@vibecheckai/cli 3.4.0 → 3.5.1

package/bin/runners/runScan.js

@@ -18,14 +18,6 @@ const { withErrorHandling, createUserError } = require("./lib/error-handler");
 const { enforceLimit, trackUsage } = require("./lib/entitlements");
 const { emitScanStart, emitScanComplete } = require("./lib/audit-bridge");
 const { parseGlobalFlags, shouldShowBanner } = require("./lib/global-flags");
-const { 
-  createScan, 
-  updateScanProgress, 
-  submitScanResults, 
-  reportScanError, 
-  isApiAvailable 
-} = require("./lib/api-client");
-const { EXIT, verdictToExitCode } = require("./lib/exit-codes");
 
 // ═══════════════════════════════════════════════════════════════════════════════
 // ENHANCED TERMINAL UI & OUTPUT MODULES
@@ -50,11 +42,6 @@ const {
   calculateScore,
 } = require("./lib/scan-output");
 
-const {
-  enrichFindings,
-  saveBaseline,
-} = require("./lib/fingerprint");
-
 const BANNER = `
 ${ansi.rgb(0, 200, 255)}  ██╗   ██╗██╗██████╗ ███████╗ ██████╗██╗  ██╗███████╗ ██████╗██╗  ██╗${ansi.reset}
 ${ansi.rgb(30, 180, 255)}  ██║   ██║██║██╔══██╗██╔════╝██╔════╝██║  ██║██╔════╝██╔════╝██║ ██╔╝${ansi.reset}
@@ -116,17 +103,6 @@ function parseArgs(args) {
     noBanner: globalFlags.noBanner || false,
     ci: globalFlags.ci || false,
     quiet: globalFlags.quiet || false,
-    // Baseline tracking (fingerprints)
-    baseline: true, // Compare against baseline by default
-    updateBaseline: false, // --update-baseline to save current findings as baseline
-    // Allowlist subcommand
-    allowlist: null, // null = not using allowlist, or 'list' | 'add' | 'remove' | 'check'
-    allowlistId: null,
-    allowlistPattern: null,
-    allowlistReason: null,
-    allowlistScope: 'global',
-    allowlistFile: null,
-    allowlistExpires: null,
   };
 
   // Parse command-specific args from cleanArgs
@@ -140,26 +116,8 @@ function parseArgs(args) {
     else if (arg === '--sarif') opts.sarif = true;
     else if (arg === '--autofix' || arg === '--fix' || arg === '-f') opts.autofix = true;
     else if (arg === '--no-save') opts.save = false;
-    else if (arg === '--no-baseline') opts.baseline = false;
-    else if (arg === '--update-baseline' || arg === '--set-baseline') opts.updateBaseline = true;
     else if (arg === '--path' || arg === '-p') opts.path = cleanArgs[++i] || process.cwd();
     else if (arg.startsWith('--path=')) opts.path = arg.split('=')[1];
-    // Allowlist subcommand support
-    else if (arg === '--allowlist') {
-      const nextArg = cleanArgs[i + 1];
-      if (nextArg && !nextArg.startsWith('-')) {
-        opts.allowlist = nextArg;
-        i++;
-      } else {
-        opts.allowlist = 'list'; // Default to list
-      }
-    }
-    else if (arg === '--id' && opts.allowlist) opts.allowlistId = cleanArgs[++i];
-    else if (arg === '--pattern' && opts.allowlist) opts.allowlistPattern = cleanArgs[++i];
-    else if (arg === '--reason' && opts.allowlist) opts.allowlistReason = cleanArgs[++i];
-    else if (arg === '--scope' && opts.allowlist) opts.allowlistScope = cleanArgs[++i];
-    else if (arg === '--file' && opts.allowlist) opts.allowlistFile = cleanArgs[++i];
-    else if (arg === '--expires' && opts.allowlist) opts.allowlistExpires = cleanArgs[++i];
     else if (!arg.startsWith('-')) opts.path = path.resolve(arg);
   }
   
