@vibecheckai/cli 3.2.6 → 3.3.0

package/bin/runners/runGuard.js

@@ -1,73 +1,127 @@
 /**
  * vibecheck guard - Unified trust boundary enforcement
  * 
- * Combines: validate + claim-verifier + prompt-firewall
- * 
- * Usage:
- *   vibecheck guard                    # Run all checks
- *   vibecheck guard --claims           # Verify AI claims against truthpack
- *   vibecheck guard --prompts          # Check for prompt injection
- *   vibecheck guard --hallucinations   # Detect AI hallucination patterns
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * World-Class AI Guardrails
+ * ═══════════════════════════════════════════════════════════════════════════════
  */
 
 const path = require("path");
 const fs = require("fs");
+const { parseGlobalFlags, shouldSuppressOutput, isJsonMode } = require("./lib/global-flags");
+const { EXIT } = require("./lib/exit-codes");
+const {
+  ansi,
+  sym,
+  renderMinimalHeader,
+  renderSectionHeader,
+  renderVerdict,
+  renderSuccess,
+  renderError,
+  renderWarning,
+  renderFooter,
+  Spinner,
+  getTierFromKey,
+} = require("./lib/unified-cli-output");
 
 // Import underlying implementations
-const { runValidate } = require("./runValidate");
-const { runPromptFirewall } = require("./runPromptFirewall");
-
-// ANSI colors
-const c = {
-  reset: "\x1b[0m",
-  dim: "\x1b[2m",
-  bold: "\x1b[1m",
-  cyan: "\x1b[36m",
-  green: "\x1b[32m",
-  yellow: "\x1b[33m",
-  red: "\x1b[31m",
-  magenta: "\x1b[35m",
-};
+let runValidate, runPromptFirewall;
+try {
+  runValidate = require("./runValidate").runValidate;
+} catch {
+  runValidate = null;
+}
+try {
+  runPromptFirewall = require("./runPromptFirewall").runPromptFirewall;
+} catch {
+  runPromptFirewall = null;
+}
 
 function printHelp() {
   console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-  ${c.bold}vibecheck guard${c.reset} - Trust boundary enforcement for AI outputs
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-
-${c.green}USAGE${c.reset}
-  vibecheck guard [options]
-
-${c.yellow}OPTIONS${c.reset}
-  --claims           Verify AI claims against truthpack (route_exists, auth_enforced, etc.)
-  --prompts          Check code for prompt injection vulnerabilities
-  --hallucinations   Detect AI hallucination patterns in generated code
-  --file <path>      Check specific file(s)
-  --json             Output JSON for CI integration
-  --strict           Fail on warnings (default: fail on errors only)
-
-${c.magenta}EXAMPLES${c.reset}
-  vibecheck guard                           # Run all checks
-  vibecheck guard --claims --file api.ts    # Verify claims in specific file
-  vibecheck guard --prompts                 # Prompt injection scan
-  vibecheck guard --json                    # CI-friendly output
-
-${c.dim}This command unifies trust boundary checks for AI-generated code.${c.reset}
+  ${ansi.bold}USAGE${ansi.reset}
+    ${ansi.cyan}vibecheck guard${ansi.reset} [options]
+
+  ${ansi.dim}Aliases: ai-guard, firewall, validate${ansi.reset}
+
+  Validate AI-generated code and prompts. Detects prompt injection attempts,
+  verifies claims against your codebase (hallucination checking), and ensures
+  AI outputs meet your standards.
+
+  ${ansi.bold}CHECK MODES${ansi.reset}
+    ${ansi.cyan}--claims${ansi.reset}           Verify AI claims against truthpack
+    ${ansi.cyan}--prompts${ansi.reset}          Check code for prompt injection
+    ${ansi.cyan}--hallucinations${ansi.reset}   Detect AI hallucination patterns
+    ${ansi.dim}(default: run all checks)${ansi.reset}
+
+  ${ansi.bold}OPTIONS${ansi.reset}
+    ${ansi.cyan}--file <path>${ansi.reset}      Check specific file(s)
+    ${ansi.cyan}--strict${ansi.reset}           Fail on warnings (default: fail on errors only)
+    ${ansi.cyan}--json${ansi.reset}             Output as JSON (CI integration)
+    ${ansi.cyan}--quiet, -q${ansi.reset}        Suppress non-essential output
+    ${ansi.cyan}--help, -h${ansi.reset}         Show this help
+
+  ${ansi.bold}EXAMPLES${ansi.reset}
+    ${ansi.dim}# Run all guardrail checks${ansi.reset}
+    vibecheck guard
+
+    ${ansi.dim}# Verify AI claims in specific file${ansi.reset}
+    vibecheck guard --claims --file api.ts
+
+    ${ansi.dim}# Prompt injection scan only${ansi.reset}
+    vibecheck guard --prompts
+
+    ${ansi.dim}# CI pipeline (strict, JSON output)${ansi.reset}
+    vibecheck guard --strict --json
+
+  ${ansi.bold}EXIT CODES${ansi.reset}
+    0  All checks passed
+    1  Warnings found (non-blocking)
+    2  Errors found (blocking issues)
+
+  ${ansi.dim}────────────────────────────────────────────────────────────────────${ansi.reset}
+  ${ansi.dim}Documentation: https://docs.vibecheckai.dev/cli/guard${ansi.reset}
 `);
 }
 
