}${line2}`, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+      } else {
+        lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(`${prefix}${categoryText}`, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+      }
+      lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${' '.repeat(WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+    }
+
+    // 5. FINDINGS TABLE
+    lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter('DETECTED VULNERABILITIES (STATIC)', WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+    lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${' '.repeat(WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+
+    // Table Construction - Fixed alignment with proper spacing
+    const C1 = COL_1, C2 = COL_2, C3 = COL_3;
+    const tableContentWidth = C1 + C2 + C3 + 7; // 7 = borders (3 vertical + 4 spaces)
+    const tableLeftPad = Math.floor((WIDTH - 2 - tableContentWidth) / 2);
+    const tablePad = ' '.repeat(Math.max(1, tableLeftPad)); // At least 1 space padding
+    
+    // Table borders without padding (we'll add padding when inserting into frame)
+    const tTop = `${BOX.tTopLeft}${BOX.tHorizontal.repeat(C1)}${BOX.tTeeTop}${BOX.tHorizontal.repeat(C2)}${BOX.tTeeTop}${BOX.tHorizontal.repeat(C3)}${BOX.tTopRight}`;
+    const tMid = `${BOX.tTeeLeft}${BOX.tHorizontal.repeat(C1)}${BOX.tTee}${BOX.tHorizontal.repeat(C2)}${BOX.tTee}${BOX.tHorizontal.repeat(C3)}${BOX.tTeeRight}`;
+    const tBot = `${BOX.tBottomLeft}${BOX.tHorizontal.repeat(C1)}${BOX.tTeeBottom}${BOX.tHorizontal.repeat(C2)}${BOX.tTeeBottom}${BOX.tHorizontal.repeat(C3)}${BOX.tBottomRight}`;
+
+    // Calculate right padding to fill the line
+    const totalTableWidth = tablePad.length + tableContentWidth;
+    const rightPad = WIDTH - 2 - totalTableWidth;
+    const rightPadStr = ' '.repeat(Math.max(0, rightPad));
+    
+    lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${tablePad}${chalk.gray}${tTop}${chalk.reset}${rightPadStr}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+    const header = `${tablePad}${BOX.tVertical}${padRight(' SEVERITY', C1)}${BOX.tVertical}${padRight(' TYPE', C2)}${BOX.tVertical}${padRight(' FINDING', C3)}${BOX.tVertical}`;
+    lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${chalk.bold}${header}${chalk.reset}${rightPadStr}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+    lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${tablePad}${chalk.gray}${tMid}${chalk.reset}${rightPadStr}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+
+    // Rows - map findings to display format (show top 10)
+    const topItems = findings.slice(0, 10);
+    topItems.forEach(item => {
+      // Handle different finding structures
+      const severityText = item.severity === 'critical' || item.severity === 'BLOCK' || item.category === 'critical' 
+        ? '🛑 CRIT  ' 
+        : item.severity === 'warning' || item.severity === 'WARN' || item.category === 'warning'
+        ? '🟡 WARN  '
+        : '🟡 WARN  ';
+      
+      const severityColor = item.severity === 'critical' || item.severity === 'BLOCK' || item.category === 'critical' 
+        ? chalk.red 
+        : chalk.yellow;
+      
+      const severity = `${severityColor}${severityText}${chalk.reset}`;
+      
+      // Map category to readable type
+      const categoryMap = {
+        'EnvContract': 'EnvVar',
+        'MissingRoute': 'Route',
+        'GhostAuth': 'Auth',
+        'FakeSuccess': 'FakeSuccess',
+        'MockData': 'MockData',
+        'Secrets': 'Secret',
+        'ConsoleLog': 'Console',
+        'TodoFixme': 'TODO',
+      };
+      const typeName = categoryMap[item.category] || item.category || item.type || item.ruleId || 'Unknown';
+      const type = padRight(' ' + typeName, C2);
+      
+      // Truncate description if too long
+      let desc = item.message || item.title || item.description || '';
+      if (desc.length > C3 - 1) {
+        desc = desc.substring(0, C3 - 4) + '...';
+      }
+      desc = padRight(' ' + desc, C3);
+      
+      const row = `${tablePad}${chalk.gray}${BOX.tVertical}${chalk.reset}${padRight(severity, C1)}${chalk.gray}${BOX.tVertical}${chalk.reset}${type}${chalk.gray}${BOX.tVertical}${chalk.reset}${desc}${chalk.gray}${BOX.tVertical}${chalk.reset}`;
+      lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${row}${rightPadStr}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+    });
+
+    lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${tablePad}${chalk.gray}${tBot}${chalk.reset}${rightPadStr}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+    
+    // Show count if more findings exist
+    if (findings.length > 10) {
+      lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(`${chalk.dim}... and ${findings.length - 10} more findings${chalk.reset}`, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+    }
+    
+    lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${' '.repeat(WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  }
+
+  // 6. UPSELL SECTION - Autofix & Mission Packs
+  lines.push(`${chalk.gray}${BOX.teeRight}${BOX.horizontal.repeat(WIDTH - 2)}${BOX.teeLeft}${chalk.reset}`);
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${' '.repeat(WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  