@@ -171,244 +129,46 @@ function printHelp(showBanner = true) {
     console.log(BANNER);
   }
   console.log(`
-  ${ansi.bold}USAGE${ansi.reset}
-    ${colors.accent}vibecheck scan${ansi.reset} [path] [options]
+  ${ansi.bold}Usage:${ansi.reset} vibecheck scan ${ansi.dim}(s)${ansi.reset} [path] [options]
   
-  ${ansi.dim}Aliases: s, check${ansi.reset}
-
-  The core analysis engine. Scans your codebase for route integrity issues,
-  security vulnerabilities, code quality problems, and more.
-
-  ${ansi.bold}SCAN LAYERS${ansi.reset}
-    ${colors.accent}(default)${ansi.reset}         Layer 1: AST static analysis ${ansi.dim}(fast, ~2s)${ansi.reset}
-    ${colors.accent}--truth, -t${ansi.reset}       Layer 1+2: + build manifest verification ${ansi.dim}(CI/ship)${ansi.reset}
-    ${colors.accent}--reality, -r${ansi.reset}     Layer 1+2+3: + Playwright runtime proof ${ansi.dim}[PRO]${ansi.reset}
-    ${colors.accent}--reality-sniff${ansi.reset}   Include Reality Sniff AI artifact detection
-
-  ${ansi.bold}FIX MODE${ansi.reset} ${ansi.cyan}[STARTER]${ansi.reset}
-    ${colors.accent}--autofix, -f${ansi.reset}     Generate AI fix missions for detected issues
-
-  ${ansi.bold}BASELINE TRACKING${ansi.reset}
-    ${colors.accent}--baseline${ansi.reset}        Compare against previous scan ${ansi.dim}(default: on)${ansi.reset}
-    ${colors.accent}--no-baseline${ansi.reset}     Skip baseline comparison
-    ${colors.accent}--update-baseline${ansi.reset} Save current findings as new baseline
-
-  ${ansi.bold}ALLOWLIST (suppress false positives)${ansi.reset}
-    ${colors.accent}--allowlist list${ansi.reset}                   Show all suppressed findings
-    ${colors.accent}--allowlist add --id <id> --reason "..."${ansi.reset}
-    ${colors.accent}--allowlist remove --id <id>${ansi.reset}       Remove suppression
-    ${colors.accent}--allowlist check --id <id>${ansi.reset}        Check if suppressed
-
-  ${ansi.bold}OUTPUT OPTIONS${ansi.reset}
-    ${colors.accent}--json${ansi.reset}            Output as JSON ${ansi.dim}(machine-readable)${ansi.reset}
-    ${colors.accent}--sarif${ansi.reset}           SARIF format ${ansi.dim}(GitHub code scanning)${ansi.reset}
-    ${colors.accent}--no-save${ansi.reset}         Don't save results to .vibecheck/results/
-    ${colors.accent}--verbose, -v${ansi.reset}     Show detailed progress
-
-  ${ansi.bold}GLOBAL OPTIONS${ansi.reset}
-    ${colors.accent}--path, -p <dir>${ansi.reset}  Run in specified directory
-    ${colors.accent}--quiet, -q${ansi.reset}       Suppress non-essential output
-    ${colors.accent}--ci${ansi.reset}              CI mode ${ansi.dim}(quiet + no-banner)${ansi.reset}
-    ${colors.accent}--help, -h${ansi.reset}        Show this help
-
-  ${ansi.bold}💡 EXAMPLES${ansi.reset}
-
-    ${ansi.dim}# Quick scan (most common)${ansi.reset}
+  ${ansi.bold}Aliases:${ansi.reset} ${ansi.dim}s${ansi.reset}
+
+  ${ansi.bold}Scan Modes:${ansi.reset}
+    ${colors.accent}(default)${ansi.reset}       Layer 1: AST static analysis ${ansi.dim}(fast)${ansi.reset}
+    ${colors.accent}--truth, -t${ansi.reset}     Layer 1+2: Include build manifest verification ${ansi.dim}(CI/ship)${ansi.reset}
+    ${colors.accent}--reality, -r${ansi.reset}   Layer 1+2+3: Include Playwright runtime proof ${ansi.dim}(full)${ansi.reset}
+    ${colors.accent}--reality-sniff${ansi.reset} Include Reality Sniff AI artifact detection ${ansi.dim}(recommended)${ansi.reset}
+
+  ${ansi.bold}Fix Mode:${ansi.reset}
+    ${colors.accent}--autofix, -f${ansi.reset}   Apply safe fixes + generate AI missions ${ansi.rgb(0, 200, 255)}[STARTER]${ansi.reset}
+
+  ${ansi.bold}Options:${ansi.reset}
+    ${colors.accent}--url, -u${ansi.reset}       Base URL for reality testing (e.g., http://localhost:3000)
+    ${colors.accent}--verbose, -v${ansi.reset}   Show detailed progress
+    ${colors.accent}--json${ansi.reset}          Output results as JSON
+    ${colors.accent}--sarif${ansi.reset}         Output in SARIF format (GitHub code scanning)
+    ${colors.accent}--no-save${ansi.reset}       Don't save results to .vibecheck/results/
+    ${colors.accent}--help, -h${ansi.reset}      Show this help
+
+  ${ansi.bold}Examples:${ansi.reset}
+    ${ansi.dim}# Quick scan (AST only)${ansi.reset}
     vibecheck scan
 
