@vibgrate/cli 2026.4.30 → 2026.6.5153336

package/dist/cli.js

@@ -1,29 +1,35 @@
 #!/usr/bin/env node
-import {
-  baselineCommand
-} from "./chunk-2VJCLUTR.js";
-import {
-  VERSION,
-  computeHmac,
-  dsnCommand,
-  formatMarkdown,
-  formatText,
-  parseDsn,
-  pushCommand,
-  scanCommand,
-  writeDefaultConfig
-} from "./chunk-XCIPC2J7.js";
 import {
   Semaphore,
+  baselineCommand,
   ensureDir,
   pathExists,
   readJsonFile,
   writeTextFile
-} from "./chunk-JQHUH6A3.js";
+} from "./chunk-734OP6JR.js";
+import {
+  computeRepoFingerprint,
+  detectVcs,
+  fetchScanPreflight,
+  parseDsn,
+  prepareCompressedUpload,
+  resolveRepositoryName,
+  runScan,
+  writeDefaultConfig
+} from "./chunk-K2D6JXLA.js";
+import {
+  require_semver
+} from "./chunk-74ZJFYEM.js";
+import {
+  pathExists as pathExists2
+} from "./chunk-HAT4W7NZ.js";
+import {
+  __toESM
+} from "./chunk-JSBRDJBE.js";
 
 // src/cli.ts
-import { Command as Command8 } from "commander";
-import chalk8 from "chalk";
+import { Command as Command11 } from "commander";
+import chalk12 from "chalk";
 
 // src/commands/init.ts
 import * as path from "path";
@@ -42,7 +48,7 @@ var initCommand = new Command("init").description("Initialize vibgrate in a proj
     console.log(chalk.green("\u2714") + ` Created ${chalk.bold("vibgrate.config.ts")}`);
   }
   if (opts.baseline) {
-    const { runBaseline } = await import("./baseline-QZZXBT74.js");
+    const { runBaseline } = await import("./baseline-MJNJICDN.js");
     await runBaseline(rootDir);
   }
   console.log("");
@@ -52,15 +58,1034 @@ var initCommand = new Command("init").description("Initialize vibgrate in a proj
   console.log("");
 });
 
-// src/commands/report.ts
+// src/commands/scan.ts
+import * as path3 from "path";
+import { Command as Command3 } from "commander";
+import chalk3 from "chalk";
+
+// src/version.ts
+import { createRequire } from "module";
+var require2 = createRequire(import.meta.url);
+var pkg = require2("../package.json");
+var VERSION = pkg.version;
+
+// src/commands/dsn.ts
+import * as crypto from "crypto";
 import * as path2 from "path";
 import { Command as Command2 } from "commander";
 import chalk2 from "chalk";
-var reportCommand = new Command2("report").description("Generate a drift report from a scan artifact").option("--in <file>", "Input artifact file", ".vibgrate/scan_result.json").option("--format <format>", "Output format (md|text|json)", "text").action(async (opts) => {
-  const artifactPath = path2.resolve(opts.in);
+var REGION_HOSTS = {
+  us: "us.ingest.vibgrate.com",
+  eu: "eu.ingest.vibgrate.com"
+};
+function resolveIngestHost(region, ingest) {
+  if (ingest) {
+    try {
+      return new URL(ingest).host;
+    } catch {
+      throw new Error(`Invalid ingest URL: ${ingest}`);
+    }
+  }
+  const r = (region ?? "us").toLowerCase();
+  const host = REGION_HOSTS[r];
+  if (!host) {
+    throw new Error(`Unknown region "${r}". Supported: ${Object.keys(REGION_HOSTS).join(", ")}`);
+  }
+  return host;
+}
+async function provisionDsn(keyId, secret, workspaceId, ingestHost) {
+  const url = `https://${ingestHost}/v1/provision`;
+  try {
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Connection": "close"
+        // Prevent keep-alive delays on exit
+      },
+      body: JSON.stringify({ keyId, secret, workspaceId })
+    });
+    if (!response.ok) {
+      const result = await response.json();
+      return { success: false, error: result.error || `HTTP ${response.status}` };
+    }
+    return { success: true };
+  } catch (e) {
+    return { success: false, error: e instanceof Error ? e.message : String(e) };
+  }
+}
+var dsnCommand = new Command2("dsn").description("Manage DSN tokens");
+dsnCommand.command("create").description("Create a new DSN token").option("--ingest <url>", "Ingest API URL (overrides --region)").option("--region <region>", "Data residency region (us, eu)", "us").requiredOption("--workspace <id>", 'Workspace ID (use "new" to auto-generate)').option("--write <path>", "Write DSN to file").action(async (opts) => {
+  const keyId = crypto.randomBytes(12).toString("hex");
+  const secret = crypto.randomBytes(32).toString("hex");
+  let ingestHost;
+  try {
+    ingestHost = resolveIngestHost(opts.region, opts.ingest);
+  } catch (e) {
+    console.error(chalk2.red(e instanceof Error ? e.message : String(e)));
+    process.exit(1);
+  }
+  let workspaceId = opts.workspace;
+  const isNewWorkspace = opts.workspace.toLowerCase() === "new";
+  if (isNewWorkspace) {
+    workspaceId = crypto.randomBytes(8).toString("hex");
+    console.log(chalk2.dim(`Provisioning new workspace ${workspaceId}...`));
+  }
+  if (isNewWorkspace) {
+    const result = await provisionDsn(keyId, secret, workspaceId, ingestHost);
+    if (!result.success) {
+      console.error(chalk2.red(`Failed to provision DSN: ${result.error}`));
+      process.exit(1);
+    }
+  }
+  const dsn = `vibgrate+https://${keyId}:${secret}@${ingestHost}/${workspaceId}`;
+  console.log(chalk2.green("\u2714") + " DSN created");
+  console.log("");
+  console.log(chalk2.bold("DSN:"));
+  console.log(`  ${dsn}`);
+  console.log("");
+  console.log(chalk2.bold("Key ID:"));
+  console.log(`  ${keyId}`);
+  if (isNewWorkspace) {
+    console.log("");
+    console.log(chalk2.bold("Workspace ID:"));
+    console.log(`  ${workspaceId}`);
+  }
+  console.log("");
+  console.log(chalk2.dim("Set this as VIBGRATE_DSN in your CI environment."));
+  if (!isNewWorkspace) {
+    console.log(chalk2.dim("The secret must be registered on your Vibgrate ingest API."));
+  }
+  if (opts.write) {
+    const writePath = path2.resolve(opts.write);
+    await writeTextFile(writePath, dsn + "\n");
+    console.log("");
+    console.log(chalk2.green("\u2714") + ` DSN written to ${opts.write}`);
+    console.log(chalk2.yellow("\u26A0") + " Add this file to .gitignore!");
+  }
+});
+
+// src/utils/ingest-id-output.ts
+function emitIngestIdLine(ingestId, options) {
+  console.log(`VIBGRATE_INGEST_ID=${ingestId}`);
+  if (options?.unchanged) {
+    console.log("VIBGRATE_INGEST_UNCHANGED=1");
+  }
+}
+
+// src/commands/scan.ts
+async function autoPush(artifact, rootDir, opts) {
+  const dsn = opts.dsn || process.env.VIBGRATE_DSN;
+  if (!dsn) {
+    console.error(chalk3.red("No DSN provided for push."));
+    console.error(chalk3.dim("Set VIBGRATE_DSN environment variable or use --dsn flag."));
+    if (opts.strict) process.exit(1);
+    return;
+  }
+  const parsed = parseDsn(dsn);
+  if (!parsed) {
+    console.error(chalk3.red("Invalid DSN format."));
+    if (opts.strict) process.exit(1);
+    return;
+  }
+  const { body, contentEncoding } = await prepareCompressedUpload(artifact);
+  const timestamp = String(Date.now());
+  let host = parsed.host;
+  if (opts.region) {
+    try {
+      host = resolveIngestHost(opts.region);
+    } catch (e) {
+      console.error(chalk3.red(e instanceof Error ? e.message : String(e)));
+      if (opts.strict) process.exit(1);
+      return;
+    }
+  }
+  const url = `${parsed.scheme}://${host}/v1/ingest/scan`;
+  const originalSize = JSON.stringify(artifact).length;
+  const compressedSize = body.length;
+  const ratio = ((1 - compressedSize / originalSize) * 100).toFixed(0);
+  console.log(chalk3.dim(`Uploading to ${host}... (${(compressedSize / 1024).toFixed(0)} KB, ${ratio}% smaller)`));
+  try {
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Content-Encoding": contentEncoding,
+        "X-Vibgrate-Timestamp": timestamp,
+        "Authorization": `VibgrateDSN ${parsed.keyId}:${parsed.secret}`,
+        "Connection": "close"
+        // Prevent keep-alive delays on exit
+      },
+      body
+    });
+    if (!response.ok) {
+      const text = await response.text();
+      throw new Error(`HTTP ${response.status}: ${text}`);
+    }
+    const result = await response.json();
+    if (result.unchanged) {
+      console.log(
+        chalk3.green("\u2714") + ` Repository unchanged since ${result.lastScannedAt ?? "last scan"} \u2014 skipped upload (no credit used).`
+      );
+      if (result.previousIngestId) {
+        emitIngestIdLine(result.previousIngestId, { unchanged: true });
+        const dashUrl = `https://dash.vibgrate.com/${parsed.workspaceId}/scan/${result.previousIngestId}`;
+        console.log(chalk3.dim(`  Previous report: ${dashUrl}`));
+      } else if (opts.strict) {
+        console.error(chalk3.red("Repository unchanged but no previous ingest id returned."));
+        process.exit(1);
+      }
+      return;
+    }
+    console.log(chalk3.green("\u2714") + ` Scan queued for processing (${result.ingestId ?? "ok"})`);
+    if (result.ingestId) {
+      emitIngestIdLine(result.ingestId);
+      const dashUrl = `https://dash.vibgrate.com/${parsed.workspaceId}/scan/${result.ingestId}`;
+      const CLEAR_LINE = process.platform === "win32" ? "\x1B[0G\x1B[2K" : "";
+      console.log("");
+      console.log(CLEAR_LINE + chalk3.dim("  Processing continues in the background. Results available shortly."));
+      console.log("");
+      console.log(CLEAR_LINE + chalk3.cyan("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
+      console.log(CLEAR_LINE + chalk3.bold("  \u{1F4CA} View Scan Report"));
+      console.log(CLEAR_LINE + "  " + chalk3.underline.cyan(dashUrl));
+      console.log(CLEAR_LINE + chalk3.cyan("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
+      console.log("");
+      console.log("");
+    }
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    console.error(chalk3.red(`Upload failed: ${msg}`));
+    if (opts.strict) process.exit(1);
+  }
+}
+function parseNonNegativeNumber(value, label) {
+  if (value === void 0) return void 0;
+  const parsed = Number(value);
+  if (!Number.isFinite(parsed) || parsed < 0) {
+    throw new Error(`${label} must be a non-negative number.`);
+  }
+  return parsed;
+}
+var scanCommand = new Command3("scan").description("Scan a project for upgrade drift").argument("[path]", "Path to scan", ".").option("--out <file>", "Output file path").option("--format <format>", "Output format (text|json|sarif|md)", "text").option("--fail-on <level>", "Fail on warn or error").option("--baseline <file>", "Compare against baseline").option("--changed-only", "Only scan changed files").option("--concurrency <n>", "Max concurrent npm calls", "8").option("--push", "Auto-push results to Vibgrate API after scan").option("--dsn <dsn>", "DSN token for push (or use VIBGRATE_DSN env)").option("--region <region>", "Override data residency region for push (us, eu)").option("--strict", "Fail on push errors").option("--ui-purpose", "Enable optional UI purpose evidence extraction (slower)").option("--no-local-artifacts", "Do not write .vibgrate JSON artifacts to disk").option("--max-privacy", "Enable strongest privacy mode (minimal scanners, no local artifacts)").option("--offline", "Run without network calls; do not upload results").option("--package-manifest <file>", "Use local package-version manifest JSON/ZIP (for offline mode)").option("--project-scan-timeout <seconds>", "Per-project scan timeout in seconds (default: 180)").option("--drift-budget <score>", "Fail if drift score is above budget (0-100)").option("--drift-worsening <percent>", "Fail if drift worsens by more than % since baseline").action(async (targetPath, opts) => {
+  const rootDir = path3.resolve(targetPath);
+  if (!await pathExists2(rootDir)) {
+    console.error(chalk3.red(`Path does not exist: ${rootDir}`));
+    process.exit(1);
+  }
+  const hasDsn = !!(opts.dsn || process.env.VIBGRATE_DSN);
+  const willPush = !opts.offline && (opts.push || hasDsn);
+  if (willPush && hasDsn) {
+    const dsn = opts.dsn || process.env.VIBGRATE_DSN;
+    const parsed = parseDsn(dsn);
+    if (parsed) {
+      const ingestHost = opts.region ? resolveIngestHost(opts.region) : parsed.host;
+      const vcs = await detectVcs(rootDir);
+      const fingerprint = await computeRepoFingerprint(rootDir, vcs);
+      const repositoryName = await resolveRepositoryName(rootDir);
+      try {
+        const preflight = await fetchScanPreflight(parsed, ingestHost, {
+          repositoryName,
+          vcsSha: fingerprint.vcsSha
+        });
+        if (preflight.status === "error" || !preflight.scans.allowed) {
+          console.error(chalk3.red(preflight.error ?? "Scan ingestion not allowed for this workspace."));
+          console.error(
+            chalk3.dim(
+              `Credits: ${preflight.scans.used}/${preflight.scans.limit} (${preflight.plan.label} plan)`
+            )
+          );
+          if (opts.strict) process.exit(1);
+          process.exit(1);
+        }
+        console.log(
+          chalk3.dim(
+            `Plan: ${preflight.plan.label} \u2014 scan credits ${preflight.scans.used}/${preflight.scans.limit} this month`
+          )
+        );
+        if (preflight.repository?.unchanged) {
+          console.log(
+            chalk3.green("\u2714") + ` Repository unchanged at ${preflight.repository.lastVcsSha?.slice(0, 7) ?? "same revision"} \u2014 skipping scan.`
+          );
+          if (preflight.repository.lastIngestId) {
+            emitIngestIdLine(preflight.repository.lastIngestId, { unchanged: true });
+            const dashUrl = `https://dash.vibgrate.com/${parsed.workspaceId}/scan/${preflight.repository.lastIngestId}`;
+            console.log(chalk3.dim(`  Latest report: ${dashUrl}`));
+          } else if (opts.strict) {
+            console.error(chalk3.red("Repository unchanged but no previous ingest id available."));
+            process.exit(1);
+          }
+          return;
+        }
+      } catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        console.error(chalk3.yellow(`Preflight check failed: ${msg}`));
+        if (opts.strict) process.exit(1);
+      }
+    }
+  }
+  const scanOpts = {
+    vibgrateVersion: VERSION,
+    out: opts.out,
+    format: opts.format || "text",
+    failOn: opts.failOn,
+    baseline: opts.baseline,
+    changedOnly: opts.changedOnly,
+    concurrency: parseInt(opts.concurrency, 10) || 8,
+    push: opts.push,
+    dsn: opts.dsn,
+    region: opts.region,
+    strict: opts.strict,
+    uiPurpose: opts.uiPurpose,
+    noLocalArtifacts: opts.noLocalArtifacts,
+    maxPrivacy: opts.maxPrivacy,
+    offline: opts.offline,
+    packageManifest: opts.packageManifest,
+    driftBudget: parseNonNegativeNumber(opts.driftBudget, "--drift-budget"),
+    driftWorseningPercent: parseNonNegativeNumber(opts.driftWorsening, "--drift-worsening"),