 async function runGuard(args = []) {
+  const { flags: globalFlags } = parseGlobalFlags(args);
+  const quiet = shouldSuppressOutput(globalFlags);
+  const json = isJsonMode(globalFlags) || args.includes("--json");
+  const startTime = Date.now();
+  
   // Parse arguments
-  if (args.includes("--help") || args.includes("-h")) {
+  if (globalFlags.help || args.includes("--help") || args.includes("-h")) {
     printHelp();
-    return 0;
+    return EXIT.SUCCESS;
   }
 
   const runClaims = args.includes("--claims") || (!args.includes("--prompts") && !args.includes("--hallucinations"));
   const runPrompts = args.includes("--prompts") || (!args.includes("--claims") && !args.includes("--hallucinations"));
   const runHallucinations = args.includes("--hallucinations") || (!args.includes("--claims") && !args.includes("--prompts"));
-  const jsonOutput = args.includes("--json");
   const strict = args.includes("--strict");
+  
+  // Validate --file if provided
+  const fileIndex = args.indexOf("--file");
+  if (fileIndex !== -1) {
+    const filePath = args[fileIndex + 1];
+    if (!filePath || filePath.startsWith("--")) {
+      if (json) {
+        console.log(JSON.stringify({ success: false, error: "--file requires a path argument" }));
+      } else {
+        renderError("--file requires a path argument");
+      }
+      return EXIT.USER_ERROR;
+    }
+    if (!fs.existsSync(filePath)) {
+      if (json) {
+        console.log(JSON.stringify({ success: false, error: `File not found: ${filePath}` }));
+      } else {
+        renderError(`File not found: ${filePath}`);
+      }
+      return EXIT.NOT_FOUND;
+    }
+  }
 
   const results = {
     claims: null,
@@ -78,91 +132,131 @@ async function runGuard(args = []) {
     warnings: 0,
   };
 
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-  ${c.bold}🛡️  VIBECHECK GUARD${c.reset} - Trust Boundary Enforcement
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-`);
+  try {
+    if (!quiet && !json) {
+      renderMinimalHeader("guard", "starter");
+      renderSectionHeader("Trust Boundary Checks", sym.shield);
+    }
 