-    ${ansi.dim}# Scan with AI fix missions${ansi.reset}
+    ${ansi.dim}# Scan + autofix with missions${ansi.reset}
     vibecheck scan --autofix
 
-    ${ansi.dim}# Suppress a false positive${ansi.reset}
-    vibecheck scan --allowlist add --id R_DEAD_abc123 --reason "Feature toggle"
-
-    ${ansi.dim}# CI pipeline (JSON output, strict)${ansi.reset}
-    vibecheck scan --ci --json > results.json
+    ${ansi.dim}# CI/CD scan with manifest verification${ansi.reset}
+    vibecheck scan --truth
 
-    ${ansi.dim}# Full reality proof (requires running app)${ansi.reset}
+    ${ansi.dim}# Full proof with Playwright${ansi.reset}
     vibecheck scan --reality --url http://localhost:3000
 
-  ${ansi.bold}📄 OUTPUT${ansi.reset}
-    Results:   .vibecheck/results/latest.json
-    Missions:  .vibecheck/missions/ ${ansi.dim}(with --autofix)${ansi.reset}
-    History:   .vibecheck/results/history/
-
-  ${ansi.bold}🔗 RELATED COMMANDS${ansi.reset}
-    ${colors.accent}vibecheck ship${ansi.reset}       Get final SHIP/WARN/BLOCK verdict
-    ${colors.accent}vibecheck fix${ansi.reset}        Apply AI-generated fixes ${ansi.cyan}[STARTER]${ansi.reset}
-    ${colors.accent}vibecheck prove${ansi.reset}      Full proof pipeline with evidence ${ansi.magenta}[PRO]${ansi.reset}
-
-  ${ansi.dim}─────────────────────────────────────────────────────────────${ansi.reset}
-  ${ansi.dim}Documentation: https://docs.vibecheckai.dev/cli/scan${ansi.reset}
+  ${ansi.bold}Output:${ansi.reset}
+    Results saved to: .vibecheck/results/latest.json
+    Missions saved to: .vibecheck/missions/ ${ansi.dim}(with --autofix)${ansi.reset}
   `);
 }
 