+    projectScanTimeout: opts.projectScanTimeout ? parseInt(opts.projectScanTimeout, 10) || void 0 : void 0
+  };
+  const artifact = await runScan(rootDir, scanOpts);
+  if (opts.failOn) {
+    const hasErrors = artifact.findings.some((f) => f.level === "error");
+    const hasWarnings = artifact.findings.some((f) => f.level === "warning");
+    if (opts.failOn === "error" && hasErrors) {
+      console.error(chalk3.red(`
+Failing: ${artifact.findings.filter((f) => f.level === "error").length} error finding(s) detected.`));
+      process.exit(2);
+    }
+    if (opts.failOn === "warn" && (hasErrors || hasWarnings)) {
+      console.error(chalk3.red(`
+Failing: findings detected at warn level or above.`));
+      process.exit(2);
+    }
+  }
+  if (scanOpts.driftBudget !== void 0 && artifact.drift.score > scanOpts.driftBudget) {
+    console.error(chalk3.red(`
+Failing fitness function: drift score ${artifact.drift.score}/100 exceeds budget ${scanOpts.driftBudget}.`));
+    process.exit(2);
+  }
+  if (scanOpts.driftWorseningPercent !== void 0) {
+    if (artifact.delta === void 0) {
+      console.error(chalk3.red("\nFailing fitness function: --drift-worsening requires --baseline to compare against previous drift."));
+      process.exit(2);
+    }
+    if (artifact.delta > 0) {
+      const baselineScore = artifact.drift.score - artifact.delta;
+      const denominator = Math.max(Math.abs(baselineScore), 1e-4);
+      const worseningPercent = artifact.delta / denominator * 100;
+      if (worseningPercent > scanOpts.driftWorseningPercent) {
+        console.error(chalk3.red(`
+Failing fitness function: drift worsened by ${worseningPercent.toFixed(2)}% (threshold ${scanOpts.driftWorseningPercent}%).`));
+        process.exit(2);
+      }
+    }
+  }
+  if (willPush) {
+    await autoPush(artifact, rootDir, scanOpts);
+  }
+});
+
+// src/commands/report.ts
+import * as path4 from "path";
+import { Command as Command4 } from "commander";
+import chalk5 from "chalk";
+
+// src/formatters/text.ts
+import chalk4 from "chalk";
+function formatText(artifact) {
+  const lines = [];
+  lines.push("");
+  lines.push(chalk4.cyan("    \u256D\u2500\u2500\u2500\u256E") + chalk4.greenBright("\u279C"));
+  lines.push(chalk4.cyan("   \u256D\u2524") + chalk4.greenBright("\u25C9 \u25C9") + chalk4.cyan("\u251C\u256E") + "  " + chalk4.bold.white("V I B G R A T E"));
+  lines.push(chalk4.cyan("   \u2570\u2524") + chalk4.dim("\u2500\u2500\u2500") + chalk4.cyan("\u251C\u256F") + "  " + chalk4.dim(`Drift Intelligence Engine v${VERSION}`));
+  lines.push(chalk4.cyan("    \u2570\u2500\u2500\u2500\u256F"));
+  lines.push("");
+  lines.push(chalk4.bold.cyan("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557"));
+  lines.push(chalk4.bold.cyan("\u2551        Vibgrate Drift Report             \u2551"));
+  lines.push(chalk4.bold.cyan("\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D"));
+  lines.push("");
+  for (const project of artifact.projects) {
+    lines.push(chalk4.bold(`  \u2500\u2500 ${project.name} `) + chalk4.dim(`(${project.type}) ${project.path}`));
+    if (project.runtime) {
+      const behindStr = project.runtimeMajorsBehind !== void 0 && project.runtimeMajorsBehind > 0 ? chalk4.yellow(` (${project.runtimeMajorsBehind} major${project.runtimeMajorsBehind > 1 ? "s" : ""} behind)`) : chalk4.green(" (current)");
+      lines.push(`     Runtime: ${project.runtime}${behindStr}`);
+    }
+    if (project.targetFramework) {
+      lines.push(`     Target:  ${project.targetFramework}`);
+    }
+    if (project.frameworks.length > 0) {
+      lines.push("     Frameworks:");
+      for (const fw of project.frameworks) {
+        const lag = fw.majorsBehind !== null ? fw.majorsBehind === 0 ? chalk4.green("current") : chalk4.yellow(`${fw.majorsBehind} behind`) : chalk4.dim("unknown");
+        lines.push(`       ${fw.name}: ${fw.currentVersion ?? "?"} \u2192 ${fw.latestVersion ?? "?"} (${lag})`);
+      }
+    }
+    const b = project.dependencyAgeBuckets;
+    const total = b.current + b.oneBehind + b.twoPlusBehind + b.unknown;
+    if (total > 0) {
+      lines.push("     Dependencies:");
+      lines.push(`       ${chalk4.green(`${b.current} current`)}  ${chalk4.yellow(`${b.oneBehind} 1-behind`)}  ${chalk4.red(`${b.twoPlusBehind} 2+ behind`)}  ${chalk4.dim(`${b.unknown} unknown`)}`);
+    }
+    lines.push("");
+  }
+  if (artifact.delta !== void 0) {
+    const deltaStr = artifact.delta > 0 ? chalk4.green(`+${artifact.delta}`) : artifact.delta < 0 ? chalk4.red(`${artifact.delta}`) : chalk4.dim("0");
+    lines.push(chalk4.bold("  Drift Delta: ") + deltaStr + " (vs baseline)");
+    lines.push("");
+  }
+  if (artifact.extended) {
+    lines.push(...formatExtended(artifact.extended));
+  }
+  if (artifact.findings.length > 0) {
+    const errors = artifact.findings.filter((f) => f.level === "error");
+    const warnings = artifact.findings.filter((f) => f.level === "warning");
+    const notes = artifact.findings.filter((f) => f.level === "note");
+    const summary = [
+      errors.length > 0 ? chalk4.red(`${errors.length} error${errors.length !== 1 ? "s" : ""}`) : "",
+      warnings.length > 0 ? chalk4.yellow(`${warnings.length} warning${warnings.length !== 1 ? "s" : ""}`) : "",
+      notes.length > 0 ? chalk4.blue(`${notes.length} note${notes.length !== 1 ? "s" : ""}`) : ""
+    ].filter(Boolean).join(chalk4.dim(", "));
+    lines.push(chalk4.bold.underline(`  Findings`) + chalk4.dim(` (${summary})`));
+    for (const f of artifact.findings) {
+      const icon = f.level === "error" ? chalk4.red("\u2716") : f.level === "warning" ? chalk4.yellow("\u26A0") : chalk4.blue("\u2139");
+      lines.push(`    ${icon} ${f.message}`);
+      lines.push(chalk4.dim(`      ${f.ruleId} in ${f.location}`));
+    }
+    lines.push("");
+  }
+  const actions = generatePriorityActions(artifact);
+  if (actions.length > 0) {
+    lines.push(chalk4.bold.cyan("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557"));
+    lines.push(chalk4.bold.cyan("\u2551        Top Priority Actions              \u2551"));
+    lines.push(chalk4.bold.cyan("\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D"));
+    lines.push("");
+    for (let i = 0; i < actions.length; i++) {
+      const a = actions[i];
+      const num = chalk4.bold.cyan(`  ${i + 1}.`);
+      lines.push(`${num} ${chalk4.bold(a.title)}`);
+      lines.push(chalk4.dim(`     ${a.explanation}`));
+      if (a.impact) lines.push(`     Impact: ${chalk4.green(a.impact)}`);
+      lines.push("");
+    }
+  }
+  if (artifact.extended?.architecture) {
+    lines.push(...formatArchitectureDiagram(artifact.extended.architecture));
+  }
+  if (artifact.solutions && artifact.solutions.length > 0) {
+    lines.push(chalk4.bold.cyan("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557"));
+    lines.push(chalk4.bold.cyan("\u2551        Solution Drift Summary            \u2551"));
+    lines.push(chalk4.bold.cyan("\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D"));
+    lines.push("");
+    for (const solution of artifact.solutions) {
+      const solScore = solution.drift?.score;
+      const color = typeof solScore === "number" ? solScore >= 70 ? chalk4.green : solScore >= 40 ? chalk4.yellow : chalk4.red : chalk4.dim;
+      lines.push(`  \u2022 ${solution.name} (${solution.projectPaths.length} projects) \u2014 ${typeof solScore === "number" ? color(`${solScore}/100`) : chalk4.dim("n/a")}`);
+    }
+    lines.push("");
+  }
+  const scoreColor = artifact.drift.score >= 70 ? chalk4.green : artifact.drift.score >= 40 ? chalk4.yellow : chalk4.red;
+  lines.push(chalk4.bold.cyan("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557"));
+  lines.push(chalk4.bold.cyan("\u2551        Drift Score Summary               \u2551"));
+  lines.push(chalk4.bold.cyan("\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D"));
+  lines.push("");
+  lines.push(chalk4.bold("  Drift Score:  ") + scoreColor.bold(`${artifact.drift.score}/100`));
+  lines.push(chalk4.bold("  Risk Level:   ") + riskBadge(artifact.drift.riskLevel));
+  lines.push(chalk4.bold("  Projects:     ") + `${artifact.projects.length}`);
+  if (artifact.vcs) {
+    const vcsParts = [artifact.vcs.type];
+    if (artifact.vcs.branch) vcsParts.push(artifact.vcs.branch);
+    if (artifact.vcs.shortSha) vcsParts.push(chalk4.dim(artifact.vcs.shortSha));
+    lines.push(chalk4.bold("  VCS:          ") + vcsParts.join(" "));
+  }
+  lines.push("");
+  const m = new Set(artifact.drift.measured ?? ["runtime", "framework", "dependency", "eol"]);
+  lines.push("  " + chalk4.bold.underline("Score Breakdown"));
+  lines.push(`    Runtime:      ${m.has("runtime") ? scoreBar(artifact.drift.components.runtimeScore) : chalk4.dim("n/a")}`);
+  lines.push(`    Frameworks:   ${m.has("framework") ? scoreBar(artifact.drift.components.frameworkScore) : chalk4.dim("n/a")}`);
+  lines.push(`    Dependencies: ${m.has("dependency") ? scoreBar(artifact.drift.components.dependencyScore) : chalk4.dim("n/a")}`);
+  lines.push(`    EOL Risk:     ${m.has("eol") ? scoreBar(artifact.drift.components.eolScore) : chalk4.dim("n/a")}`);
+  lines.push("");
+  const scannedParts = [`Scanned at ${artifact.timestamp}`];
+  if (artifact.durationMs !== void 0) {
+    const secs = (artifact.durationMs / 1e3).toFixed(1);
+    scannedParts.push(`${secs}s`);
+  }
+  if (artifact.filesScanned !== void 0) {
+    scannedParts.push(`${artifact.filesScanned} file${artifact.filesScanned !== 1 ? "s" : ""} scanned`);
+  }
+  if (artifact.treeSummary) {
+    scannedParts.push(`${artifact.treeSummary.totalFiles.toLocaleString()} workspace files`);
+    scannedParts.push(`${artifact.treeSummary.totalDirs.toLocaleString()} dirs`);
+  }
+  lines.push(chalk4.dim(`  ${scannedParts.join(" \xB7 ")}`));
+  lines.push("");
+  return lines.join("\n");
+}
+function riskBadge(level) {
+  switch (level) {
+    case "low":
+      return chalk4.bgGreen.black(" LOW ");
+    case "moderate":
+      return chalk4.bgYellow.black(" MODERATE ");
+    case "high":
+      return chalk4.bgRed.white(" HIGH ");
+    default:
+      return level;
+  }
+}
+function scoreBar(score) {
+  const width = 20;
+  const filled = Math.round(score / 100 * width);
+  const empty = width - filled;
+  const color = score >= 70 ? chalk4.green : score >= 40 ? chalk4.yellow : chalk4.red;
+  return color("\u2588".repeat(filled)) + chalk4.dim("\u2591".repeat(empty)) + ` ${Math.round(score)}`;
+}
+var CATEGORY_LABELS = {
+  frontend: "Frontend",
+  metaFrameworks: "Meta-frameworks",
+  bundlers: "Bundlers",
+  css: "CSS / UI",
+  backend: "Backend",
+  orm: "ORM / Database",
+  testing: "Testing",
+  lintFormat: "Lint & Format",
+  apiMessaging: "API & Messaging",
+  observability: "Observability",
+  payment: "Payment",
+  auth: "Auth",
+  email: "Email",
+  cloud: "Cloud",
+  databases: "Databases",
+  messaging: "Messaging",
+  crm: "CRM & Comms",
+  storage: "Storage",
+  search: "Search & AI"
+};
+function formatExtended(ext) {
+  const lines = [];
+  if (ext.toolingInventory) {
+    const inv = ext.toolingInventory;
+    const categories = Object.entries(inv).filter(([, items]) => items.length > 0);
+    if (categories.length > 0) {
+      lines.push(chalk4.bold.underline("  Tech Stack"));
+      for (const [cat, items] of categories) {
+        const label = CATEGORY_LABELS[cat] ?? cat;
+        const names = items.map((i) => chalk4.white(i.name)).join(chalk4.dim(", "));
+        lines.push(`    ${chalk4.cyan(label)}: ${names}`);
+      }
+      lines.push("");
+    }
+  }
+  if (ext.serviceDependencies) {
+    const svc = ext.serviceDependencies;
+    const categories = Object.entries(svc).filter(([, items]) => items.length > 0);
+    if (categories.length > 0) {
+      lines.push(chalk4.bold.underline("  Services & Integrations"));
+      for (const [cat, items] of categories) {
+        const label = CATEGORY_LABELS[cat] ?? cat;
+        const names = items.map((i) => {
+          const ver = i.version ? chalk4.dim(` ${i.version}`) : "";
+          return chalk4.white(i.name) + ver;
+        }).join(chalk4.dim(", "));
+        lines.push(`    ${chalk4.cyan(label)}: ${names}`);
+      }
+      lines.push("");
+    }
+  }
+  if (ext.breakingChangeExposure) {
+    const bc = ext.breakingChangeExposure;
+    if (bc.deprecatedPackages.length > 0 || bc.legacyPolyfills.length > 0) {
+      lines.push(chalk4.bold.underline("  Breaking Change Exposure"));
+      const exposureColor = bc.exposureScore >= 40 ? chalk4.red : bc.exposureScore >= 20 ? chalk4.yellow : chalk4.green;
+      lines.push(`    Exposure Score: ${exposureColor.bold(`${bc.exposureScore}/100`)}`);
+      if (bc.deprecatedPackages.length > 0) {
+        lines.push(`    ${chalk4.red("Deprecated")}: ${bc.deprecatedPackages.map((p) => chalk4.dim(p)).join(", ")}`);
+      }
+      if (bc.legacyPolyfills.length > 0) {
+        lines.push(`    ${chalk4.yellow("Polyfills")}: ${bc.legacyPolyfills.map((p) => chalk4.dim(p)).join(", ")}`);
+      }
+      if (bc.peerConflictsDetected) {
+        lines.push(`    ${chalk4.red("\u26A0")} Peer dependency conflicts detected`);
+      }
+      lines.push(`    Recommendation: ${chalk4.bold(bc.overallRecommendation)}`);
+      const projectsWithPlans = bc.projectIntelligence.filter((p) => p.packages.length > 0).slice(0, 3);
+      if (projectsWithPlans.length > 0) {
+        lines.push("    Major Upgrade Intelligence:");
+        for (const p of projectsWithPlans) {
+          lines.push(`      - ${p.project} (${p.recommendation})`);
+          for (const pkg2 of p.packages.slice(0, 2)) {
+            lines.push(`        \xB7 ${pkg2.package} ${pkg2.currentVersion ?? "?"} \u2192 ${pkg2.targetVersion ?? "?"} | touched ~${pkg2.usage.touchedPercent}% | ${pkg2.automatable}`);
+          }
+        }
+      }
+      lines.push("");
+    }
+  }
+  if (ext.tsModernity && ext.tsModernity.typescriptVersion) {
+    const ts = ext.tsModernity;
+    lines.push(chalk4.bold.underline("  TypeScript"));
+    const parts = [];
+    parts.push(`v${ts.typescriptVersion}`);
+    if (ts.strict === true) parts.push(chalk4.green("strict \u2714"));
+    else if (ts.strict === false) parts.push(chalk4.yellow("strict \u2716"));
+    if (ts.moduleType) parts.push(ts.moduleType.toUpperCase());
+    if (ts.target) parts.push(`target: ${ts.target}`);
+    lines.push(`    ${parts.join(chalk4.dim(" \xB7 "))}`);
+    lines.push("");
+  }
+  if (ext.buildDeploy) {
+    const bd = ext.buildDeploy;
+    const hasSomething = bd.ci.length > 0 || bd.docker.dockerfileCount > 0 || bd.packageManagers.length > 0;