-  // Run claims verification (validates AI claims against truthpack)
-  if (runClaims) {
-    console.log(`${c.dim}▸ Verifying AI claims against truthpack...${c.reset}`);
-    try {
-      const validateArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
-      const exitCode = await runValidate(validateArgs);
-      results.claims = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.errors++;
-        results.verdict = "FAIL";
+    // Run claims verification
+    if (runClaims) {
+      const spinner = !quiet && !json ? new Spinner("Verifying AI claims against truthpack").start() : null;
+      
+      if (!runValidate) {
+        results.claims = { skipped: true, reason: "Validator module not available" };
+        spinner?.warn("Claims check skipped: module not available");
+      } else {
+        try {
+          const validateArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
+          const exitCode = await runValidate(validateArgs);
+          results.claims = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+          if (exitCode !== 0) {
+            results.errors++;
+            results.verdict = "FAIL";
+            spinner?.fail("Claim verification failed");
+          } else {
+            spinner?.succeed("Claims verified");
+          }
+        } catch (e) {
+          results.claims = { error: e.message };
+          spinner?.warn(`Claims check failed: ${e.message}`);
+        }
       }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} Claims verified` 
-        : `  ${c.red}✗${c.reset} Claim verification failed`);
-    } catch (e) {
-      results.claims = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Claims check skipped: ${e.message}`);
     }
-  }
 
-  // Run prompt injection detection
-  if (runPrompts) {
-    console.log(`${c.dim}▸ Scanning for prompt injection vulnerabilities...${c.reset}`);
-    try {
-      const firewallArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
-      const exitCode = await runPromptFirewall(firewallArgs);
-      results.prompts = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.warnings++;
-        if (strict) results.verdict = "FAIL";
+    // Run prompt injection detection
+    if (runPrompts) {
+      const spinner = !quiet && !json ? new Spinner("Scanning for prompt injection vulnerabilities").start() : null;
+      
+      if (!runPromptFirewall) {
+        results.prompts = { skipped: true, reason: "Firewall module not available" };
+        spinner?.warn("Prompt check skipped: module not available");
+      } else {
+        try {
+          const firewallArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
+          const exitCode = await runPromptFirewall(firewallArgs);
+          results.prompts = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+          if (exitCode !== 0) {
+            results.warnings++;
+            if (strict) results.verdict = "FAIL";
+            spinner?.warn("Prompt injection risks detected");
+          } else {
+            spinner?.succeed("No prompt injection risks");
+          }
+        } catch (e) {
+          results.prompts = { error: e.message };
+          spinner?.warn(`Prompt check failed: ${e.message}`);
+        }
       }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} No prompt injection risks` 
-        : `  ${c.yellow}⚠${c.reset} Prompt injection risks detected`);
-    } catch (e) {
-      results.prompts = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Prompt check skipped: ${e.message}`);
     }
-  }
 
-  // Run hallucination detection
-  if (runHallucinations) {
-    console.log(`${c.dim}▸ Detecting hallucination patterns...${c.reset}`);
-    // Use validate with hallucination focus
-    try {
-      const validateArgs = ["--hallucinations", ...args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a))];
-      const exitCode = await runValidate(validateArgs);
-      results.hallucinations = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.warnings++;
-        if (strict) results.verdict = "FAIL";
+    // Run hallucination detection
+    if (runHallucinations) {
+      const spinner = !quiet && !json ? new Spinner("Detecting hallucination patterns").start() : null;
+      
+      if (!runValidate) {
+        results.hallucinations = { skipped: true, reason: "Validator module not available" };
+        spinner?.warn("Hallucination check skipped: module not available");
+      } else {
+        try {
+          const validateArgs = ["--hallucinations", ...args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a))];
+          const exitCode = await runValidate(validateArgs);
+          results.hallucinations = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+          if (exitCode !== 0) {
+            results.warnings++;
+            if (strict) results.verdict = "FAIL";
+            spinner?.warn("Potential hallucinations detected");
+          } else {
+            spinner?.succeed("No hallucination patterns");
+          }
+        } catch (e) {
+          results.hallucinations = { error: e.message };
+          spinner?.warn(`Hallucination check failed: ${e.message}`);
+        }
       }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} No hallucination patterns` 
-        : `  ${c.yellow}⚠${c.reset} Potential hallucinations detected`);
-    } catch (e) {
-      results.hallucinations = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Hallucination check skipped: ${e.message}`);
     }
-  }
 