-// ═══════════════════════════════════════════════════════════════════════════════
-// ALLOWLIST MANAGEMENT (integrated from runAllowlist)
-// ═══════════════════════════════════════════════════════════════════════════════
-
-async function handleAllowlistCommand(opts) {
-  const root = opts.path || process.cwd();
-  
-  // Load evidence-pack module for allowlist functions
-  let evidencePack;
-  try {
-    evidencePack = require("./lib/evidence-pack");
-  } catch (e) {
-    console.error(`${colors.error}✗${ansi.reset} Failed to load allowlist module: ${e.message}`);
-    return 1;
-  }
-
-  const action = opts.allowlist;
-  
-  try {
-    switch (action) {
-      case "list": {
-        const allowlist = evidencePack.loadAllowlist(root);
-        
-        if (opts.json) {
-          console.log(JSON.stringify(allowlist, null, 2));
-          return 0;
-        }
-        
-        if (!opts.quiet) {
-          console.log(`\n  📋 ${ansi.bold}Allowlist Entries${ansi.reset}\n`);
-        }
-        
-        if (!allowlist.entries || allowlist.entries.length === 0) {
-          console.log(`  ${ansi.dim}No entries in allowlist.${ansi.reset}\n`);
-          console.log(`  ${ansi.dim}Add entries with: vibecheck scan --allowlist add --id <id> --reason "..."${ansi.reset}\n`);
-          return 0;
-        }
-        
-        for (const entry of allowlist.entries) {
-          const expireStr = entry.expiresAt 
-            ? `${ansi.dim}expires ${new Date(entry.expiresAt).toLocaleDateString()}${ansi.reset}` 
-            : '';
-          const scopeStr = entry.scope !== 'global' 
-            ? `${colors.accent}[${entry.scope}]${ansi.reset} ` 
-            : '';
-          
-          console.log(`  ${colors.success}✓${ansi.reset} ${ansi.bold}${entry.id}${ansi.reset} ${scopeStr}${expireStr}`);
-          
-          if (entry.findingId) {
-            console.log(`    ${ansi.dim}Finding:${ansi.reset} ${entry.findingId}`);
-          }
-          if (entry.pattern) {
-            console.log(`    ${ansi.dim}Pattern:${ansi.reset} ${entry.pattern}`);
-          }
-          console.log(`    ${ansi.dim}Reason:${ansi.reset} ${entry.reason || 'No reason provided'}`);
-          console.log(`    ${ansi.dim}Added:${ansi.reset} ${entry.addedAt} by ${entry.addedBy || 'user'}`);
-          console.log();
-        }
-        
-        console.log(`  ${ansi.dim}Total: ${allowlist.entries.length} entries${ansi.reset}\n`);
-        return 0;
-      }
-      
-      case "add": {
-        if (!opts.allowlistId && !opts.allowlistPattern) {
-          console.error(`\n  ${colors.error}✗${ansi.reset} Either --id or --pattern is required\n`);
-          return 1;
-        }
-        
-        if (!opts.allowlistReason) {
-          console.error(`\n  ${colors.error}✗${ansi.reset} --reason is required\n`);
-          return 1;
-        }
-        
-        const entry = {
-          findingId: opts.allowlistId,
-          pattern: opts.allowlistPattern,
-          reason: opts.allowlistReason,
-          scope: opts.allowlistScope,
-          addedBy: 'cli'
-        };
-        
-        if (opts.allowlistFile) entry.file = opts.allowlistFile;
-        if (opts.allowlistExpires) {
-          const days = parseInt(opts.allowlistExpires, 10);
-          entry.expiresAt = new Date(Date.now() + days * 24 * 60 * 60 * 1000).toISOString();
-        }
-        
-        const added = evidencePack.addToAllowlist(root, entry);
-        
-        if (opts.json) {
-          console.log(JSON.stringify({ added }, null, 2));
-          return 0;
-        }
-        
-        console.log(`\n  ${colors.success}+${ansi.reset} Added allowlist entry: ${ansi.bold}${added.id}${ansi.reset}\n`);
-        return 0;
-      }
-      
-      case "remove": {
-        if (!opts.allowlistId) {
-          console.error(`\n  ${colors.error}✗${ansi.reset} --id is required for remove\n`);
-          return 1;
-        }
-        
-        const allowlist = evidencePack.loadAllowlist(root);
-        const before = allowlist.entries.length;
-        allowlist.entries = allowlist.entries.filter(e => e.id !== opts.allowlistId && e.findingId !== opts.allowlistId);
-        const removed = before - allowlist.entries.length;
-        
-        if (removed > 0) {
-          evidencePack.saveAllowlist(root, allowlist);
-        }
-        
-        if (opts.json) {
-          console.log(JSON.stringify({ removed, remaining: allowlist.entries.length }, null, 2));
-          return 0;
-        }
-        
-        if (removed > 0) {
-          console.log(`\n  ${colors.success}-${ansi.reset} Removed ${removed} entry from allowlist\n`);
-        } else {
-          console.log(`\n  ${colors.warning}⚠${ansi.reset} Entry not found: ${opts.allowlistId}\n`);
-        }
-        return 0;
-      }
-      
-      case "check": {
-        if (!opts.allowlistId) {
-          console.error(`\n  ${colors.error}✗${ansi.reset} --id is required for check\n`);
-          return 1;
-        }
-        
-        const allowlist = evidencePack.loadAllowlist(root);
-        const result = evidencePack.isAllowlisted({ id: opts.allowlistId }, allowlist);
-        
-        if (opts.json) {
-          console.log(JSON.stringify(result, null, 2));
-          return result.allowed ? 0 : 1;
-        }
-        
-        if (result.allowed) {
-          console.log(`\n  ${colors.success}✓${ansi.reset} ${ansi.bold}Allowlisted${ansi.reset}`);
-          console.log(`  ${ansi.dim}Reason:${ansi.reset} ${result.reason}`);
-          console.log(`  ${ansi.dim}Entry:${ansi.reset} ${result.entry?.id}\n`);
-        } else {
-          console.log(`\n  ${colors.warning}⚠${ansi.reset} ${ansi.bold}Not allowlisted${ansi.reset}\n`);
-        }
-        return result.allowed ? 0 : 1;
-      }
-      
-      default:
-        console.error(`\n  ${colors.error}✗${ansi.reset} Unknown allowlist action: ${action}\n`);
-        console.log(`  ${ansi.dim}Available: list, add, remove, check${ansi.reset}\n`);
-        return 1;
-    }
-  } catch (error) {
-    if (opts.json) {
-      console.log(JSON.stringify({ error: error.message }, null, 2));
-    } else {
-      console.error(`\n  ${colors.error}✗${ansi.reset} ${error.message}\n`);
-    }
-    return 1;
-  }
-}
-
 // ═══════════════════════════════════════════════════════════════════════════════
 // AUTOFIX & MISSION GENERATION
 // ═══════════════════════════════════════════════════════════════════════════════
@@ -693,11 +453,6 @@ async function runScan(args) {
     return 0;
   }
 