+    if (hasSomething) {
+      lines.push(chalk4.bold.underline("  Build & Deploy"));
+      if (bd.ci.length > 0) lines.push(`    CI: ${bd.ci.join(", ")}`);
+      if (bd.docker.dockerfileCount > 0) {
+        lines.push(`    Docker: ${bd.docker.dockerfileCount} Dockerfile${bd.docker.dockerfileCount !== 1 ? "s" : ""} (${bd.docker.baseImages.join(", ")})`);
+      }
+      if (bd.packageManagers.length > 0) lines.push(`    Package Managers: ${bd.packageManagers.join(", ")}`);
+      if (bd.monorepoTools.length > 0) lines.push(`    Monorepo: ${bd.monorepoTools.join(", ")}`);
+      if (bd.iac.length > 0) lines.push(`    IaC: ${bd.iac.join(", ")}`);
+      lines.push("");
+    }
+  }
+  if (ext.uiPurpose) {
+    const up = ext.uiPurpose;
+    lines.push(chalk4.bold.underline("  Product Purpose Signals"));
+    lines.push(`    Frameworks: ${up.detectedFrameworks.length > 0 ? up.detectedFrameworks.join(", ") : chalk4.dim("unknown")}`);
+    lines.push(`    Evidence: ${up.topEvidence.length}${up.capped ? chalk4.dim(` of ${up.evidenceCount} (capped)`) : ""}`);
+    const top = up.topEvidence.slice(0, 8);
+    if (top.length > 0) {
+      lines.push("    Top Signals:");
+      for (const item of top) {
+        lines.push(`      - [${item.kind}] ${item.value} ${chalk4.dim(`(${item.file})`)}`);
+      }
+    }
+    if (up.unknownSignals.length > 0) {
+      lines.push("    Unknowns:");
+      for (const u of up.unknownSignals.slice(0, 4)) {
+        lines.push(`      - ${chalk4.yellow(u)}`);
+      }
+    }
+    lines.push("");
+  }
+  if (ext.securityPosture) {
+    const sec = ext.securityPosture;
+    lines.push(chalk4.bold.underline("  Security Posture"));
+    const checks = [];
+    checks.push(sec.lockfilePresent ? chalk4.green("Lockfile \u2714") : chalk4.red("Lockfile \u2716"));
+    checks.push(sec.gitignoreCoversEnv ? chalk4.green(".env \u2714") : chalk4.red(".env \u2716"));
+    checks.push(sec.gitignoreCoversNodeModules ? chalk4.green("node_modules \u2714") : chalk4.yellow("node_modules \u2716"));
+    if (sec.multipleLockfileTypes) checks.push(chalk4.yellow("Multiple lockfiles \u26A0"));
+    if (sec.envFilesTracked) checks.push(chalk4.red("Env files tracked \u2716"));
+    lines.push(`    ${checks.join(chalk4.dim(" \xB7 "))}`);
+    lines.push("");
+  }
+  if (ext.platformMatrix) {
+    const pm = ext.platformMatrix;
+    if (pm.nativeModules.length > 0 || pm.dockerBaseImages.length > 0) {
+      lines.push(chalk4.bold.underline("  Platform"));
+      if (pm.nativeModules.length > 0) {
+        lines.push(`    Native modules: ${pm.nativeModules.map((m) => chalk4.dim(m)).join(", ")}`);
+      }
+      if (pm.osAssumptions.length > 0) {
+        lines.push(`    OS assumptions: ${pm.osAssumptions.join(", ")}`);
+      }
+      lines.push("");
+    }
+  }
+  if (ext.codeQuality) {
+    const cq = ext.codeQuality;
+    lines.push(chalk4.bold.underline("  Code Quality"));
+    lines.push(`    Files: ${chalk4.white(`${cq.filesAnalyzed}`)} \xB7 Functions: ${chalk4.white(`${cq.functionsAnalyzed}`)} \xB7 Avg complexity: ${chalk4.white(`${cq.avgCyclomaticComplexity}`)} \xB7 Avg length: ${chalk4.white(`${cq.avgFunctionLength}`)} lines`);
+    lines.push(`    Max nesting: ${cq.maxNestingDepth} \xB7 Circular deps: ${cq.circularDependencies} \xB7 Dead code: ${cq.deadCodePercent}%`);
+    if (cq.godFiles.length > 0) {
+      const preview = cq.godFiles.slice(0, 3).map((f) => `${f.path} (${f.lines} lines)`).join(", ");
+      lines.push(`    ${chalk4.yellow("God files")}: ${preview}`);
+    }
+    lines.push("");
+  }
+  if (ext.dependencyGraph) {
+    const dg = ext.dependencyGraph;
+    if (dg.lockfileType) {
+      lines.push(chalk4.bold.underline("  Dependency Graph"));
+      lines.push(`    ${dg.lockfileType}: ${chalk4.white(`${dg.totalUnique}`)} unique, ${chalk4.white(`${dg.totalInstalled}`)} installed`);
+      if (dg.duplicatedPackages.length > 0) {
+        lines.push(`    ${chalk4.yellow(`${dg.duplicatedPackages.length} duplicated`)} packages`);
+      }
+      if (dg.phantomDependencies.length > 0) {
+        lines.push(`    ${chalk4.red(`${dg.phantomDependencies.length} phantom`)} dependencies`);
+      }
+      lines.push("");
+    }
+  }
+  return lines;
+}
+function formatArchitectureDiagram(arch) {
+  const lines = [];
+  lines.push(chalk4.bold.cyan("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557"));
+  lines.push(chalk4.bold.cyan("\u2551        Architecture Layers               \u2551"));
+  lines.push(chalk4.bold.cyan("\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D"));
+  lines.push("");
+  lines.push(chalk4.bold("  Archetype: ") + `${arch.archetype}` + chalk4.dim(` (${Math.round(arch.archetypeConfidence * 100)}% confidence)`));
+  lines.push(`  Files classified: ${arch.totalClassified}` + (arch.unclassified > 0 ? chalk4.dim(` (${arch.unclassified} unclassified)`) : ""));
+  lines.push("");
+  if (arch.layers.length > 0) {
+    for (const layer of arch.layers) {
+      const risk = layer.riskLevel === "none" ? chalk4.dim("none") : layer.riskLevel === "low" ? chalk4.green("low") : layer.riskLevel === "moderate" ? chalk4.yellow("moderate") : chalk4.red("high");
+      lines.push(`    ${chalk4.bold(layer.layer)}  ${layer.fileCount} file${layer.fileCount !== 1 ? "s" : ""}  drift ${scoreBar(layer.driftScore)}  risk ${risk}`);
+    }
+    lines.push("");
+  }
+  return lines;
+}
+function generatePriorityActions(artifact) {
+  const actions = [];
+  const eolProjects = artifact.projects.filter(
+    (p) => p.runtimeMajorsBehind !== void 0 && p.runtimeMajorsBehind >= 3
+  );
+  if (eolProjects.length > 0) {
+    const names = eolProjects.map((p) => p.name).join(", ");
+    let detail = `End-of-life runtimes no longer receive security patches and block ecosystem upgrades.`;
+    const fileLines = [];
+    for (const p of eolProjects) {
+      fileLines.push(`
+     ./${p.path}`);
+      fileLines.push(`
+       ${p.runtime} \u2192 ${p.runtimeLatest} (${p.runtimeMajorsBehind} major${p.runtimeMajorsBehind > 1 ? "s" : ""} behind)`);
+    }
+    detail += fileLines.join("");
+    actions.push({
+      title: `Upgrade EOL runtime${eolProjects.length > 1 ? "s" : ""} in ${names}`,
+      explanation: detail,
+      impact: `+${Math.min(eolProjects.length * 10, 30)} points (runtime & EOL scores)`,
+      severity: 100
+    });
+  }
+  const severeFrameworks = [];
+  for (const p of artifact.projects) {
+    for (const fw of p.frameworks) {
+      if (fw.majorsBehind !== null && fw.majorsBehind >= 3) {
+        severeFrameworks.push({ name: fw.name, fw: `${fw.currentVersion} \u2192 ${fw.latestVersion}`, behind: fw.majorsBehind, project: p.name, projectPath: p.path });
+      }
+    }
+  }
+  if (severeFrameworks.length > 0) {
+    const worst = severeFrameworks.sort((a, b) => b.behind - a.behind)[0];
+    const others = severeFrameworks.length > 1 ? ` (+${severeFrameworks.length - 1} more)` : "";
+    let detail = `${worst.behind} major versions behind. Major framework drift increases breaking change risk and blocks access to security fixes and performance improvements.`;
+    const fileLines = [];
+    let shown = 0;
+    for (const sf of severeFrameworks) {
+      if (shown >= 8) break;
+      fileLines.push(`
+     ./${sf.projectPath}`);
+      fileLines.push(`
+       ${sf.name}: ${sf.fw} (${sf.behind} major${sf.behind > 1 ? "s" : ""} behind)`);
+      shown++;
+    }
+    const remaining = severeFrameworks.length - shown;
+    detail += fileLines.join("");
+    if (remaining > 0) detail += `
+     ... and ${remaining} more`;
+    actions.push({
+      title: `Upgrade ${worst.name} ${worst.fw} in ${worst.project}${others}`,
+      explanation: detail,
+      impact: `+5\u201315 points`,
+      severity: 90
+    });
+  }
+  for (const p of artifact.projects) {
+    const b = p.dependencyAgeBuckets;
+    const total = b.current + b.oneBehind + b.twoPlusBehind;
+    if (total === 0) continue;
+    const twoPlusPct = Math.round(b.twoPlusBehind / total * 100);
+    if (twoPlusPct >= 40) {
+      let detail = `${b.twoPlusBehind} of ${total} dependencies are 2+ majors behind. Run \`npm outdated\` and prioritise packages with known CVEs or breaking API changes.`;
+      const worstDeps = p.dependencies.filter((d) => d.majorsBehind !== null && d.majorsBehind >= 2).sort((a, b2) => (b2.majorsBehind ?? 0) - (a.majorsBehind ?? 0));
+      if (worstDeps.length > 0) {
+        const depLines = [];
+        let shown = 0;
+        depLines.push(`
+     ./${p.path}`);
+        for (const dep of worstDeps) {
+          if (shown >= 8) break;
+          const current = dep.resolvedVersion ?? dep.currentSpec;
+          const latest = dep.latestStable ?? "?";
+          depLines.push(`
+       ${dep.package}: ${current} \u2192 ${latest} (${dep.majorsBehind} major${dep.majorsBehind > 1 ? "s" : ""} behind)`);
+          shown++;
+        }
+        const remaining = worstDeps.length - shown;
+        detail += depLines.join("");
+        if (remaining > 0) detail += `
+     ... and ${remaining} more`;
+      }
+      actions.push({
+        title: `Reduce dependency rot in ${p.name} (${twoPlusPct}% severely outdated)`,
+        explanation: detail,
+        impact: `+5\u201310 points`,
+        severity: 80 + twoPlusPct / 10
+      });
+    }
+  }
+  const twoMajorFrameworks = [];
+  for (const p of artifact.projects) {
+    for (const fw of p.frameworks) {
+      if (fw.majorsBehind === 2) {
+        twoMajorFrameworks.push({ name: fw.name, project: p.name, projectPath: p.path, fw: `${fw.currentVersion} \u2192 ${fw.latestVersion}` });
+      }
+    }
+  }
+  const uniqueTwo = [...new Map(twoMajorFrameworks.map((f) => [f.name, f])).values()];
+  if (uniqueTwo.length > 0) {
+    const list = uniqueTwo.slice(0, 3).map((f) => `${f.name} (${f.fw})`).join(", ");
+    const moreCount = uniqueTwo.length > 3 ? ` +${uniqueTwo.length - 3} more` : "";
+    let detail = `These frameworks are 2 major versions behind. Create upgrade tickets and check migration guides \u2014 the gap will widen with each new release.`;
+    const fileLines = [];
+    let shown = 0;
+    for (const tf of twoMajorFrameworks) {
+      if (shown >= 8) break;
+      fileLines.push(`
+     ./${tf.projectPath}`);
+      fileLines.push(`
+       ${tf.name}: ${tf.fw}`);
+      shown++;
+    }
+    const remaining = twoMajorFrameworks.length - shown;
+    detail += fileLines.join("");
+    if (remaining > 0) detail += `
+     ... and ${remaining} more`;
+    actions.push({
+      title: `Plan major framework upgrades: ${list}${moreCount}`,
+      explanation: detail,
+      impact: `+5\u201310 points`,
+      severity: 60
+    });
+  }
+  if (artifact.extended?.breakingChangeExposure) {
+    const bc = artifact.extended.breakingChangeExposure;
+    const total = bc.deprecatedPackages.length + bc.legacyPolyfills.length;
+    if (total > 0) {
+      const items = [...bc.deprecatedPackages, ...bc.legacyPolyfills].slice(0, 5).join(", ");
+      const moreCount = total > 5 ? ` +${total - 5} more` : "";
+      let detail = `${total} package${total !== 1 ? "s" : ""} are deprecated or legacy polyfills. These receive no updates and may have known vulnerabilities.`;
+      const allPkgNames = /* @__PURE__ */ new Set([...bc.deprecatedPackages, ...bc.legacyPolyfills]);
+      const fileLines = [];
+      let shown = 0;
+      for (const p of artifact.projects) {
+        const matches = p.dependencies.filter((d) => allPkgNames.has(d.package));
+        if (matches.length === 0) continue;
+        if (shown >= 10) break;
+        fileLines.push(`
+     ./${p.path}`);
+        for (const dep of matches) {
+          if (shown >= 10) break;
+          const ver = dep.resolvedVersion ?? dep.currentSpec;
+          const label = bc.deprecatedPackages.includes(dep.package) ? "deprecated" : "polyfill";
+          fileLines.push(`
+       ${dep.package}: ${ver} (${label})`);
+          shown++;
+        }
+      }
+      const remaining = total - shown;
+      detail += fileLines.join("");
+      if (remaining > 0) detail += `
+     ... and ${remaining} more`;
+      actions.push({
+        title: `Replace deprecated/legacy packages: ${items}${moreCount}`,
+        explanation: detail,
+        severity: 55
+      });
+    }
+  }
+  if (artifact.extended?.dependencyGraph) {
+    const dg = artifact.extended.dependencyGraph;
+    const phantomCount = dg.phantomDependencies.length;
+    if (phantomCount >= 10) {
+      let detail = `Packages used in code but not declared in package.json. These rely on transitive installs and can break unpredictably when other packages update.`;
+      const details = dg.phantomDependencyDetails;
+      if (details && details.length > 0) {
+        const byPath = /* @__PURE__ */ new Map();
+        for (const d of details) {
+          if (!byPath.has(d.sourcePath)) byPath.set(d.sourcePath, []);
+          byPath.get(d.sourcePath).push({ package: d.package, spec: d.spec });
+        }
+        const pathLines = [];
+        let shown = 0;
+        for (const [srcPath, pkgs] of byPath) {
+          if (shown >= 10) break;
+          pathLines.push(`
+     ./${srcPath}`);
+          for (const pkg2 of pkgs) {
+            if (shown >= 10) break;
+            pathLines.push(`
+       ${pkg2.package}: ${pkg2.spec}`);
+            shown++;
+          }
+        }
+        const remaining = phantomCount - shown;
+        detail += pathLines.join("");
+        if (remaining > 0) detail += `
+     ... and ${remaining} more`;
+      }
+      actions.push({
+        title: `Fix ${phantomCount} phantom dependencies`,
+        explanation: detail,
+        severity: 45
+      });
+    }
+  }
+  if (artifact.extended?.securityPosture) {
+    const sec = artifact.extended.securityPosture;
+    if (sec.envFilesTracked || !sec.lockfilePresent) {
+      const issues = [];
+      if (sec.envFilesTracked) issues.push(".env files are tracked in git");
+      if (!sec.lockfilePresent) issues.push("no lockfile found");
+      let detail;
+      if (sec.envFilesTracked) {
+        detail = "Environment files may contain secrets. Add them to .gitignore and rotate any exposed credentials immediately.";
+        detail += "\n     ./.gitignore";
+        detail += "\n       Add: .env, .env.*, .env.local";
+      } else {
+        detail = "Without a lockfile, installs are non-deterministic. Run the install command to generate one and commit it.";
+        detail += "\n     ./";
+        detail += `