-  // Summary
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}`);
-  
-  if (results.verdict === "PASS") {
-    console.log(`  ${c.green}${c.bold}✓ GUARD PASS${c.reset} - All trust boundaries intact`);
-  } else {
-    console.log(`  ${c.red}${c.bold}✗ GUARD FAIL${c.reset} - Trust boundary violations detected`);
-  }
+    // Summary
+    const duration = Date.now() - startTime;
+    
+    if (!quiet && !json) {
+      renderVerdict(results.verdict === "PASS" ? "PASS" : "FAIL", {
+        warnings: results.warnings,
+        critical: results.errors,
+        duration,
+      });
+      
+      renderFooter({
+        nextSteps: results.verdict === "PASS" ? [
+          { cmd: "vibecheck scan", desc: "run full code analysis" },
+          { cmd: "vibecheck ship", desc: "get ship verdict" },
+        ] : [
+          { cmd: "vibecheck fix --plan-only", desc: "view fix recommendations" },
+        ],
+        docsUrl: "https://docs.vibecheckai.dev/cli/guard",
+      });
+    }
 
-  console.log(`${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-`);
+    if (json) {
+      console.log(JSON.stringify({ ...results, duration }, null, 2));
+    }
 
-  if (jsonOutput) {
-    console.log(JSON.stringify(results, null, 2));
+    // Return appropriate exit code
+    if (results.verdict === "PASS") {
+      return EXIT.SUCCESS;
+    } else if (results.errors > 0) {
+      return EXIT.BLOCKING;
+    } else {
+      return EXIT.WARNINGS;
+    }
+  } catch (error) {
+    if (json) {
+      console.log(JSON.stringify({ success: false, error: error.message }));
+    } else {
+      renderError(`Guard check failed: ${error.message}`);
+    }
+    return EXIT.INTERNAL_ERROR;
   }
-
-  return results.verdict === "PASS" ? 0 : (results.errors > 0 ? 2 : 1);
 }
 
 module.exports = { runGuard };

package/bin/runners/runInit.js

@@ -12,6 +12,7 @@
 const fs = require("fs");
 const path = require("path");
 const { parseGlobalFlags, shouldShowBanner } = require("./lib/global-flags");
+const { EXIT } = require("./lib/exit-codes");
 
 // Use enhanced wizard if available
 let InitWizard;
@@ -1747,7 +1748,7 @@ async function runInit(args) {
         console.log(`  ${colors.info}${ICONS.info}${c.reset} Run ${c.cyan}vibecheck init --repair${c.reset} to fix partial state`);
       }
       if (!opts.dryRun) {
-        return 1; // Exit on error unless dry-run
+        return EXIT.INTERNAL_ERROR; // Exit on error unless dry-run
       }
     }
   }
@@ -1765,7 +1766,7 @@ async function runInit(args) {
         }
       }
       if (!opts.dryRun) {
-        return 1;
+        return EXIT.INTERNAL_ERROR;
       }
     }
   }

package/bin/runners/runMcp.js

@@ -6,6 +6,7 @@
  */
 
 const path = require("path");
+const fs = require("fs");
 const http = require("http");
 const { URL } = require("url");
 
@@ -14,6 +15,8 @@ const { buildTruthpack, writeTruthpack } = require("./lib/truth");
 const { shipCore } = require("./runShip");
 const { generateRunId } = require("./lib/cli-output");
 const { enforceLimit, enforceFeature, trackUsage } = require("./lib/entitlements");
+const { EXIT } = require("./lib/exit-codes");
+const { parseGlobalFlags, shouldSuppressOutput, isJsonMode } = require("./lib/global-flags");
 
 // MCP Server class
 class VibecheckMCPServer {
@@ -642,8 +645,14 @@ class VibecheckMCPServer {
     });
     
     this.server.on("error", err => {
-      console.error("MCP Server failed to start:", err);
-      process.exit(1);
+      console.error("MCP Server failed to start:", err.message);
+      if (err.code === "EADDRINUSE") {
+        console.error(`  Port ${this.port} is already in use. Try a different port with --port`);
+      } else if (err.code === "EACCES") {
+        console.error(`  Permission denied for port ${this.port}. Use a port > 1024`);
+      }
+      // Emit error event for caller to handle
+      this.emit?.("error", err);
     });
   }
 