-  // Handle --allowlist subcommand
-  if (opts.allowlist) {
-    return await handleAllowlistCommand(opts);
-  }
-
   // Entitlement check (graceful offline handling)
   try {
     await enforceLimit('scans');
@@ -729,27 +484,6 @@ async function runScan(args) {
   emitScanStart(projectPath, args);
   const projectName = path.basename(projectPath);
 
-  // Initialize API integration
-  let apiScan = null;
-  let apiConnected = false;
-  
-  // Try to connect to API for dashboard integration
-  try {
-    apiConnected = await isApiAvailable();
-    if (apiConnected) {
-      // Create scan record in dashboard
-      apiScan = await createScan({
-        localPath: projectPath,
-        branch: opts.branch || 'main',
-        enableLLM: opts.llm || false,
-      });
-      console.log(`${colors.info}📡${ansi.reset} Connected to dashboard (Scan ID: ${apiScan.scanId})`);
-    }
-  } catch (err) {
-    // API connection is optional, continue without it
-    console.log(`${colors.dim}ℹ${ansi.reset} Dashboard integration unavailable`);
-  }
-
   // Validate project path
   if (!fs.existsSync(projectPath)) {
     throw createUserError(`Project path does not exist: ${projectPath}`, "ValidationError");
@@ -780,7 +514,7 @@ async function runScan(args) {
     console.log(`  ${colors.warning}⚠${ansi.reset} ${ansi.bold}Reality layer requires --url${ansi.reset}`);
     console.log(`  ${ansi.dim}Example: vibecheck scan --reality --url http://localhost:3000${ansi.reset}`);
     console.log();
-    return EXIT.USER_ERROR;
+    return 1;
   }
 