+       Missing: ${sec.lockfileTypes.length > 0 ? sec.lockfileTypes.join(", ") + " (multiple types detected)" : "package-lock.json, pnpm-lock.yaml, or yarn.lock"}`;
+      }
+      actions.push({
+        title: `Fix security posture: ${issues.join(", ")}`,
+        explanation: detail,
+        severity: 95
+      });
+    }
+  }
+  if (artifact.extended?.dependencyGraph) {
+    const dupes = artifact.extended.dependencyGraph.duplicatedPackages;
+    const highImpactDupes = dupes.filter((d) => d.versions.length >= 3);
+    if (highImpactDupes.length >= 3) {
+      const names = highImpactDupes.slice(0, 4).map((d) => `${d.name} (${d.versions.length}v)`).join(", ");
+      let detail = `${highImpactDupes.length} packages have 3+ versions installed. Run \`npm dedupe\` to reduce bundle size and install time.`;
+      const dupeLines = [];
+      let shown = 0;
+      for (const d of highImpactDupes) {
+        if (shown >= 8) break;
+        dupeLines.push(`
+       ${d.name}: ${d.versions.join(", ")} (${d.consumers} consumer${d.consumers !== 1 ? "s" : ""})`);
+        shown++;
+      }
+      const remaining = highImpactDupes.length - shown;
+      detail += dupeLines.join("");
+      if (remaining > 0) detail += `
+     ... and ${remaining} more`;
+      actions.push({
+        title: `Deduplicate heavily-versioned packages`,
+        explanation: detail,
+        severity: 35
+      });
+    }
+  }
+  actions.sort((a, b) => b.severity - a.severity);
+  return actions.slice(0, 5);
+}
+
+// src/formatters/markdown.ts
+function formatMarkdown(artifact) {
+  const lines = [];
+  lines.push("# Vibgrate Drift Report");
+  lines.push("");
+  lines.push(`| Metric | Value |`);
+  lines.push(`|--------|-------|`);
+  lines.push(`| **Drift Score** | ${artifact.drift.score}/100 |`);
+  lines.push(`| **Risk Level** | ${artifact.drift.riskLevel.toUpperCase()} |`);
+  lines.push(`| **Projects** | ${artifact.projects.length} |`);
+  const scannedMeta = [artifact.timestamp];
+  if (artifact.durationMs !== void 0) scannedMeta.push(`${(artifact.durationMs / 1e3).toFixed(1)}s`);
+  if (artifact.filesScanned !== void 0) scannedMeta.push(`${artifact.filesScanned} files`);
+  if (artifact.treeSummary) scannedMeta.push(`${artifact.treeSummary.totalFiles.toLocaleString()} workspace files \xB7 ${artifact.treeSummary.totalDirs.toLocaleString()} dirs`);
+  lines.push(`| **Scanned** | ${scannedMeta.join(" \xB7 ")} |`);
+  if (artifact.vcs) {
+    lines.push(`| **VCS** | ${artifact.vcs.type} |`);
+    if (artifact.vcs.branch) lines.push(`| **Branch** | ${artifact.vcs.branch} |`);
+    if (artifact.vcs.sha) lines.push(`| **Commit** | \`${artifact.vcs.shortSha}\` |`);
+  }
+  lines.push("");
+  lines.push("## Score Breakdown");
+  lines.push("");
+  lines.push(`| Component | Score |`);
+  lines.push(`|-----------|-------|`);
+  lines.push(`| Runtime | ${artifact.drift.components.runtimeScore} |`);
+  lines.push(`| Frameworks | ${artifact.drift.components.frameworkScore} |`);
+  lines.push(`| Dependencies | ${artifact.drift.components.dependencyScore} |`);
+  lines.push(`| EOL Risk | ${artifact.drift.components.eolScore} |`);
+  lines.push("");
+  lines.push("## Projects");
+  lines.push("");
+  for (const project of artifact.projects) {
+    lines.push(`### ${project.name} (${project.type})`);
+    lines.push("");
+    if (project.runtime) {
+      const lag = project.runtimeMajorsBehind !== void 0 && project.runtimeMajorsBehind > 0 ? ` \u2014 ${project.runtimeMajorsBehind} major(s) behind` : " \u2014 current";
+      lines.push(`- **Runtime:** ${project.runtime}${lag}`);
+    }
+    if (project.frameworks.length > 0) {
+      lines.push("- **Frameworks:**");
+      for (const fw of project.frameworks) {
+        const lag = fw.majorsBehind !== null ? fw.majorsBehind === 0 ? "current" : `${fw.majorsBehind} behind` : "unknown";
+        lines.push(`  - ${fw.name}: ${fw.currentVersion ?? "?"} \u2192 ${fw.latestVersion ?? "?"} (${lag})`);
+      }
+    }
+    const b = project.dependencyAgeBuckets;
+    const total = b.current + b.oneBehind + b.twoPlusBehind + b.unknown;
+    if (total > 0) {
+      lines.push(`- **Dependencies:** ${b.current} current, ${b.oneBehind} 1-behind, ${b.twoPlusBehind} 2+ behind, ${b.unknown} unknown`);
+    }
+    lines.push("");
+  }
+  if (artifact.extended?.uiPurpose) {
+    const up = artifact.extended.uiPurpose;
+    lines.push("## Product Purpose Signals");
+    lines.push("");
+    lines.push(`- **Frameworks:** ${up.detectedFrameworks.length > 0 ? up.detectedFrameworks.join(", ") : "unknown"}`);
+    lines.push(`- **Evidence Items:** ${up.topEvidence.length}${up.capped ? ` (capped from ${up.evidenceCount})` : ""}`);
+    if (up.topEvidence.length > 0) {
+      lines.push("- **Top Evidence:**");
+      for (const item of up.topEvidence.slice(0, 10)) {
+        lines.push(`  - [${item.kind}] ${item.value} (${item.file})`);
+      }
+    }
+    if (up.unknownSignals.length > 0) {
+      lines.push("- **Unknowns:**");
+      for (const u of up.unknownSignals.slice(0, 5)) {
+        lines.push(`  - ${u}`);
+      }
+    }
+    lines.push("");
+  }
+  if (artifact.findings.length > 0) {
+    lines.push("## Findings");
+    lines.push("");
+    lines.push(`| Level | Rule | Message | Location |`);
+    lines.push(`|-------|------|---------|----------|`);
+    for (const f of artifact.findings) {
+      const emoji = f.level === "error" ? "\u{1F534}" : f.level === "warning" ? "\u{1F7E1}" : "\u{1F535}";
+      lines.push(`| ${emoji} ${f.level} | ${f.ruleId} | ${f.message} | ${f.location} |`);
+    }
+    lines.push("");
+  }
+  if (artifact.delta !== void 0) {
+    const dir = artifact.delta > 0 ? "\u{1F4C8}" : artifact.delta < 0 ? "\u{1F4C9}" : "\u27A1\uFE0F";
+    lines.push(`## Drift Delta: ${dir} ${artifact.delta > 0 ? "+" : ""}${artifact.delta} vs baseline`);
+    lines.push("");
+  }
+  return lines.join("\n");
+}
+
+// src/commands/report.ts
+var reportCommand = new Command4("report").description("Generate a drift report from a scan artifact").option("--in <file>", "Input artifact file", ".vibgrate/scan_result.json").option("--format <format>", "Output format (md|text|json)", "text").action(async (opts) => {
+  const artifactPath = path4.resolve(opts.in);
   if (!await pathExists(artifactPath)) {
-    console.error(chalk2.red(`Artifact not found: ${artifactPath}`));
-    console.error(chalk2.dim('Run "vibgrate scan" first to generate a scan artifact.'));
+    console.error(chalk5.red(`Artifact not found: ${artifactPath}`));
+    console.error(chalk5.dim('Run "vibgrate scan" first to generate a scan artifact.'));
     process.exit(1);
   }
   const artifact = await readJsonFile(artifactPath);
@@ -78,20 +1103,370 @@ var reportCommand = new Command2("report").description("Generate a drift report
   }
 });
 
+// src/commands/push.ts
+import * as crypto2 from "crypto";
+import * as path5 from "path";
+import { Command as Command5 } from "commander";
+import chalk6 from "chalk";
+
+// src/utils/compact-artifact.ts
+import * as zlib from "zlib";
+import { promisify } from "util";
+
+// src/utils/compact-evidence.ts
+var CATEGORY_PATTERNS = [
+  { category: "pricing", pattern: /price|pricing|billing|subscri|trial|credit|plan|tier|upgrade|premium|pro|enterprise/i },
+  { category: "auth", pattern: /sign[- ]?in|sign[- ]?up|log[- ]?in|log[- ]?out|auth|sso|oauth|password|register|invite|onboard/i },
+  { category: "dashboard", pattern: /dashboard|overview|home|main|summary|stats/i },
+  { category: "settings", pattern: /setting|config|preference|option|profile|account/i },
+  { category: "users", pattern: /user|member|team|role|permission|access|admin|owner/i },
+  { category: "integrations", pattern: /integrat|connect|webhook|api[- ]?key|sync|import|export/i },
+  { category: "reports", pattern: /report|analy|metric|chart|graph|insight|track/i },
+  { category: "workflows", pattern: /workflow|automat|schedule|trigger|action|job|task|pipeline/i },
+  { category: "projects", pattern: /project|workspace|organization|folder|repo/i },
+  { category: "navigation", pattern: /menu|nav|sidebar|header|footer|breadcrumb/i }
+];
+function compactUiPurpose(result, maxSamplesPerCategory = 3) {
+  const evidence = result.topEvidence;
+  const dependencies = evidence.filter((e) => e.kind === "dependency").map((e) => e.value).slice(0, 10);
+  const routes = dedupeRoutes(
+    evidence.filter((e) => e.kind === "route").map((e) => e.value)
+  ).slice(0, 15);
+  const textEvidence = evidence.filter(
+    (e) => e.kind !== "dependency" && e.kind !== "route" && e.kind !== "feature_flag"
+  );
+  const byCategory = /* @__PURE__ */ new Map();
+  const categoryCounts = {};
+  for (const item of textEvidence) {
+    const category = categorize(item.value);
+    if (!byCategory.has(category)) {
+      byCategory.set(category, /* @__PURE__ */ new Set());
+    }
+    const normalized = normalizeValue(item.value);
+    if (normalized.length >= 3) {
+      byCategory.get(category).add(normalized);
+    }
+  }
+  const samples = [];
+  for (const [category, values] of byCategory) {
+    const deduped = dedupeStrings([...values]);
+    categoryCounts[category] = deduped.length;
+    for (const value of deduped.slice(0, maxSamplesPerCategory)) {
+      samples.push({ kind: "text", value, category });
+    }
+  }
+  const featureFlags = evidence.filter((e) => e.kind === "feature_flag");
+  if (featureFlags.length > 0) {
+    categoryCounts["feature_flags"] = featureFlags.length;
+    samples.push({ kind: "feature_flag", value: "feature flags detected", category: "feature_flags" });
+  }
+  return {
+    samples,
+    categoryCounts,
+    originalCount: evidence.length,
+    dependencies,
+    routes,
+    detectedFrameworks: result.detectedFrameworks
+  };
+}
+function categorize(value) {
+  for (const { category, pattern } of CATEGORY_PATTERNS) {
+    if (pattern.test(value)) return category;
+  }
+  return "general";
+}
+function normalizeValue(value) {
+  return value.toLowerCase().replace(/[^a-z0-9\s-]/g, " ").replace(/\s+/g, " ").trim().slice(0, 60);
+}
+function dedupeStrings(values) {
+  const sorted = values.sort((a, b) => b.length - a.length);
+  const kept = [];
+  for (const value of sorted) {
+    const isDupe = kept.some((k) => {
+      const stem = value.slice(0, 6);
+      return k.startsWith(stem) || k.includes(value) || value.includes(k);
+    });
+    if (!isDupe) {
+      kept.push(value);
+    }
+  }
+  return kept;
+}
+function dedupeRoutes(routes) {
+  const seen = /* @__PURE__ */ new Set();
+  const result = [];
+  for (const route of routes) {
+    const normalized = route.replace(/:[a-z_]+/gi, ":param").replace(/\[\[*\.*\.*[a-z_]+\]*\]/gi, ":param").replace(/\/+$/, "").toLowerCase();
+    if (!seen.has(normalized)) {
+      seen.add(normalized);
+      result.push(route);
+    }
+  }
+  return result;
+}
+
+// src/utils/compact-artifact.ts
+var gzip2 = promisify(zlib.gzip);
+var MAX_ITEMS = 50;
+function extractName(entry) {
+  const match = entry.match(/^(.+?)\s*\(/);
+  return match ? match[1].trim() : entry.trim();
+}
+function compactDataStores(result) {
+  return {
+    databaseTechnologies: result.databaseTechnologies.slice(0, 10),
+    connectionStrings: [],
+    // Don't include connection strings in upload
+    connectionPoolSettings: result.connectionPoolSettings.slice(0, MAX_ITEMS),
+    replicationSettings: result.replicationSettings.slice(0, 20),
+    readReplicaSettings: result.readReplicaSettings.slice(0, 20),
+    failoverSettings: result.failoverSettings.slice(0, 20),
+    collationAndEncoding: result.collationAndEncoding.slice(0, 20),
+    queryTimeoutDefaults: result.queryTimeoutDefaults.slice(0, 20),
+    manualIndexes: result.manualIndexes.map(extractName).slice(0, MAX_ITEMS),
+    tables: result.tables.map(extractName).slice(0, MAX_ITEMS),
+    views: result.views.map(extractName).slice(0, MAX_ITEMS),
+    storedProcedures: result.storedProcedures.map(extractName).slice(0, MAX_ITEMS),
+    triggers: result.triggers.map(extractName).slice(0, MAX_ITEMS),
+    rowLevelSecurityPolicies: result.rowLevelSecurityPolicies.slice(0, 20),
+    otherServices: result.otherServices.slice(0, 20)
+  };
+}
+function compactApiSurface(result) {
+  const seenProviders = /* @__PURE__ */ new Set();
+  const uniqueIntegrations = result.integrations.filter((i) => {
+    const domain = i.provider.split(":")[0];
+    if (seenProviders.has(domain)) return false;
+    seenProviders.add(domain);
+    return true;
+  }).slice(0, MAX_ITEMS).map((i) => ({
+    provider: i.provider,
+    endpoint: "",
+    // Don't include full endpoints
+    version: i.version,
+    parameters: [],
+    // Don't include params
+    configOptions: [],
+    authHints: [],
+    files: []
+    // Don't include file paths
+  }));
+  return {
+    integrations: uniqueIntegrations,
+    openApiSpecifications: result.openApiSpecifications.slice(0, 10),
+    webhookUrls: result.webhookUrls.slice(0, 20),
+    callbackEndpoints: result.callbackEndpoints.slice(0, 20),
+    apiVersionPins: result.apiVersionPins.slice(0, 20),
+    tokenExpirationPolicies: result.tokenExpirationPolicies.slice(0, 20),
+    rateLimitOverrides: result.rateLimitOverrides.slice(0, 20),
+    customHeaders: result.customHeaders.slice(0, 20),
+    corsPolicies: result.corsPolicies.slice(0, 20),
+    oauthScopes: result.oauthScopes.slice(0, 20),
+    apiTokens: []
+    // Don't include token references
+  };
+}
+function compactAssetBranding(result) {
+  return {
+    faviconFiles: result.faviconFiles.slice(0, 1),
+    productLogos: []
+    // Don't include logos
+  };
+}
+function prepareArtifactForUpload(artifact) {
+  const compacted = { ...artifact };
+  if (compacted.extended) {
+    const ext = { ...compacted.extended };
+    if (ext.dataStores) {
+      ext.dataStores = compactDataStores(ext.dataStores);
+    }
+    if (ext.apiSurface) {
+      ext.apiSurface = compactApiSurface(ext.apiSurface);
+    }
+    if (ext.assetBranding) {
+      ext.assetBranding = compactAssetBranding(ext.assetBranding);
+    }
+    if (ext.uiPurpose) {
+      const compactedUi = compactUiPurpose(ext.uiPurpose);
+      ext.uiPurpose = {
+        enabled: ext.uiPurpose.enabled,
+        detectedFrameworks: compactedUi.detectedFrameworks,
+        evidenceCount: compactedUi.originalCount,
+        capped: ext.uiPurpose.capped,
+        topEvidence: [],
+        // Clear full evidence
+        unknownSignals: [],
+        // Add compacted data under extended properties
+        ...{ compacted: compactedUi }
+      };