+  // Autofix Upsell
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(`${chalk.bold}${chalk.cyan}🚀 AUTO-FIX AVAILABLE${chalk.reset}`, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(`${chalk.dim}Fix ${findings.length} issues automatically with AI-powered autofix${chalk.reset}`, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(`Run ${chalk.cyan}vibecheck scan --autofix${chalk.reset} to apply fixes`, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${' '.repeat(WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  
+  // Mission Packs Upsell
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(`${chalk.bold}${chalk.magenta}📦 MISSION PACKS${chalk.reset}`, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(`${chalk.dim}Get AI-generated fix plans grouped by feature area${chalk.reset}`, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(`Run ${chalk.cyan}vibecheck fix --packs${chalk.reset} to generate mission packs`, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${' '.repeat(WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  
+  // Upgrade CTA
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${padCenter(`${chalk.bold}★ Upgrade for unlimited scans + auto-fix${chalk.reset}  →  ${chalk.cyan}https://vibecheckai.dev${chalk.reset}`, WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+
+  // BOTTOM FRAME
+  lines.push(`${chalk.gray}${BOX.vertical}${chalk.reset}${' '.repeat(WIDTH - 2)}${chalk.gray}${BOX.vertical}${chalk.reset}`);
+  lines.push(`${chalk.gray}${BOX.bottomLeft}${BOX.horizontal.repeat(WIDTH - 2)}${BOX.bottomRight}${chalk.reset}`);
+
+  return lines.join('\n');
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// ADDITIONAL EXPORTS (for compatibility with runScan.js)
+// ═══════════════════════════════════════════════════════════════════════════════
+
+// Exit codes
+const EXIT_CODES = {
+  SHIP: 0,
+  WARN: 1,
+  BLOCK: 2,
+  ERROR: 1,
+  MISCONFIG: 3,
+  INTERNAL: 1,
+};
+
+// Severity weights for scoring
+const SEVERITY_WEIGHTS = {
+  critical: 25,
+  high: 15,
+  medium: 5,
+  low: 1,
+  info: 0,
+};
+
+/**
+ * Calculate overall score from severity counts
+ */
+function calculateScore(severityCounts, totalFindings = 0) {
+  if (totalFindings === 0) return 100;
+  
+  const deductions =
+    (severityCounts.critical || 0) * SEVERITY_WEIGHTS.critical +
+    (severityCounts.high || 0) * SEVERITY_WEIGHTS.high +
+    (severityCounts.medium || 0) * SEVERITY_WEIGHTS.medium +
+    (severityCounts.low || 0) * SEVERITY_WEIGHTS.low;
+  
+  // Cap deductions at 100
+  const score = Math.max(0, 100 - deductions);
+  return Math.round(score);
+}
+
+/**
+ * Get exit code from verdict
+ */
+function getExitCode(verdict) {
+  if (!verdict) return EXIT_CODES.BLOCK;
+  const v = typeof verdict === 'object' ? verdict.verdict : verdict;
+  if (v === 'SHIP' || v === 'PASS') return EXIT_CODES.SHIP;
+  if (v === 'WARN') return EXIT_CODES.WARN;
+  return EXIT_CODES.BLOCK;
+}
+
+/**
+ * Print error message
+ */
+function printError(error, context = '') {
+  const isConfig = error.message && (
+    error.message.includes('config') || 
+    error.message.includes('missing') ||
+    error.message.includes('not found')
+  );
+  const exitCode = isConfig ? EXIT_CODES.MISCONFIG : EXIT_CODES.INTERNAL;
+  
+  console.error(`${chalk.red}✗ Error${chalk.reset}`);
+  if (context) console.error(`  ${chalk.dim}${context}${chalk.reset}`);
+  console.error(`  ${error.message || error}`);
+  if (error.stack && process.env.VIBECHECK_DEBUG) {
+    console.error(`${chalk.dim}${error.stack}${chalk.reset}`);
+  }
+  
+  return exitCode;
+}
+
+/**
+ * Format SARIF output (placeholder - full implementation in report-engine.js)
+ */
+function formatSARIF(findings, options = {}) {
+  // Basic SARIF structure - full implementation should be in report-engine.js
+  return JSON.stringify({
+    version: "2.1.0",
+    $schema: "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema.json",
+    runs: [{
+      tool: {
+        driver: {
+          name: "vibecheck",
+          version: options.version || "1.0.0"
+        }
+      },
+      results: findings.map((f, i) => ({
+        ruleId: f.ruleId || f.category || `rule-${i}`,
+        message: {
+          text: f.message || f.title || ""
+        },
+        level: f.severity === 'critical' ? 'error' : f.severity === 'warning' ? 'warning' : 'note',
+        locations: f.file ? [{
+          physicalLocation: {
+            artifactLocation: {
+              uri: f.file
+            },
+            region: f.line ? {
+              startLine: f.line
+            } : undefined
+          }
+        }] : []
+      }))
+    }]
+  }, null, 2);
+}
+
+// Placeholder functions for compatibility
+function renderCoverageMap(coverageMap) {
+  return ''; // Implement if needed
+}
+
+function renderBreakdown(breakdown) {
+  return ''; // Implement if needed
+}
+
+function renderBlockers(blockers) {
+  return ''; // Implement if needed
+}
+
+function renderLayers(layers) {
+  return ''; // Implement if needed
+}
+
+module.exports = { 
+  formatScanOutput,
+  calculateScore,
+  getExitCode,
+  printError,
+  formatSARIF,
+  EXIT_CODES,
+  renderCoverageMap,
+  renderBreakdown,
+  renderBlockers,
+  renderLayers,
+};