   // Initialize spinner outside try block for error handling
@@ -797,64 +531,19 @@ async function runScan(args) {
       // Fallback to JS-based scanner using truth.js and analyzers.js
       useFallbackScanner = true;
       const { buildTruthpack } = require('./lib/truth');
-      const { 
-        findMissingRoutes, 
-        findEnvGaps, 
-        findFakeSuccess, 
-        findGhostAuth,
-        findMockData,
-        findTodoFixme,
-        findConsoleLogs,
-        findHardcodedSecrets,
-        findDeadCode,
-        findDeprecatedApis,
-        findEmptyCatch,
-        findUnsafeRegex,
-        findSecurityVulnerabilities,
-        findPerformanceIssues,
-        findCodeQualityIssues,
-        findCrossFileIssues,
-        findTypeSafetyIssues,
-        findAccessibilityIssues,
-        findAPIConsistencyIssues,
-        clearFileCache, // V3: Memory management
-      } = require('./lib/analyzers');
+      const { findMissingRoutes, findEnvGaps, findFakeSuccess, findGhostAuth } = require('./lib/analyzers');
       
       scanRouteIntegrity = async function({ projectPath, layers, baseUrl, verbose }) {
         // Build truthpack for route analysis
         const truthpack = await buildTruthpack({ repoRoot: projectPath });
         
-        // Run ALL analyzers for comprehensive scanning
+        // Run analyzers
         const findings = [];
-        
-        // Core analyzers (route integrity, env, auth)
         findings.push(...findMissingRoutes(truthpack));
         findings.push(...findEnvGaps(truthpack));
         findings.push(...findFakeSuccess(projectPath));
         findings.push(...findGhostAuth(truthpack, projectPath));
         
-        // Code quality analyzers (MOCK, TODO, console.log, etc.)
-        findings.push(...findMockData(projectPath));
-        findings.push(...findTodoFixme(projectPath));
-        findings.push(...findConsoleLogs(projectPath));
-        findings.push(...findHardcodedSecrets(projectPath));
-        findings.push(...findDeadCode(projectPath));
-        findings.push(...findDeprecatedApis(projectPath));
-        findings.push(...findEmptyCatch(projectPath));
-        findings.push(...findUnsafeRegex(projectPath));
-        
-        // Enhanced analyzers (Security, Performance, Code Quality)
-        findings.push(...findSecurityVulnerabilities(projectPath));
-        findings.push(...findPerformanceIssues(projectPath));
-        findings.push(...findCodeQualityIssues(projectPath));
-        
-        // V3: Clear file cache and AST cache to prevent memory leaks in large monorepos
-        clearFileCache();
-        const engines = require("./lib/engines/vibecheck-engines");
-        if (engines.clearASTCache) {
-          engines.clearASTCache();
-        }
-        
         // Convert to scan format matching TypeScript scanner output
         const shipBlockers = findings.map((f, i) => ({
           id: f.id || `finding-${i}`,
@@ -985,20 +674,7 @@ async function runScan(args) {
       const { BillingBypassDetector } = require('../../dist/engines/detection/billing-bypass-detector');
       const { FakeSuccessDetector } = require('../../dist/engines/detection/fake-success-detector');
       
-      // Load ignore patterns from .vibecheckignore + defaults
-      const { loadIgnorePatterns } = require('./lib/agent-firewall/utils/ignore-checker');
-      const ignorePatterns = loadIgnorePatterns(projectPath);
-      const exclude = [
-        // Default excludes
-        'node_modules', '.git', 'dist', 'build', '.next', 'coverage', '_archive',
-        // From .vibecheckignore
-        'mcp-server', 'bin', 'packages/cli', 'tests', '__tests__', 'examples', 
-        'templates', 'docs', '.guardrail', '.cursor', '.vibecheck',
-        // Test files
-        '*.test.ts', '*.test.tsx', '*.spec.ts', '*.spec.tsx', '*.test.js', '*.spec.js',
-        // Type definitions
-        '*.d.ts', '*.d.ts.map',
-      ];
+      const exclude = ['node_modules', '.git', 'dist', 'build', '.next', 'coverage', '_archive'];
       
       // Run detectors in parallel
       const [deadUIResult, billingResult, fakeSuccessResult] = await Promise.all([
@@ -1146,48 +822,6 @@ async function runScan(args) {
       return getExitCodeFromUnified ? getExitCodeFromUnified(verdict) : getExitCode(verdict);
     }
 