+    }
+    if (ext.runtimeConfiguration) {
+      ext.runtimeConfiguration = {
+        ...ext.runtimeConfiguration,
+        environmentVariables: ext.runtimeConfiguration.environmentVariables.slice(0, 100),
+        hiddenConfigFiles: ext.runtimeConfiguration.hiddenConfigFiles.slice(0, MAX_ITEMS),
+        startupArguments: ext.runtimeConfiguration.startupArguments.slice(0, 100)
+      };
+    }
+    if (ext.operationalResilience) {
+      const ops = ext.operationalResilience;
+      ext.operationalResilience = {
+        implicitTimeouts: ops.implicitTimeouts.slice(0, 30),
+        defaultPaginationSize: ops.defaultPaginationSize.slice(0, 30),
+        implicitRetryLogic: ops.implicitRetryLogic.slice(0, 30),
+        defaultLocale: ops.defaultLocale.slice(0, 20),
+        defaultCurrency: ops.defaultCurrency.slice(0, 20),
+        implicitTimezone: ops.implicitTimezone.slice(0, 20),
+        defaultCharacterEncoding: ops.defaultCharacterEncoding.slice(0, 20),
+        sessionStores: ops.sessionStores.slice(0, 20),
+        distributedLocks: ops.distributedLocks.slice(0, 20),
+        jobSchedulers: ops.jobSchedulers.slice(0, 30),
+        idempotencyKeys: ops.idempotencyKeys.slice(0, 20),
+        rateLimitingCounters: ops.rateLimitingCounters.slice(0, 20),
+        circuitBreakerState: ops.circuitBreakerState.slice(0, 20),
+        abTestToggles: ops.abTestToggles.slice(0, 20),
+        regionalEnablementRules: ops.regionalEnablementRules.slice(0, 20),
+        betaAccessGroups: ops.betaAccessGroups.slice(0, 20),
+        licensingEnforcementLogic: ops.licensingEnforcementLogic.slice(0, 20),
+        killSwitches: ops.killSwitches.slice(0, 20),
+        connectorRetryLogic: ops.connectorRetryLogic.slice(0, 20),
+        apiPollingIntervals: ops.apiPollingIntervals.slice(0, 20),
+        fieldMappings: ops.fieldMappings.slice(0, 20),
+        schemaRegistryRules: ops.schemaRegistryRules.slice(0, 20),
+        deadLetterQueueBehavior: ops.deadLetterQueueBehavior.slice(0, 20),
+        dataMaskingRules: ops.dataMaskingRules.slice(0, 20),
+        transformationLogic: ops.transformationLogic.slice(0, 20),
+        timezoneHandling: ops.timezoneHandling.slice(0, 20),
+        encryptionSettings: ops.encryptionSettings.slice(0, 30),
+        hardcodedSecretSignals: ops.hardcodedSecretSignals.slice(0, 20)
+      };
+    }
+    if (ext.dependencyGraph) {
+      ext.dependencyGraph = {
+        ...ext.dependencyGraph,
+        phantomDependencies: ext.dependencyGraph.phantomDependencies.slice(0, MAX_ITEMS),
+        phantomDependencyDetails: ext.dependencyGraph.phantomDependencyDetails?.slice(0, MAX_ITEMS),
+        duplicatedPackages: ext.dependencyGraph.duplicatedPackages.slice(0, MAX_ITEMS)
+      };
+    }
+    compacted.extended = ext;
+  }
+  return compacted;
+}
+async function compressArtifact(artifact) {
+  const json = JSON.stringify(artifact);
+  return gzip2(json, { level: 9 });
+}
+async function prepareCompressedUpload2(artifact) {
+  const compacted = prepareArtifactForUpload(artifact);
+  const compressed = await compressArtifact(compacted);
+  return { body: compressed, contentEncoding: "gzip" };
+}
+
+// src/commands/push.ts
+function parseDsn2(dsn) {
+  const cleaned = dsn.replace(/[\x00-\x1F\x7F\uFEFF\u200B-\u200D\u2060]/g, "").trim();
+  const match = cleaned.match(/^vibgrate\+(https?):?\/\/([^:]+):([^@]+)@([^/]+)\/(.+)$/);
+  if (!match) return null;
+  return {
+    scheme: match[1],
+    keyId: match[2],
+    secret: match[3],
+    host: match[4],
+    workspaceId: match[5]
+  };
+}
+function computeHmac(body, secret) {
+  return crypto2.createHmac("sha256", secret).update(body).digest("base64");
+}
+var pushCommand = new Command5("push").description("Push scan results to Vibgrate API").option("--dsn <dsn>", "DSN token (or use VIBGRATE_DSN env)").option("--region <region>", "Override data residency region (us, eu)").option("--file <file>", "Scan artifact file", ".vibgrate/scan_result.json").option("--strict", "Fail on upload errors").action(async (opts) => {
+  const dsn = opts.dsn || process.env.VIBGRATE_DSN;
+  if (!dsn) {
+    console.error(chalk6.red("No DSN provided."));
+    console.error(chalk6.dim("Set VIBGRATE_DSN environment variable or use --dsn flag."));
+    if (opts.strict) process.exit(1);
+    return;
+  }
+  const parsed = parseDsn2(dsn);
+  if (!parsed) {
+    console.error(chalk6.red("Invalid DSN format."));
+    console.error(chalk6.dim("Expected: vibgrate+https://<key_id>:<secret>@<host>/<workspace_id>"));
+    if (opts.strict) process.exit(1);
+    return;
+  }
+  const filePath = path5.resolve(opts.file);
+  if (!await pathExists(filePath)) {
+    console.error(chalk6.red(`Scan artifact not found: ${filePath}`));
+    console.error(chalk6.dim('Run "vibgrate scan" first.'));
+    if (opts.strict) process.exit(1);
+    return;
+  }
+  const artifact = await readJsonFile(filePath);
+  const { body, contentEncoding } = await prepareCompressedUpload2(artifact);
+  const timestamp = String(Date.now());
+  let host = parsed.host;
+  if (opts.region) {
+    try {
+      host = resolveIngestHost(opts.region);
+    } catch (e) {
+      console.error(chalk6.red(e instanceof Error ? e.message : String(e)));
+      if (opts.strict) process.exit(1);
+      return;
+    }
+  }
+  const url = `${parsed.scheme}://${host}/v1/ingest/scan`;
+  const originalSize = JSON.stringify(artifact).length;
+  const compressedSize = body.length;
+  const ratio = ((1 - compressedSize / originalSize) * 100).toFixed(0);
+  console.log(chalk6.dim(`Uploading to ${host}... (${(compressedSize / 1024).toFixed(0)} KB, ${ratio}% smaller)`));
+  try {
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Content-Encoding": contentEncoding,
+        "X-Vibgrate-Timestamp": timestamp,
+        "Authorization": `VibgrateDSN ${parsed.keyId}:${parsed.secret}`,
+        "Connection": "close"
+        // Prevent keep-alive delays on exit
+      },
+      body
+    });
+    if (!response.ok) {
+      const text = await response.text();
+      throw new Error(`HTTP ${response.status}: ${text}`);
+    }
+    const result = await response.json();
+    console.log(chalk6.green("\u2714") + ` Scan queued for processing (${result.ingestId ?? "ok"})`);
+    console.log();
+    console.log(chalk6.dim("Processing continues in the background. Results available shortly."));
+    console.log();
+    if (result.ingestId) {
+      const dashHost = host.includes("eu.") ? "dash.vibgrate.eu" : "dash.vibgrate.com";
+      const reportUrl = `https://${dashHost}/${parsed.workspaceId}/scan/${result.ingestId}`;
+      console.log(chalk6.dim("View report: ") + chalk6.underline(reportUrl));
+    }
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    console.error(chalk6.red(`Upload failed: ${msg}`));
+    if (opts.strict) process.exit(1);
+  }
+});
+
 // src/commands/update.ts
 import { execSync } from "child_process";
-import * as path4 from "path";
-import { Command as Command3 } from "commander";
-import chalk3 from "chalk";
+import * as path7 from "path";
+import { Command as Command6 } from "commander";
+import chalk7 from "chalk";
 
 // src/utils/update-check.ts
+var import_semver = __toESM(require_semver(), 1);
 import * as fs from "fs/promises";
-import * as path3 from "path";
+import * as path6 from "path";
 import * as os from "os";
-import semver from "semver";
 var REGISTRY_URL = "https://registry.npmjs.org/@vibgrate%2fcli/latest";
-var CACHE_DIR = path3.join(os.homedir(), ".vibgrate");
-var CACHE_FILE = path3.join(CACHE_DIR, "update-check.json");
+var CACHE_DIR = path6.join(os.homedir(), ".vibgrate");
+var CACHE_FILE = path6.join(CACHE_DIR, "update-check.json");
 var CHECK_INTERVAL_MS = 12 * 60 * 60 * 1e3;
 async function checkForUpdate() {
   try {
@@ -100,7 +1475,7 @@ async function checkForUpdate() {
       return {
         current: VERSION,
         latest: cached.latest,
-        updateAvailable: semver.gt(cached.latest, VERSION)
+        updateAvailable: import_semver.default.gt(cached.latest, VERSION)
       };
     }
     const controller = new AbortController();
@@ -118,12 +1493,12 @@ async function checkForUpdate() {
     if (!response.ok) return null;
     const data = await response.json();
     const latest = data.version;
-    if (!latest || !semver.valid(latest)) return null;
+    if (!latest || !import_semver.default.valid(latest)) return null;
     await writeCache({ latest, checkedAt: Date.now() });
     return {
       current: VERSION,
       latest,
-      updateAvailable: semver.gt(latest, VERSION)
+      updateAvailable: import_semver.default.gt(latest, VERSION)
     };
   } catch {
     return null;
@@ -146,7 +1521,7 @@ async function fetchLatestVersion() {
     if (!response.ok) return null;
     const data = await response.json();
     const latest = data.version;
-    if (!latest || !semver.valid(latest)) return null;
+    if (!latest || !import_semver.default.valid(latest)) return null;
     await writeCache({ latest, checkedAt: Date.now() });
     return latest;
   } catch {
@@ -184,8 +1559,8 @@ function detectGlobalInstall() {
   }
   return null;
 }
-function getGlobalUpdateCommand(pm, pkg, version) {
-  const spec = `${pkg}@${version}`;
+function getGlobalUpdateCommand(pm, pkg2, version) {
+  const spec = `${pkg2}@${version}`;
   switch (pm) {
     case "pnpm":
       return `pnpm add -g ${spec}`;
@@ -199,13 +1574,13 @@ function getGlobalUpdateCommand(pm, pkg, version) {
   }
 }
 async function detectPackageManager(cwd) {
-  if (await pathExists(path4.join(cwd, "pnpm-lock.yaml"))) return "pnpm";
-  if (await pathExists(path4.join(cwd, "bun.lockb"))) return "bun";
-  if (await pathExists(path4.join(cwd, "yarn.lock"))) return "yarn";
+  if (await pathExists(path7.join(cwd, "pnpm-lock.yaml"))) return "pnpm";
+  if (await pathExists(path7.join(cwd, "bun.lockb"))) return "bun";
+  if (await pathExists(path7.join(cwd, "yarn.lock"))) return "yarn";
   return "npm";
 }
-function getInstallCommand(pm, pkg, version, isDev) {
-  const spec = `${pkg}@${version}`;
+function getInstallCommand(pm, pkg2, version, isDev) {
+  const spec = `${pkg2}@${version}`;
   switch (pm) {
     case "pnpm":
       return isDev ? `pnpm add -D ${spec}` : `pnpm add ${spec}`;
@@ -220,30 +1595,30 @@ function getInstallCommand(pm, pkg, version, isDev) {
 }
 async function isDevDependency(cwd) {
   try {
-    const pkgPath = path4.join(cwd, "package.json");
+    const pkgPath = path7.join(cwd, "package.json");
     const raw = await (await import("fs/promises")).readFile(pkgPath, "utf-8");
-    const pkg = JSON.parse(raw);
-    return Boolean(pkg.devDependencies?.["@vibgrate/cli"]);
+    const pkg2 = JSON.parse(raw);
+    return Boolean(pkg2.devDependencies?.["@vibgrate/cli"]);
   } catch {
     return true;
   }
 }
-var updateCommand = new Command3("update").description("Update vibgrate to the latest version").option("--check", "Only check for updates, do not install").option("--pm <manager>", "Package manager to use (npm, pnpm, yarn, bun)").option("--global", "Update global installation").action(async (opts) => {
-  console.log(chalk3.dim(`Current version: ${VERSION}`));
-  console.log(chalk3.dim("Checking npm registry..."));
+var updateCommand = new Command6("update").description("Update vibgrate to the latest version").option("--check", "Only check for updates, do not install").option("--pm <manager>", "Package manager to use (npm, pnpm, yarn, bun)").option("--global", "Update global installation").action(async (opts) => {
+  console.log(chalk7.dim(`Current version: ${VERSION}`));
+  console.log(chalk7.dim("Checking npm registry..."));
   const latest = await fetchLatestVersion();
   if (!latest) {
-    console.error(chalk3.red("Could not reach the npm registry. Check your network connection."));
+    console.error(chalk7.red("Could not reach the npm registry. Check your network connection."));
     process.exit(1);
   }
-  const semver2 = await import("semver");
+  const semver2 = await import("./semver-JBJZTHUX.js");
   if (!semver2.gt(latest, VERSION)) {
-    console.log(chalk3.green("\u2714") + ` You are on the latest version (${VERSION}).`);
+    console.log(chalk7.green("\u2714") + ` You are on the latest version (${VERSION}).`);
     return;
   }
-  console.log(chalk3.yellow(`Update available: ${VERSION} \u2192 ${latest}`));
+  console.log(chalk7.yellow(`Update available: ${VERSION} \u2192 ${latest}`));
   if (opts.check) {
-    console.log(chalk3.dim('Run "vibgrate update" to install.'));
+    console.log(chalk7.dim('Run "vibgrate update" to install.'));
     return;
   }
   const cwd = process.cwd();
@@ -253,26 +1628,26 @@ var updateCommand = new Command3("update").description("Update vibgrate to the l
   let cmd;
   if (isGlobal) {
     cmd = getGlobalUpdateCommand(pm, "@vibgrate/cli", latest);
-    console.log(chalk3.dim(`Updating global installation with ${pm}: ${cmd}`));
+    console.log(chalk7.dim(`Updating global installation with ${pm}: ${cmd}`));
   } else {
     const isDev = await isDevDependency(cwd);
     cmd = getInstallCommand(pm, "@vibgrate/cli", latest, isDev);
-    console.log(chalk3.dim(`Using ${pm}: ${cmd}`));
+    console.log(chalk7.dim(`Using ${pm}: ${cmd}`));
   }
   try {
     execSync(cmd, { cwd, stdio: "inherit" });
-    console.log(chalk3.green("\u2714") + ` Updated to @vibgrate/cli@${latest}`);
+    console.log(chalk7.green("\u2714") + ` Updated to @vibgrate/cli@${latest}`);
   } catch {
-    console.error(chalk3.red(`Update failed. Run manually: ${cmd}`));
+    console.error(chalk7.red(`Update failed. Run manually: ${cmd}`));
     process.exit(1);
   }
 });
 
 // src/commands/sbom.ts
-import * as path5 from "path";
+import * as path8 from "path";
 import { randomUUID } from "crypto";
-import { Command as Command4 } from "commander";
-import chalk4 from "chalk";
+import { Command as Command7 } from "commander";
+import chalk8 from "chalk";
 function flattenDependencies(artifact) {
   const rows = [];
   for (const project of artifact.projects) {
@@ -410,50 +1785,50 @@ function formatDeltaText(base, current) {
   return lines.join("\n");
 }
 async function readArtifactOrExit(filePath) {
-  const absolutePath = path5.resolve(filePath);
+  const absolutePath = path8.resolve(filePath);
   if (!await pathExists(absolutePath)) {
-    console.error(chalk4.red(`Artifact not found: ${absolutePath}`));
+    console.error(chalk8.red(`Artifact not found: ${absolutePath}`));
     process.exit(1);
   }
   return readJsonFile(absolutePath);
 }