@@ -658,54 +667,77 @@ class VibecheckMCPServer {
 // CLI handler
 async function runMcp(args) {
   const opts = parseArgs(args);
+  const { flags: globalFlags } = parseGlobalFlags(args);
+  const quiet = shouldSuppressOutput(globalFlags);
+  const json = isJsonMode(globalFlags);
   
   // Check if we're in free tier and only showing help/config
   const isFreeTier = process.env.VIBECHECK_TIER === "free" || !process.env.VIBECHECK_API_KEY;
   const isHelpOrConfig = opts.help || opts.printConfig || opts.status || opts.test;
   
   if (isFreeTier && !isHelpOrConfig) {
-    // This will be handled by entitlements system
-    // But we can show a helpful message
-    console.log("\n🔌 MCP Server requires STARTER plan or higher");
-    console.log("Use --help to see available options or");
-    console.log("Upgrade: https://vibecheckai.dev/pricing\n");
-    return 3; // EXIT_FEATURE_NOT_ALLOWED
+    if (json) {
+      console.log(JSON.stringify({ success: false, error: "MCP Server requires STARTER plan or higher" }));
+    } else if (!quiet) {
+      console.log("\n🔌 MCP Server requires STARTER plan or higher");
+      console.log("Use --help to see available options or");
+      console.log("Upgrade: https://vibecheckai.dev/pricing\n");
+    }
+    return EXIT.TIER_REQUIRED;
   }
   
   if (opts.help) {
     printHelp();
-    return 0;
+    return EXIT.SUCCESS;
   }
   
   if (opts.printConfig) {
     printClientConfig(opts);
-    return 0;
+    return EXIT.SUCCESS;
   }
   
   if (opts.status) {
     // Check server status
     try {
-      const response = await fetch(`http://${opts.host}:${opts.port}/status`);
+      const host = opts.host || "127.0.0.1";
+      const port = opts.port || 3000;
+      const response = await fetch(`http://${host}:${port}/status`);
       const status = await response.json();
       console.log(JSON.stringify(status, null, 2));
-      return 0;
+      return EXIT.SUCCESS;
     } catch (err) {
-      console.error("Server not running or not reachable");
-      return 1;
+      if (json) {
+        console.log(JSON.stringify({ success: false, error: "Server not running or not reachable" }));
+      } else {
+        console.error("Server not running or not reachable");
+        console.error("  Start the server with: vibecheck mcp");
+      }
+      return EXIT.NETWORK_ERROR;
     }
   }
   
   if (opts.test) {
     // Test connection
     try {
-      const response = await fetch(`http://${opts.host}:${opts.port}/tools`);
+      const host = opts.host || "127.0.0.1";
+      const port = opts.port || 3000;
+      const response = await fetch(`http://${host}:${port}/tools`);
       const tools = await response.json();
-      console.log("✅ Connection successful");
-      console.log(`📋 Available tools: ${tools.tools.length}`);
-      return 0;
+      if (json) {
+        console.log(JSON.stringify({ success: true, toolCount: tools.tools?.length || 0 }));
+      } else {
+        console.log("✅ Connection successful");
+        console.log(`📋 Available tools: ${tools.tools?.length || 0}`);
+      }
+      return EXIT.SUCCESS;
     } catch (err) {
-      console.error("❌ Connection failed:", err.message);
-      return 1;
+      if (json) {
+        console.log(JSON.stringify({ success: false, error: err.message }));
+      } else {
+        console.error("❌ Connection failed:", err.message);
+        console.error("  Ensure the MCP server is running");
+      }
+      return EXIT.NETWORK_ERROR;
     }
   }
   