-    // ═══════════════════════════════════════════════════════════════════════════
-    // FINGERPRINTING & BASELINE COMPARISON
-    // ═══════════════════════════════════════════════════════════════════════════
-    
-    let diff = null;
-    if (opts.baseline) {
-      try {
-        const enrichResult = enrichFindings(normalizedFindings, projectPath, true);
-        diff = enrichResult.diff;
-        
-        // Update findings with fingerprints and status
-        for (let i = 0; i < normalizedFindings.length; i++) {
-          if (enrichResult.findings[i]) {
-            normalizedFindings[i].fingerprint = enrichResult.findings[i].fingerprint;
-            normalizedFindings[i].status = enrichResult.findings[i].status;
-            normalizedFindings[i].firstSeen = enrichResult.findings[i].firstSeen;
-          }
-        }
-      } catch (fpError) {
-        if (opts.verbose) {
-          console.warn(`  ${ansi.dim}Fingerprinting skipped: ${fpError.message}${ansi.reset}`);
-        }
-      }
-    }
-    
-    // Update baseline if requested
-    if (opts.updateBaseline) {
-      try {
-        saveBaseline(projectPath, normalizedFindings, {
-          verdict: verdict?.verdict,
-          scanTime: new Date().toISOString(),
-        });
-        if (!opts.json && !opts.quiet) {
-          console.log(`  ${colors.success}✓${ansi.reset} Baseline updated with ${normalizedFindings.length} findings`);
-        }
-      } catch (blError) {
-        if (opts.verbose) {
-          console.warn(`  ${ansi.dim}Baseline save failed: ${blError.message}${ansi.reset}`);
-        }
-      }
-    }
-
     // ═══════════════════════════════════════════════════════════════════════════
     // ENHANCED OUTPUT
     // ═══════════════════════════════════════════════════════════════════════════
@@ -1201,7 +835,6 @@ async function runScan(args) {
       breakdown: report.score?.breakdown,
       timings,
       cached,
-      diff, // Include diff for display
     };
     console.log(formatScanOutput(resultForOutput, { verbose: opts.verbose }));
 
@@ -1288,28 +921,6 @@ async function runScan(args) {
       durationMs: timings.total,
     });
 
-    // Submit results to dashboard if connected
-    if (apiConnected && apiScan) {
-      try {
-        await submitScanResults(apiScan.scanId, {
-          verdict: verdict.verdict,
-          score: report.score?.overall || 0,
-          findings: report.findings || [],
-          filesScanned: report.stats?.filesScanned || 0,
-          linesScanned: report.stats?.linesScanned || 0,
-          durationMs: timings.total,
-          metadata: {
-            layers,
-            profile: opts.profile,
-            version: require('../../package.json').version,
-          },
-        });
-        console.log(`${colors.success}✓${ansi.reset} Results sent to dashboard`);
-      } catch (err) {
-        console.log(`${colors.warning}⚠${ansi.reset} Failed to send results to dashboard: ${err.message}`);
-      }
-    }
-
     return getExitCodeFromUnified ? getExitCodeFromUnified(verdict) : getExitCode(verdict);
     } else {
       // Legacy fallback output when unified output system isn't available
@@ -1319,60 +930,6 @@ async function runScan(args) {
       
       const verdict = criticalCount > 0 ? 'BLOCK' : warningCount > 0 ? 'WARN' : 'SHIP';
       