-var exportCommand = new Command4("export").description("Export scan artifact as SBOM").option("--in <file>", "Input artifact file", ".vibgrate/scan_result.json").option("--out <file>", "Output SBOM file").option("--format <format>", "SBOM format (cyclonedx|spdx)", "cyclonedx").action(async (opts) => {
+var exportCommand = new Command7("export").description("Export scan artifact as SBOM").option("--in <file>", "Input artifact file", ".vibgrate/scan_result.json").option("--out <file>", "Output SBOM file").option("--format <format>", "SBOM format (cyclonedx|spdx)", "cyclonedx").action(async (opts) => {
   const artifact = await readArtifactOrExit(opts.in);
   const format = opts.format.toLowerCase();
   if (format !== "cyclonedx" && format !== "spdx") {
-    console.error(chalk4.red("Invalid SBOM format. Use cyclonedx or spdx."));
+    console.error(chalk8.red("Invalid SBOM format. Use cyclonedx or spdx."));
     process.exit(1);
   }
   const sbom = format === "cyclonedx" ? toCycloneDx(artifact) : toSpdx(artifact);
   const body = JSON.stringify(sbom, null, 2);
   if (opts.out) {
-    await writeTextFile(path5.resolve(opts.out), body);
-    console.log(chalk4.green("\u2714") + ` SBOM written to ${opts.out}`);
+    await writeTextFile(path8.resolve(opts.out), body);
+    console.log(chalk8.green("\u2714") + ` SBOM written to ${opts.out}`);
   } else {
     console.log(body);
   }
 });
-var deltaCommand = new Command4("delta").description("Show SBOM delta between two scan artifacts").requiredOption("--from <file>", "Baseline scan artifact path").requiredOption("--to <file>", "Current scan artifact path").option("--out <file>", "Write report to file").action(async (opts) => {
+var deltaCommand = new Command7("delta").description("Show SBOM delta between two scan artifacts").requiredOption("--from <file>", "Baseline scan artifact path").requiredOption("--to <file>", "Current scan artifact path").option("--out <file>", "Write report to file").action(async (opts) => {
   const base = await readArtifactOrExit(opts.from);
   const current = await readArtifactOrExit(opts.to);
   const report = formatDeltaText(base, current);
   if (opts.out) {
-    await writeTextFile(path5.resolve(opts.out), report);
-    console.log(chalk4.green("\u2714") + ` SBOM delta report written to ${opts.out}`);
+    await writeTextFile(path8.resolve(opts.out), report);
+    console.log(chalk8.green("\u2714") + ` SBOM delta report written to ${opts.out}`);
   } else {
     console.log(report);
   }
 });
-var sbomCommand = new Command4("sbom").description("SBOM export and delta reports for dependency drift tracking").addCommand(exportCommand).addCommand(deltaCommand);
+var sbomCommand = new Command7("sbom").description("SBOM export and delta reports for dependency drift tracking").addCommand(exportCommand).addCommand(deltaCommand);
 
 // src/commands/extract.ts
-import * as path6 from "path";
+import * as path9 from "path";
 import * as os2 from "os";
 import * as fs2 from "fs/promises";
 import { existsSync } from "fs";
 import { spawn, spawnSync } from "child_process";
-import { Command as Command5 } from "commander";
-import chalk5 from "chalk";
+import { Command as Command8 } from "commander";
+import chalk9 from "chalk";
 var EXIT_SUCCESS = 0;
 var EXIT_SCHEMA_FAILURE = 1;
 var EXIT_PARSE_FAILURE = 2;
@@ -543,8 +1918,8 @@ async function detectLanguages(rootDir, includeTests) {
     }
     for (const entry of entries) {
       if (entry.name.startsWith(".")) continue;
-      const absPath = path6.join(dir, entry.name);
-      const relPath = path6.join(relBase, entry.name);
+      const absPath = path9.join(dir, entry.name);
+      const relPath = path9.join(relBase, entry.name);
       if (entry.isDirectory()) {
         if (!SKIP_DIRS.has(entry.name)) {
           await walk(absPath, relPath);
@@ -553,7 +1928,7 @@ async function detectLanguages(rootDir, includeTests) {
       }
       if (!entry.isFile()) continue;
       if (!includeTests && isTestPath(relPath)) continue;
-      const ext = path6.extname(entry.name).toLowerCase();
+      const ext = path9.extname(entry.name).toLowerCase();
       for (const [lang, exts] of Object.entries(LANGUAGE_EXTENSIONS)) {
         if (exts.has(ext)) {
           counts.set(lang, (counts.get(lang) ?? 0) + 1);
@@ -629,10 +2004,10 @@ function splitHcsOutput(lines) {
   return { preamble, facts };
 }
 function resolveHcsWorkerBin() {
-  const base = import.meta.dirname ?? path6.dirname(new URL(import.meta.url).pathname);
-  const bundledPath = path6.resolve(base, "..", "dist", "hcs-worker.js");
+  const base = import.meta.dirname ?? path9.dirname(new URL(import.meta.url).pathname);
+  const bundledPath = path9.resolve(base, "..", "dist", "hcs-worker.js");
   if (existsSync(bundledPath)) return bundledPath;
-  const siblingPath = path6.resolve(base, "hcs-worker.js");
+  const siblingPath = path9.resolve(base, "hcs-worker.js");
   if (existsSync(siblingPath)) return siblingPath;
   try {
     const resolved = import.meta.resolve("@vibgrate/hcs-node-worker");
@@ -640,9 +2015,9 @@ function resolveHcsWorkerBin() {
     if (existsSync(resolvedPath)) return resolvedPath;
   } catch {
   }
-  const monorepoPath = path6.resolve(base, "..", "..", "..", "vibgrate-hcs", "node", "dist", "main.js");
+  const monorepoPath = path9.resolve(base, "..", "..", "..", "vibgrate-hcs", "node", "dist", "main.js");
   if (existsSync(monorepoPath)) return monorepoPath;
-  const devPath = path6.resolve(base, "..", "..", "..", "vibgrate-hcs", "node", "src", "main.ts");
+  const devPath = path9.resolve(base, "..", "..", "..", "vibgrate-hcs", "node", "src", "main.ts");
   if (existsSync(devPath)) return devPath;
   throw new Error(
     'Cannot locate HCS worker. Run "pnpm build" in the CLI package to bundle the worker into dist/.'
@@ -745,7 +2120,7 @@ async function runNodeWorker(rootDir, language, opts) {
       args.push("--cobol-copybook-paths", opts.copybookPaths);
     }
   }
-  return new Promise((resolve6) => {
+  return new Promise((resolve9) => {
     const facts = [];
     const errors = [];
     let stdoutBuf = "";
@@ -782,7 +2157,7 @@ async function runNodeWorker(rootDir, language, opts) {
           continue;
         }
         if (opts.verbose) {
-          process.stderr.write(chalk5.dim(`[${language}] ${trimmed}
+          process.stderr.write(chalk9.dim(`[${language}] ${trimmed}
 `));
         }
         if (trimmed.startsWith("[error]")) {
@@ -796,15 +2171,15 @@ async function runNodeWorker(rootDir, language, opts) {
         facts.push(stdoutBuf.trim());
       }
       if (killed) {
-        resolve6({ language, facts, errors: ["Worker killed: timeout exceeded"], exitCode: EXIT_TIMEOUT });
+        resolve9({ language, facts, errors: ["Worker killed: timeout exceeded"], exitCode: EXIT_TIMEOUT });
       } else {
-        resolve6({ language, facts, errors, exitCode: code ?? 0 });
+        resolve9({ language, facts, errors, exitCode: code ?? 0 });
       }
     });
     child.on("error", (err) => {
       clearTimeout(timer);
       errors.push(`Failed to spawn worker: ${err.message}`);
-      resolve6({ language, facts, errors, exitCode: EXIT_PARSE_FAILURE });
+      resolve9({ language, facts, errors, exitCode: EXIT_PARSE_FAILURE });
     });
   });
 }
@@ -824,7 +2199,7 @@ function resolveDotnetPublishedWorker(workersDir) {
   };
   const candidates = candidatesByPlatform[process.platform] ?? [];
   for (const filename of candidates) {
-    const fullPath = path6.join(workersDir, filename);
+    const fullPath = path9.join(workersDir, filename);
     if (existsSync(fullPath)) {
       return fullPath;
     }
@@ -832,30 +2207,30 @@ function resolveDotnetPublishedWorker(workersDir) {
   return null;
 }
 function resolveNativeWorker(language, projectDir) {
-  const base = import.meta.dirname ?? path6.dirname(new URL(import.meta.url).pathname);
-  const hcsFromBundle = path6.resolve(base, "..", "..", "vibgrate-hcs");
-  const hcsFromSrc = path6.resolve(base, "..", "..", "..", "vibgrate-hcs");
+  const base = import.meta.dirname ?? path9.dirname(new URL(import.meta.url).pathname);
+  const hcsFromBundle = path9.resolve(base, "..", "..", "vibgrate-hcs");
+  const hcsFromSrc = path9.resolve(base, "..", "..", "..", "vibgrate-hcs");
   const hcsRoot = existsSync(hcsFromBundle) ? hcsFromBundle : hcsFromSrc;
-  const workersDir = path6.resolve(base, "workers");
+  const workersDir = path9.resolve(base, "workers");
   switch (language) {
     case "go": {
-      const bin = path6.join(workersDir, process.platform === "win32" ? "vibgrate-hcs-go.exe" : "vibgrate-hcs-go");
+      const bin = path9.join(workersDir, process.platform === "win32" ? "vibgrate-hcs-go.exe" : "vibgrate-hcs-go");
       if (existsSync(bin)) {
         return { cmd: bin, args: ["--project", projectDir, "--output", "ndjson"] };
       }
-      const src = path6.join(hcsRoot, "go");
-      if (existsSync(path6.join(src, "main.go"))) {
+      const src = path9.join(hcsRoot, "go");
+      if (existsSync(path9.join(src, "main.go"))) {
         return { cmd: "go", args: ["run", ".", "--project", projectDir, "--output", "ndjson"], cwd: src };
       }
       return null;
     }
     case "python": {
-      const bin = path6.join(workersDir, "vibgrate-hcs-python");
+      const bin = path9.join(workersDir, "vibgrate-hcs-python");
       if (existsSync(bin)) {
         return { cmd: bin, args: ["--project", projectDir, "--output", "ndjson"] };
       }
-      const src = path6.join(hcsRoot, "python");
-      if (existsSync(path6.join(src, "pyproject.toml"))) {
+      const src = path9.join(hcsRoot, "python");
+      if (existsSync(path9.join(src, "pyproject.toml"))) {
         return {
           cmd: "python3",
           args: ["-m", "vibgrate_hcs_python.main", "--project", projectDir, "--output", "ndjson"],
@@ -865,13 +2240,13 @@ function resolveNativeWorker(language, projectDir) {
       return null;
     }
     case "java": {
-      const jar = path6.join(workersDir, "vibgrate-hcs-jvm.jar");
+      const jar = path9.join(workersDir, "vibgrate-hcs-jvm.jar");
       if (existsSync(jar)) {
         return { cmd: "java", args: ["-jar", jar, "--project", projectDir, "--output", "ndjson"] };
       }
-      const src = path6.join(hcsRoot, "jvm");
-      if (existsSync(path6.join(src, "build.gradle.kts"))) {
-        const gradlew = path6.join(src, process.platform === "win32" ? "gradlew.bat" : "gradlew");
+      const src = path9.join(hcsRoot, "jvm");
+      if (existsSync(path9.join(src, "build.gradle.kts"))) {
+        const gradlew = path9.join(src, process.platform === "win32" ? "gradlew.bat" : "gradlew");
         const launcher = existsSync(gradlew) ? gradlew : "gradle";
         return {
           cmd: launcher,
@@ -887,11 +2262,11 @@ function resolveNativeWorker(language, projectDir) {
       if (publishedWorker) {
         return { cmd: publishedWorker, args: ["--project", projectDir, "--output", "ndjson"] };
       }
-      const dll = path6.join(workersDir, "VibgrateHcsWorker.dll");
+      const dll = path9.join(workersDir, "VibgrateHcsWorker.dll");
       if (existsSync(dll)) {
         return { cmd: "dotnet", args: [dll, "--project", projectDir, "--output", "ndjson"] };
       }
-      const csproj = path6.join(hcsRoot, "dotnet", "src", "VibgrateHcsWorker", "VibgrateHcsWorker.csproj");
+      const csproj = path9.join(hcsRoot, "dotnet", "src", "VibgrateHcsWorker", "VibgrateHcsWorker.csproj");
       if (existsSync(csproj)) {
         return {
           cmd: "dotnet",
@@ -917,19 +2292,19 @@ async function runNativeWorker(rootDir, language, opts) {
       exitCode: EXIT_PARSE_FAILURE
     };
   }
-  return new Promise((resolve6) => {
+  return new Promise((resolve9) => {
     const facts = [];
     const errors = [];
     let stdoutBuf = "";
     let killed = false;
     if (opts.verbose) {
-      process.stderr.write(chalk5.dim(`[${language}] Spawning: ${spec.cmd} ${spec.args.join(" ")}
+      process.stderr.write(chalk9.dim(`[${language}] Spawning: ${spec.cmd} ${spec.args.join(" ")}
 `));
     }
     const runtimeReq = NATIVE_RUNTIME_REQUIREMENTS[language];
     const usesPathCommand = runtimeReq && spec.cmd === runtimeReq.command;
     if (usesPathCommand && !commandExistsOnPath(spec.cmd)) {
-      resolve6({
+      resolve9({
         language,
         facts: [],
         errors: [
@@ -964,7 +2339,7 @@ async function runNativeWorker(rootDir, language, opts) {
         const trimmed = line.trim();
         if (!trimmed) continue;
         if (opts.verbose) {
-          process.stderr.write(chalk5.dim(`[${language}] ${trimmed}
+          process.stderr.write(chalk9.dim(`[${language}] ${trimmed}
 `));
         }
         if (trimmed.startsWith("[error]")) {
@@ -976,9 +2351,9 @@ async function runNativeWorker(rootDir, language, opts) {
       clearTimeout(timer);
       if (stdoutBuf.trim()) facts.push(stdoutBuf.trim());
       if (killed) {
-        resolve6({ language, facts, errors: ["Worker killed: timeout exceeded"], exitCode: EXIT_TIMEOUT });
+        resolve9({ language, facts, errors: ["Worker killed: timeout exceeded"], exitCode: EXIT_TIMEOUT });
       } else {
-        resolve6({ language, facts, errors, exitCode: code ?? 0 });
+        resolve9({ language, facts, errors, exitCode: code ?? 0 });
       }
     });
     child.on("error", (err) => {
@@ -987,21 +2362,21 @@ async function runNativeWorker(rootDir, language, opts) {
       errors.push(
         isNotFound ? `[error] '${spec.cmd}' not found. ${buildNativeInstallHint(language)}` : `[error] Failed to spawn native worker: ${err.message}`
       );
-      resolve6({ language, facts, errors, exitCode: EXIT_PARSE_FAILURE });
+      resolve9({ language, facts, errors, exitCode: EXIT_PARSE_FAILURE });
     });
   });
 }
 async function pushFacts(facts, dsn, verbose) {
-  const parsed = parseDsn(dsn);
+  const parsed = parseDsn2(dsn);
   if (!parsed) {
-    process.stderr.write(chalk5.red("Invalid DSN format.\n"));
-    process.stderr.write(chalk5.dim("Expected: vibgrate+https://<key_id>:<secret>@<host>/<workspace_id>\n"));
+    process.stderr.write(chalk9.red("Invalid DSN format.\n"));
+    process.stderr.write(chalk9.dim("Expected: vibgrate+https://<key_id>:<secret>@<host>/<workspace_id>\n"));
     return false;
   }
   const body = facts.join("\n") + "\n";
   const url = `${parsed.scheme}://${parsed.host}/v1/ingest/hcs`;
   if (verbose) {
-    process.stderr.write(chalk5.dim(`Pushing ${facts.length} facts to ${parsed.host}...
+    process.stderr.write(chalk9.dim(`Pushing ${facts.length} facts to ${parsed.host}...