@@ -713,42 +745,88 @@ async function runMcp(args) {
   let config = {};
   if (opts.config) {
     const configPath = path.resolve(opts.config);
-    if (require("fs").existsSync(configPath)) {
-      config = JSON.parse(require("fs").readFileSync(configPath, "utf8"));
-    } else {
-      console.error(`Config file not found: ${configPath}`);
-      return 1;
+    if (!fs.existsSync(configPath)) {
+      if (json) {
+        console.log(JSON.stringify({ success: false, error: `Config file not found: ${configPath}` }));
+      } else {
+        console.error(`Config file not found: ${configPath}`);
+      }
+      return EXIT.NOT_FOUND;
+    }
+    try {
+      config = JSON.parse(fs.readFileSync(configPath, "utf8"));
+    } catch (parseErr) {
+      if (json) {
+        console.log(JSON.stringify({ success: false, error: `Invalid JSON in config: ${parseErr.message}` }));
+      } else {
+        console.error(`Invalid JSON in config file: ${parseErr.message}`);
+      }
+      return EXIT.USER_ERROR;
     }
   }
   
-  // Create and start server
-  const server = new VibecheckMCPServer({
-    host: opts.host || config.server?.host || "127.0.0.1",
-    port: opts.port || config.server?.port || 3000,
-    allowRemote: opts.allowRemote || config.server?.allowRemote || false,
-    requireApiKey: opts.requireApiKey !== false,
-    apiKey: opts.apiKey || config.auth?.apiKey,
-    logLevel: opts.logLevel || config.logging?.level || "info",
-    auditLog: opts.auditLog || config.logging?.auditFile
-  });
-  
-  server.start();
-  
-  // Handle shutdown
-  process.on("SIGINT", () => {
-    console.log("\nShutting down MCP server...");
-    server.stop();
-    process.exit(0);
-  });
-  
-  process.on("SIGTERM", () => {
-    console.log("\nShutting down MCP server...");
-    server.stop();
-    process.exit(0);
-  });
+  // Validate port
+  const port = opts.port || config.server?.port || 3000;
+  if (isNaN(port) || port < 1 || port > 65535) {
+    if (json) {
+      console.log(JSON.stringify({ success: false, error: `Invalid port: ${port}` }));
+    } else {
+      console.error(`Invalid port: ${port}`);
+      console.error("  Port must be a number between 1 and 65535");
+    }
+    return EXIT.USER_ERROR;
+  }
   
-  // Keep process alive
-  return new Promise(() => {});
+  try {
+    // Create and start server
+    const server = new VibecheckMCPServer({
+      host: opts.host || config.server?.host || "127.0.0.1",
+      port: port,
+      allowRemote: opts.allowRemote || config.server?.allowRemote || false,
+      requireApiKey: opts.requireApiKey !== false,
+      apiKey: opts.apiKey || config.auth?.apiKey,
+      logLevel: opts.logLevel || config.logging?.level || "info",
+      auditLog: opts.auditLog || config.logging?.auditFile
+    });
+    
+    // Track if server started successfully
+    let serverStarted = false;
+    let serverError = null;
+    
+    // Listen for server errors before starting
+    server.server?.on?.("error", (err) => {
+      serverError = err;
+    });
+    
+    server.start();
+    serverStarted = true;
+    
+    // Handle shutdown gracefully
+    const cleanup = () => {
+      if (!quiet) console.log("\nShutting down MCP server...");
+      server.stop();
+    };
+    
+    process.on("SIGINT", () => {
+      cleanup();
+      process.exit(EXIT.SUCCESS);
+    });
+    
+    process.on("SIGTERM", () => {
+      cleanup();
+      process.exit(EXIT.SUCCESS);
+    });
+    
+    // Keep process alive
+    return new Promise(() => {});
+  } catch (error) {
+    if (json) {
+      console.log(JSON.stringify({ success: false, error: error.message }));
+    } else {
+      console.error(`Failed to start MCP server: ${error.message}`);
+    }
+    return EXIT.INTERNAL_ERROR;
+  }
 }
 
 // Argument parsing