-      // ═══════════════════════════════════════════════════════════════════════════
-      // FINGERPRINTING & BASELINE COMPARISON (Legacy path)
-      // ═══════════════════════════════════════════════════════════════════════════
-      
-      const normalizedLegacyFindings = findings.map(f => ({
-        severity: f.severity === 'critical' || f.severity === 'BLOCK' ? 'critical' :
-                 f.severity === 'warning' || f.severity === 'WARN' ? 'medium' : 'low',
-        category: f.category || 'ROUTE',
-        title: f.title || f.message,
-        message: f.message || f.title,
-        file: f.file || f.evidence?.[0]?.file,
-        line: f.line || parseInt(f.evidence?.[0]?.lines?.split('-')[0]) || 1,
-        evidence: f.evidence,
-        fix: f.fixSuggestion,
-      }));
-      
-      let diff = null;
-      if (opts.baseline) {
-        try {
-          const enrichResult = enrichFindings(normalizedLegacyFindings, projectPath, true);
-          diff = enrichResult.diff;
-          
-          // Update findings with fingerprints and status
-          for (let i = 0; i < normalizedLegacyFindings.length; i++) {
-            if (enrichResult.findings[i]) {
-              normalizedLegacyFindings[i].fingerprint = enrichResult.findings[i].fingerprint;
-              normalizedLegacyFindings[i].status = enrichResult.findings[i].status;
-              normalizedLegacyFindings[i].firstSeen = enrichResult.findings[i].firstSeen;
-            }
-          }
-        } catch (fpError) {
-          if (opts.verbose) {
-            console.warn(`  ${ansi.dim}Fingerprinting skipped: ${fpError.message}${ansi.reset}`);
-          }
-        }
-      }
-      
-      // Update baseline if requested
-      if (opts.updateBaseline) {
-        try {
-          saveBaseline(projectPath, normalizedLegacyFindings, {
-            verdict,
-            scanTime: new Date().toISOString(),
-          });
-          if (!opts.json && !opts.quiet) {
-            console.log(`  ${colors.success}✓${ansi.reset} Baseline updated with ${normalizedLegacyFindings.length} findings`);
-          }
-        } catch (blError) {
-          if (opts.verbose) {
-            console.warn(`  ${ansi.dim}Baseline save failed: ${blError.message}${ansi.reset}`);
-          }
-        }
-      }
-      
       // Use enhanced output formatter for legacy fallback
       const severityCounts = {
         critical: criticalCount,
@@ -1384,10 +941,18 @@ async function runScan(args) {
       
       const result = {
         verdict: { verdict, score },
-        findings: normalizedLegacyFindings,
+        findings: findings.map(f => ({
+          severity: f.severity === 'critical' || f.severity === 'BLOCK' ? 'critical' :
+                   f.severity === 'warning' || f.severity === 'WARN' ? 'medium' : 'low',
+          category: f.category || 'ROUTE',
+          title: f.title || f.message,
+          message: f.message || f.title,
+          file: f.file,
+          line: f.line,
+          fix: f.fixSuggestion,
+        })),
         layers: [],
         timings,
-        diff,
       };
       
       console.log(formatScanOutput(result, { verbose: opts.verbose }));
@@ -1398,30 +963,8 @@ async function runScan(args) {
         issueCount: criticalCount + warningCount,
         durationMs: timings.total,
       });
-
-      // Submit results to dashboard if connected
-      if (apiConnected && apiScan) {
-        try {
-          await submitScanResults(apiScan.scanId, {
-            verdict,
-            score: verdict === 'SHIP' ? 100 : verdict === 'WARN' ? 70 : 40,
-            findings: normalizedLegacyFindings,
-            filesScanned: result.stats?.filesScanned || 0,
-            linesScanned: result.stats?.linesScanned || 0,
-            durationMs: timings.total,
-            metadata: {
-              layers,
-              profile: opts.profile,
-              version: require('../../package.json').version,
-            },
-          });
-          console.log(`${colors.success}✓${ansi.reset} Results sent to dashboard`);
-        } catch (err) {
-          console.log(`${colors.warning}⚠${ansi.reset} Failed to send results to dashboard: ${err.message}`);
-        }
-      }
       
-      return verdictToExitCode(verdict);
+      return verdict === 'SHIP' ? 0 : verdict === 'WARN' ? 1 : 2;
     }
 
   } catch (error) {
@@ -1438,16 +981,6 @@ async function runScan(args) {
       errorMessage: error.message,
       durationMs: Date.now() - startTime,
     });
-
-    // Report error to dashboard if connected
-    if (apiConnected && apiScan) {
-      try {
-        await reportScanError(apiScan.scanId, error);
-        console.log(`${colors.info}📡${ansi.reset} Error reported to dashboard`);
-      } catch (err) {
-        console.log(`${colors.warning}⚠${ansi.reset} Failed to report error to dashboard: ${err.message}`);
-      }
-    }
     
     return exitCode;
   }