 `));
   }
   try {
@@ -1019,17 +2394,17 @@ async function pushFacts(facts, dsn, verbose) {
     });
     if (!response.ok) {
       const text = await response.text().catch(() => "");
-      process.stderr.write(chalk5.red(`Push failed: HTTP ${response.status} ${text}
+      process.stderr.write(chalk9.red(`Push failed: HTTP ${response.status} ${text}
 `));
       return false;
     }
     if (verbose) {
-      process.stderr.write(chalk5.green(`\u2714 Pushed ${facts.length} facts successfully
+      process.stderr.write(chalk9.green(`\u2714 Pushed ${facts.length} facts successfully
 `));
     }
     return true;
   } catch (err) {
-    process.stderr.write(chalk5.red(`Push failed: ${err instanceof Error ? err.message : String(err)}
+    process.stderr.write(chalk9.red(`Push failed: ${err instanceof Error ? err.message : String(err)}
 `));
     return false;
   }
@@ -1096,21 +2471,21 @@ var ProgressTracker = class {
     const parts = [];
     for (const [lang, st] of this.langStatus) {
       if (st.done) {
-        parts.push(chalk5.green(`${lang} \u2713`));
+        parts.push(chalk9.green(`${lang} \u2713`));
       } else if (st.phase === "waiting") {
-        parts.push(chalk5.dim(`${lang} \xB7`));
+        parts.push(chalk9.dim(`${lang} \xB7`));
       } else if (st.phase === "discovering") {
-        parts.push(chalk5.yellow(`${lang} \u2026`));
+        parts.push(chalk9.yellow(`${lang} \u2026`));
       } else if (st.phase === "scanning" && st.fileCount > 0) {
         const pct = Math.round(st.fileIndex / st.fileCount * 100);
-        parts.push(chalk5.cyan(`${lang} ${st.fileIndex}/${st.fileCount} ${pct}%`));
+        parts.push(chalk9.cyan(`${lang} ${st.fileIndex}/${st.fileCount} ${pct}%`));
       } else if (st.phase === "extracting") {
-        parts.push(chalk5.cyan(`${lang} extracting`));
+        parts.push(chalk9.cyan(`${lang} extracting`));
       } else {
-        parts.push(chalk5.dim(`${lang} ${st.phase}`));
+        parts.push(chalk9.dim(`${lang} ${st.phase}`));
       }
     }
-    const line = `  ${parts.join("  ")}  ${chalk5.dim(`${this.totalFacts} facts`)}`;
+    const line = `  ${parts.join("  ")}  ${chalk9.dim(`${this.totalFacts} facts`)}`;
     const padding = Math.max(0, this.lastLineLen - line.length);
     process.stderr.write(`\r${line}${" ".repeat(padding)}`);
     this.lastLineLen = line.length;
@@ -1122,10 +2497,10 @@ var ProgressTracker = class {
     }
   }
 };
-var extractCommand = new Command5("extract").description("Analyze source code and emit validated HCS facts (NDJSON)").argument("[path]", "Path to source directory", ".").option("-o, --out <file>", "Write NDJSON to file (default: stdout)").option("--language <langs>", "Comma-separated languages to analyze (default: auto-detect)").option("--include-tests", "Include test files in analysis").option("--push", "Stream validated facts to dashboard API").option("--dsn <dsn>", "DSN token for push (or use VIBGRATE_DSN env)").option("--concurrency <n>", "Number of parallel file workers").option("--timeout-mins <mins>", "Total analysis timeout in minutes", "60").option("--feedback <file>", "Load NDJSON diff artifact for refinement").option("--verbose", "Print worker stderr and summary statistics").action(async (targetPath, opts) => {
-  const rootDir = path6.resolve(targetPath);
+var extractCommand = new Command8("extract").description("Analyze source code and emit validated HCS facts (NDJSON)").argument("[path]", "Path to source directory", ".").option("-o, --out <file>", "Write NDJSON to file (default: stdout)").option("--language <langs>", "Comma-separated languages to analyze (default: auto-detect)").option("--include-tests", "Include test files in analysis").option("--push", "Stream validated facts to dashboard API").option("--dsn <dsn>", "DSN token for push (or use VIBGRATE_DSN env)").option("--concurrency <n>", "Number of parallel file workers").option("--timeout-mins <mins>", "Total analysis timeout in minutes", "60").option("--feedback <file>", "Load NDJSON diff artifact for refinement").option("--verbose", "Print worker stderr and summary statistics").action(async (targetPath, opts) => {
+  const rootDir = path9.resolve(targetPath);
   if (!await pathExists(rootDir)) {
-    process.stderr.write(chalk5.red(`Path does not exist: ${rootDir}
+    process.stderr.write(chalk9.red(`Path does not exist: ${rootDir}
 `));
     process.exit(EXIT_USAGE_ERROR);
   }
@@ -1133,47 +2508,47 @@ var extractCommand = new Command5("extract").description("Analyze source code an
   try {
     stat3 = await fs2.stat(rootDir);
   } catch {
-    process.stderr.write(chalk5.red(`Cannot read path: ${rootDir}
+    process.stderr.write(chalk9.red(`Cannot read path: ${rootDir}
 `));
     process.exit(EXIT_USAGE_ERROR);
   }
   if (!stat3.isDirectory()) {
-    process.stderr.write(chalk5.red(`Path must be a directory: ${rootDir}
+    process.stderr.write(chalk9.red(`Path must be a directory: ${rootDir}
 `));
     process.exit(EXIT_USAGE_ERROR);
   }
   const dsn = opts.dsn || process.env.VIBGRATE_DSN;
   if (opts.push && !dsn) {
-    process.stderr.write(chalk5.red("--push requires --dsn or VIBGRATE_DSN environment variable\n"));
+    process.stderr.write(chalk9.red("--push requires --dsn or VIBGRATE_DSN environment variable\n"));
     process.exit(EXIT_USAGE_ERROR);
   }
-  if (dsn && !parseDsn(dsn)) {
-    process.stderr.write(chalk5.red("Invalid DSN format.\n"));
-    process.stderr.write(chalk5.dim("Expected: vibgrate+https://<key_id>:<secret>@<host>/<workspace_id>\n"));
+  if (dsn && !parseDsn2(dsn)) {
+    process.stderr.write(chalk9.red("Invalid DSN format.\n"));
+    process.stderr.write(chalk9.dim("Expected: vibgrate+https://<key_id>:<secret>@<host>/<workspace_id>\n"));
     process.exit(EXIT_USAGE_ERROR);
   }
   const concurrency = opts.concurrency ? parseInt(opts.concurrency, 10) : os2.cpus().length;
   if (isNaN(concurrency) || concurrency < 1) {
-    process.stderr.write(chalk5.red("--concurrency must be >= 1\n"));
+    process.stderr.write(chalk9.red("--concurrency must be >= 1\n"));
     process.exit(EXIT_USAGE_ERROR);
   }
   const timeoutMins = parseInt(opts.timeoutMins, 10);
   if (isNaN(timeoutMins) || timeoutMins < 1) {
-    process.stderr.write(chalk5.red("--timeout-mins must be >= 1\n"));
+    process.stderr.write(chalk9.red("--timeout-mins must be >= 1\n"));
     process.exit(EXIT_USAGE_ERROR);
   }
   const timeoutMs = timeoutMins * 60 * 1e3;
   if (opts.out) {
-    const outDir = path6.dirname(path6.resolve(opts.out));
+    const outDir = path9.dirname(path9.resolve(opts.out));
     if (!await pathExists(outDir)) {
-      process.stderr.write(chalk5.red(`Output directory does not exist: ${outDir}
+      process.stderr.write(chalk9.red(`Output directory does not exist: ${outDir}
 `));
       process.exit(EXIT_USAGE_ERROR);
     }
     try {
-      const outStat = await fs2.stat(path6.resolve(opts.out));
+      const outStat = await fs2.stat(path9.resolve(opts.out));
       if (outStat.isDirectory()) {
-        process.stderr.write(chalk5.red(`--out cannot be a directory: ${opts.out}
+        process.stderr.write(chalk9.red(`--out cannot be a directory: ${opts.out}
 `));
         process.exit(EXIT_USAGE_ERROR);
       }
@@ -1182,16 +2557,16 @@ var extractCommand = new Command5("extract").description("Analyze source code an
   }
   let feedbackLines;
   if (opts.feedback) {
-    const feedbackPath = path6.resolve(opts.feedback);
+    const feedbackPath = path9.resolve(opts.feedback);
     if (!await pathExists(feedbackPath)) {
-      process.stderr.write(chalk5.red(`Feedback file not found: ${feedbackPath}
+      process.stderr.write(chalk9.red(`Feedback file not found: ${feedbackPath}
 `));
       process.exit(EXIT_USAGE_ERROR);
     }
     try {
       feedbackLines = await loadFeedback(feedbackPath);
     } catch (err) {
-      process.stderr.write(chalk5.red(`Invalid feedback file: ${err instanceof Error ? err.message : String(err)}
+      process.stderr.write(chalk9.red(`Invalid feedback file: ${err instanceof Error ? err.message : String(err)}
 `));
       process.exit(EXIT_USAGE_ERROR);
     }
@@ -1201,9 +2576,9 @@ var extractCommand = new Command5("extract").description("Analyze source code an
     targetLanguages = opts.language.split(",").map((l) => normalizeLanguageToken(l)).filter(Boolean);
     for (const lang of targetLanguages) {
       if (!SUPPORTED_LANGUAGES.has(lang)) {
-        process.stderr.write(chalk5.red(`Unknown language: "${lang}"
+        process.stderr.write(chalk9.red(`Unknown language: "${lang}"
 `));
-        process.stderr.write(chalk5.dim(`Supported: ${[...SUPPORTED_LANGUAGES].sort().join(", ")}
+        process.stderr.write(chalk9.dim(`Supported: ${[...SUPPORTED_LANGUAGES].sort().join(", ")}
 `));
         process.exit(EXIT_USAGE_ERROR);
       }
@@ -1211,14 +2586,14 @@ var extractCommand = new Command5("extract").description("Analyze source code an
   } else {
     const detected = await detectLanguages(rootDir, opts.includeTests ?? false);
     if (detected.length === 0) {
-      process.stderr.write(chalk5.yellow("No supported source files detected.\n"));
+      process.stderr.write(chalk9.yellow("No supported source files detected.\n"));
       process.exit(EXIT_SUCCESS);
     }
     targetLanguages = detected.map((d) => d.language);
     if (opts.verbose) {
-      process.stderr.write(chalk5.dim("Detected languages:\n"));
+      process.stderr.write(chalk9.dim("Detected languages:\n"));
       for (const d of detected) {
-        process.stderr.write(chalk5.dim(`  ${d.language}: ${d.fileCount} files
+        process.stderr.write(chalk9.dim(`  ${d.language}: ${d.fileCount} files
 `));
       }
     }
@@ -1226,20 +2601,20 @@ var extractCommand = new Command5("extract").description("Analyze source code an
   const runnableLanguages = targetLanguages.filter((l) => ALL_WORKER_LANGS.has(l));
   const unknownWorkerLangs = targetLanguages.filter((l) => !ALL_WORKER_LANGS.has(l));
   if (unknownWorkerLangs.length > 0 && opts.verbose) {
-    process.stderr.write(chalk5.dim(
+    process.stderr.write(chalk9.dim(
       `No worker registered for: ${unknownWorkerLangs.join(", ")} \u2014 skipping.
 `
     ));
   }
   if (runnableLanguages.length === 0) {
-    process.stderr.write(chalk5.yellow("No languages with available HCS workers found.\n"));
+    process.stderr.write(chalk9.yellow("No languages with available HCS workers found.\n"));
     process.exit(EXIT_SUCCESS);
   }
   const startTime = Date.now();
   const globalDeadline = startTime + timeoutMs;
   process.stderr.write(
-    chalk5.bold(`Extracting HCS facts from ${rootDir}
-`) + chalk5.dim(`Languages: ${runnableLanguages.join(", ")}  Concurrency: ${concurrency}  Timeout: ${timeoutMins}m
+    chalk9.bold(`Extracting HCS facts from ${rootDir}
+`) + chalk9.dim(`Languages: ${runnableLanguages.join(", ")}  Concurrency: ${concurrency}  Timeout: ${timeoutMins}m
 `)
   );
   const progress = new ProgressTracker(runnableLanguages);
@@ -1279,7 +2654,7 @@ var extractCommand = new Command5("extract").description("Analyze source code an
           hasSchemaFailure = true;
           allErrors.push(`[${language}] Schema validation: ${validation.error}`);
           if (opts.verbose) {
-            process.stderr.write(chalk5.red(`[${language}] Invalid fact: ${validation.error}
+            process.stderr.write(chalk9.red(`[${language}] Invalid fact: ${validation.error}
 `));
           }
         }
@@ -1307,9 +2682,9 @@ var extractCommand = new Command5("extract").description("Analyze source code an
   const allLines = [...allPreamble, ...allFacts];
   const ndjsonOutput = allLines.join("\n") + (allLines.length > 0 ? "\n" : "");
   if (opts.out) {
-    const outPath = path6.resolve(opts.out);
+    const outPath = path9.resolve(opts.out);
     await fs2.writeFile(outPath, ndjsonOutput, "utf-8");
-    process.stderr.write(chalk5.green(`\u2714 Wrote ${allFacts.length} facts to ${outPath}
+    process.stderr.write(chalk9.green(`\u2714 Wrote ${allFacts.length} facts to ${outPath}
 `));
   } else {
     process.stdout.write(ndjsonOutput);
@@ -1321,48 +2696,48 @@ var extractCommand = new Command5("extract").description("Analyze source code an
     }
   }
   if (opts.verbose) {
-    process.stderr.write(chalk5.dim("\n\u2500\u2500 Summary \u2500\u2500\n"));
-    process.stderr.write(chalk5.dim(`  Facts emitted : ${allFacts.length}
+    process.stderr.write(chalk9.dim("\n\u2500\u2500 Summary \u2500\u2500\n"));
+    process.stderr.write(chalk9.dim(`  Facts emitted : ${allFacts.length}
 `));
-    process.stderr.write(chalk5.dim(`  Languages     : ${runnableLanguages.join(", ")}
+    process.stderr.write(chalk9.dim(`  Languages     : ${runnableLanguages.join(", ")}
 `));
-    process.stderr.write(chalk5.dim(`  Elapsed       : ${elapsed}s
+    process.stderr.write(chalk9.dim(`  Elapsed       : ${elapsed}s
 `));
     if (allErrors.length > 0) {
-      process.stderr.write(chalk5.dim(`  Errors        : ${allErrors.length}
+      process.stderr.write(chalk9.dim(`  Errors        : ${allErrors.length}
 `));
       for (const err of allErrors.slice(0, 10)) {
-        process.stderr.write(chalk5.dim(`    ${err}
+        process.stderr.write(chalk9.dim(`    ${err}
 `));
       }
       if (allErrors.length > 10) {
-        process.stderr.write(chalk5.dim(`    ... and ${allErrors.length - 10} more
+        process.stderr.write(chalk9.dim(`    ... and ${allErrors.length - 10} more
 `));
       }
     }
-    process.stderr.write(chalk5.dim("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\n"));
+    process.stderr.write(chalk9.dim("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\n"));
   }
   if (hasTimeout) {
-    process.stderr.write(chalk5.red(`Timeout exceeded (${timeoutMins} minutes)
+    process.stderr.write(chalk9.red(`Timeout exceeded (${timeoutMins} minutes)
 `));
     process.exit(EXIT_TIMEOUT);
   }
   if (hasSchemaFailure) {
-    process.stderr.write(chalk5.red("Fact schema validation failures detected\n"));
+    process.stderr.write(chalk9.red("Fact schema validation failures detected\n"));
     process.exit(EXIT_SCHEMA_FAILURE);
   }
   if (hasParseFailure) {
-    process.stderr.write(chalk5.red("Parsing failures detected\n"));
+    process.stderr.write(chalk9.red("Parsing failures detected\n"));
     process.exit(EXIT_PARSE_FAILURE);
   }
 });
 
 // src/commands/diff.ts
-import * as path7 from "path";
+import * as path10 from "path";
 import * as fs3 from "fs/promises";
-import * as crypto from "crypto";
-import { Command as Command6 } from "commander";
-import chalk6 from "chalk";
+import * as crypto3 from "crypto";
+import { Command as Command9 } from "commander";
+import chalk10 from "chalk";
 var EXIT_INVALID_PATH = 2;
 var EXIT_USAGE_ERROR2 = 5;
 var VALID_FORMATS = /* @__PURE__ */ new Set(["ndjson", "json", "patch"]);
@@ -1384,8 +2759,8 @@ async function discoverFiles(root, includeGlobs, excludeGlobs) {
     }
     for (const entry of entries) {
       if (entry.name.startsWith(".") && SKIP_DIRS2.has(entry.name)) continue;
-      const absPath = path7.join(dir, entry.name);
-      const relPath = path7.join(relBase, entry.name);
+      const absPath = path10.join(dir, entry.name);
+      const relPath = path10.join(relBase, entry.name);
       if (entry.isDirectory()) {
         if (!SKIP_DIRS2.has(entry.name)) {
           await walk(absPath, relPath);
@@ -1556,7 +2931,7 @@ function lcsRatio(a, b) {
   return 2 * lcsLen / (n + m);
 }
 function generateDeltaId(kind, filePath) {
-  const hash = crypto.createHash("sha256").update(`${kind}:${filePath}`).digest("hex").substring(0, 16);
+  const hash = crypto3.createHash("sha256").update(`${kind}:${filePath}`).digest("hex").substring(0, 16);
   return `hcs:delta:${hash}`;
 }
 function formatNdjson(deltas) {
@@ -1568,8 +2943,8 @@ function formatJson(deltas) {
 function formatPatch(deltas, originalPath, generatedPath) {
   const lines = [];
   for (const delta of deltas) {
-    const aFile = delta.originalPath ? path7.join("a", delta.originalPath) : "/dev/null";
-    const bFile = delta.generatedPath ? path7.join("b", delta.generatedPath) : "/dev/null";
+    const aFile = delta.originalPath ? path10.join("a", delta.originalPath) : "/dev/null";
+    const bFile = delta.generatedPath ? path10.join("b", delta.generatedPath) : "/dev/null";
     if (delta.changeKind === "renamed" && delta.originalPath && delta.generatedPath) {
       lines.push(`diff --vibgrate ${aFile} ${bFile}`);
       lines.push(`similarity index ${Math.round((delta.similarity ?? 0) * 100)}%`);
@@ -1590,12 +2965,12 @@ function formatPatch(deltas, originalPath, generatedPath) {
   }
   return lines.join("\n");
 }
-var diffCommand = new Command6("diff").description("Compare two directory trees and emit structured delta facts").argument("<original_path>", "Original source directory").argument("<generated_path>", "Generated source directory").option("-o, --out <file>", "Output file path", "vibgrate.diff.ndjson").option("--format <fmt>", "Output format (ndjson|json|patch)", "ndjson").option("--ignore-whitespace", "Ignore whitespace-only changes").option("--context <n>", "Context lines for patch output", "3").option("--include <globs>", "Only include matching files (comma-separated)").option("--exclude <globs>", "Exclude matching files (comma-separated)").option("--stats", "Include insertions/deletions summary per file").option("--verbose", "Print file match decisions and rename detection").action(async (originalPath, generatedPath, opts) => {
-  const origDir = path7.resolve(originalPath);
-  const genDir = path7.resolve(generatedPath);
+var diffCommand = new Command9("diff").description("Compare two directory trees and emit structured delta facts").argument("<original_path>", "Original source directory").argument("<generated_path>", "Generated source directory").option("-o, --out <file>", "Output file path", "vibgrate.diff.ndjson").option("--format <fmt>", "Output format (ndjson|json|patch)", "ndjson").option("--ignore-whitespace", "Ignore whitespace-only changes").option("--context <n>", "Context lines for patch output", "3").option("--include <globs>", "Only include matching files (comma-separated)").option("--exclude <globs>", "Exclude matching files (comma-separated)").option("--stats", "Include insertions/deletions summary per file").option("--verbose", "Print file match decisions and rename detection").action(async (originalPath, generatedPath, opts) => {
+  const origDir = path10.resolve(originalPath);
+  const genDir = path10.resolve(generatedPath);
   for (const [label, dir] of [["original_path", origDir], ["generated_path", genDir]]) {
     if (!await pathExists(dir)) {
-      process.stderr.write(chalk6.red(`${label} does not exist: ${dir}
+      process.stderr.write(chalk10.red(`${label} does not exist: ${dir}
 `));
       process.exit(EXIT_INVALID_PATH);
     }
@@ -1603,25 +2978,25 @@ var diffCommand = new Command6("diff").description("Compare two directory trees
     try {
       stat3 = await fs3.stat(dir);
     } catch {
-      process.stderr.write(chalk6.red(`Cannot read ${label}: ${dir}
+      process.stderr.write(chalk10.red(`Cannot read ${label}: ${dir}
 `));
       process.exit(EXIT_INVALID_PATH);
     }
     if (!stat3.isDirectory()) {
-      process.stderr.write(chalk6.red(`${label} must be a directory: ${dir}
+      process.stderr.write(chalk10.red(`${label} must be a directory: ${dir}
 `));
       process.exit(EXIT_INVALID_PATH);
     }
   }
   const format = opts.format.toLowerCase();
   if (!VALID_FORMATS.has(format)) {
-    process.stderr.write(chalk6.red(`Invalid format: "${opts.format}". Allowed: ndjson, json, patch
+    process.stderr.write(chalk10.red(`Invalid format: "${opts.format}". Allowed: ndjson, json, patch
 `));
     process.exit(EXIT_USAGE_ERROR2);
   }
   const contextLines = parseInt(opts.context, 10);
   if (isNaN(contextLines) || contextLines < 0) {
-    process.stderr.write(chalk6.red("--context must be >= 0\n"));
+    process.stderr.write(chalk10.red("--context must be >= 0\n"));
     process.exit(EXIT_USAGE_ERROR2);
   }
   const includeGlobs = opts.include ? opts.include.split(",").map((g) => g.trim()).filter(Boolean) : void 0;
@@ -1633,9 +3008,9 @@ var diffCommand = new Command6("diff").description("Compare two directory trees
   const origMap = new Map(origFiles.map((f) => [f.relPath, f]));
   const genMap = new Map(genFiles.map((f) => [f.relPath, f]));
   if (opts.verbose) {
-    process.stderr.write(chalk6.dim(`Original: ${origFiles.length} files
+    process.stderr.write(chalk10.dim(`Original: ${origFiles.length} files
 `));
-    process.stderr.write(chalk6.dim(`Generated: ${genFiles.length} files
+    process.stderr.write(chalk10.dim(`Generated: ${genFiles.length} files
 `));
   }
   const deltas = [];
@@ -1669,7 +3044,7 @@ var diffCommand = new Command6("diff").description("Compare two directory trees
         }
         deltas.push(delta);
         if (opts.verbose) {
-          process.stderr.write(chalk6.dim(`  modified: ${relPath} (+${diffResult.insertions} -${diffResult.deletions})
+          process.stderr.write(chalk10.dim(`  modified: ${relPath} (+${diffResult.insertions} -${diffResult.deletions})
 `));
         }
       }
@@ -1700,7 +3075,7 @@ var diffCommand = new Command6("diff").description("Compare two directory trees
     const pairs = [];
     for (const [origPath, origContent] of origContents) {
       for (const [genPath, genContent] of genContents) {
-        if (path7.extname(origPath) !== path7.extname(genPath)) continue;
+        if (path10.extname(origPath) !== path10.extname(genPath)) continue;
         const similarity = computeSimilarity(origContent, genContent);
         if (similarity >= RENAME_THRESHOLD) {
           pairs.push({ origPath, genPath, similarity });
@@ -1733,7 +3108,7 @@ var diffCommand = new Command6("diff").description("Compare two directory trees
       }
       deltas.push(delta);
       if (opts.verbose) {
-        process.stderr.write(chalk6.dim(
+        process.stderr.write(chalk10.dim(
           `  renamed: ${pair.origPath} \u2192 ${pair.genPath} (${(pair.similarity * 100).toFixed(0)}% similar)
 `
         ));
@@ -1758,7 +3133,7 @@ var diffCommand = new Command6("diff").description("Compare two directory trees
     }
     deltas.push(delta);
     if (opts.verbose) {
-      process.stderr.write(chalk6.dim(`  removed: ${file.relPath}
+      process.stderr.write(chalk10.dim(`  removed: ${file.relPath}
 `));
     }
   }
@@ -1780,7 +3155,7 @@ var diffCommand = new Command6("diff").description("Compare two directory trees
     }
     deltas.push(delta);
     if (opts.verbose) {
-      process.stderr.write(chalk6.dim(`  added: ${file.relPath}
+      process.stderr.write(chalk10.dim(`  added: ${file.relPath}
 `));
     }
   }
@@ -1801,16 +3176,16 @@ var diffCommand = new Command6("diff").description("Compare two directory trees
       output = formatPatch(deltas, originalPath, generatedPath);
       break;
   }
-  const outPath = path7.resolve(opts.out);
+  const outPath = path10.resolve(opts.out);
   await fs3.writeFile(outPath, output, "utf-8");
   const added = deltas.filter((d) => d.changeKind === "added").length;
   const removed = deltas.filter((d) => d.changeKind === "removed").length;
   const modified = deltas.filter((d) => d.changeKind === "modified").length;
   const renamed = deltas.filter((d) => d.changeKind === "renamed").length;
   process.stderr.write(
-    chalk6.green(`\u2714 `) + `${deltas.length} changes: ` + chalk6.green(`+${added} added`) + ", " + chalk6.red(`-${removed} removed`) + ", " + chalk6.yellow(`~${modified} modified`) + ", " + chalk6.blue(`\u2192${renamed} renamed`) + "\n"
+    chalk10.green(`\u2714 `) + `${deltas.length} changes: ` + chalk10.green(`+${added} added`) + ", " + chalk10.red(`-${removed} removed`) + ", " + chalk10.yellow(`~${modified} modified`) + ", " + chalk10.blue(`\u2192${renamed} renamed`) + "\n"
   );
-  process.stderr.write(chalk6.dim(`  Written to ${outPath}
+  process.stderr.write(chalk10.dim(`  Written to ${outPath}
 `));
   if (opts.verbose && opts.stats) {
     let totalIns = 0;
@@ -1821,193 +3196,193 @@ var diffCommand = new Command6("diff").description("Compare two directory trees
         totalDel += d.stats.deletions;
       }
     }
-    process.stderr.write(chalk6.dim(`  Total: +${totalIns} insertions, -${totalDel} deletions
+    process.stderr.write(chalk10.dim(`  Total: +${totalIns} insertions, -${totalDel} deletions
 `));
   }
 });
 
 // src/commands/help.ts
-import { Command as Command7 } from "commander";
-import chalk7 from "chalk";
+import { Command as Command10 } from "commander";
+import chalk11 from "chalk";
 var HELP_URL = "https://vibgrate.com/help";
 function printFooter() {
   console.log("");
-  console.log(chalk7.dim(`See ${HELP_URL} for more guidance`));
+  console.log(chalk11.dim(`See ${HELP_URL} for more guidance`));
 }
 var detailedHelp = {
   scan: () => {
     console.log("");
-    console.log(chalk7.bold.underline("vibgrate scan") + chalk7.dim(" \u2014 Scan a project for upgrade drift"));
+    console.log(chalk11.bold.underline("vibgrate scan") + chalk11.dim(" \u2014 Scan a project for upgrade drift"));
     console.log("");
-    console.log(chalk7.bold("Usage:"));
+    console.log(chalk11.bold("Usage:"));
     console.log("  vibgrate scan [path] [options]");
     console.log("");
-    console.log(chalk7.bold("Arguments:"));
-    console.log(`  ${chalk7.cyan("[path]")}                       Path to scan (default: current directory)`);
+    console.log(chalk11.bold("Arguments:"));
+    console.log(`  ${chalk11.cyan("[path]")}                       Path to scan (default: current directory)`);
     console.log("");
-    console.log(chalk7.bold("Output options:"));
-    console.log(`  ${chalk7.cyan("--format <format>")}           Output format: ${chalk7.white("text")} | json | sarif | md  (default: text)`);
-    console.log(`  ${chalk7.cyan("--out <file>")}                Write output to a file instead of stdout`);
+    console.log(chalk11.bold("Output options:"));
+    console.log(`  ${chalk11.cyan("--format <format>")}           Output format: ${chalk11.white("text")} | json | sarif | md  (default: text)`);
+    console.log(`  ${chalk11.cyan("--out <file>")}                Write output to a file instead of stdout`);
     console.log("");
-    console.log(chalk7.bold("Baseline & gating:"));
-    console.log(`  ${chalk7.cyan("--baseline <file>")}           Compare results against a saved baseline`);
-    console.log(`  ${chalk7.cyan("--drift-budget <score>")}      Fail if drift score exceeds this value (0\u2013100)`);
-    console.log(`  ${chalk7.cyan("--drift-worsening <percent>")} Fail if drift worsens by more than % since baseline`);
-    console.log(`  ${chalk7.cyan("--fail-on <level>")}           Fail exit code on warn or error findings`);
+    console.log(chalk11.bold("Baseline & gating:"));
+    console.log(`  ${chalk11.cyan("--baseline <file>")}           Compare results against a saved baseline`);
+    console.log(`  ${chalk11.cyan("--drift-budget <score>")}      Fail if drift score exceeds this value (0\u2013100)`);
+    console.log(`  ${chalk11.cyan("--drift-worsening <percent>")} Fail if drift worsens by more than % since baseline`);
+    console.log(`  ${chalk11.cyan("--fail-on <level>")}           Fail exit code on warn or error findings`);
     console.log("");
-    console.log(chalk7.bold("Performance:"));
-    console.log(`  ${chalk7.cyan("--concurrency <n>")}           Max concurrent registry calls (default: 8)`);
-    console.log(`  ${chalk7.cyan("--changed-only")}              Only scan files changed since last git commit`);
+    console.log(chalk11.bold("Performance:"));
+    console.log(`  ${chalk11.cyan("--concurrency <n>")}           Max concurrent registry calls (default: 8)`);
+    console.log(`  ${chalk11.cyan("--changed-only")}              Only scan files changed since last git commit`);
     console.log("");
-    console.log(chalk7.bold("Privacy & offline:"));
-    console.log(`  ${chalk7.cyan("--offline")}                   Run without any network calls; skip result upload`);
-    console.log(`  ${chalk7.cyan("--package-manifest <file>")}   Use a local package-version manifest (JSON or ZIP) for offline mode`);
-    console.log(`  ${chalk7.cyan("--no-local-artifacts")}        Do not write .vibgrate JSON artifacts to disk`);
-    console.log(`  ${chalk7.cyan("--max-privacy")}               Strongest privacy mode: minimal scanners + no local artifacts`);
+    console.log(chalk11.bold("Privacy & offline:"));
+    console.log(`  ${chalk11.cyan("--offline")}                   Run without any network calls; skip result upload`);
+    console.log(`  ${chalk11.cyan("--package-manifest <file>")}   Use a local package-version manifest (JSON or ZIP) for offline mode`);
+    console.log(`  ${chalk11.cyan("--no-local-artifacts")}        Do not write .vibgrate JSON artifacts to disk`);
+    console.log(`  ${chalk11.cyan("--max-privacy")}               Strongest privacy mode: minimal scanners + no local artifacts`);
     console.log("");
-    console.log(chalk7.bold("Tooling:"));
-    console.log(`  ${chalk7.cyan("--install-tools")}             Auto-install missing security scanners via Homebrew`);
-    console.log(`  ${chalk7.cyan("--ui-purpose")}                Enable UI purpose evidence extraction (slower)`);
+    console.log(chalk11.bold("Tooling:"));
+    console.log(`  ${chalk11.cyan("--install-tools")}             Auto-install missing security scanners via Homebrew`);
+    console.log(`  ${chalk11.cyan("--ui-purpose")}                Enable UI purpose evidence extraction (slower)`);
     console.log("");
-    console.log(chalk7.bold("Uploading results:"));
-    console.log(`  ${chalk7.cyan("--push")}                      Auto-push results to Vibgrate API after scan`);
-    console.log(`  ${chalk7.cyan("--dsn <dsn>")}                 DSN token for push (or set VIBGRATE_DSN env var)`);
-    console.log(`  ${chalk7.cyan("--region <region>")}           Data residency region: us | eu  (default: us)`);
-    console.log(`  ${chalk7.cyan("--strict")}                    Fail if the upload to Vibgrate API fails`);
+    console.log(chalk11.bold("Uploading results:"));
+    console.log(`  ${chalk11.cyan("--push")}                      Auto-push results to Vibgrate API after scan`);
+    console.log(`  ${chalk11.cyan("--dsn <dsn>")}                 DSN token for push (or set VIBGRATE_DSN env var)`);
+    console.log(`  ${chalk11.cyan("--region <region>")}           Data residency region: us | eu  (default: us)`);
+    console.log(`  ${chalk11.cyan("--strict")}                    Fail if the upload to Vibgrate API fails`);
     console.log("");
-    console.log(chalk7.bold("Examples:"));
-    console.log(`  ${chalk7.dim("# Scan the current directory and display a text report")}`);
+    console.log(chalk11.bold("Examples:"));
+    console.log(`  ${chalk11.dim("# Scan the current directory and display a text report")}`);
     console.log("  vibgrate scan .");
     console.log("");
-    console.log(`  ${chalk7.dim("# Scan, fail if drift score > 40, and write SARIF for GitHub Actions")}`);
+    console.log(`  ${chalk11.dim("# Scan, fail if drift score > 40, and write SARIF for GitHub Actions")}`);
     console.log("  vibgrate scan . --drift-budget 40 --format sarif --out drift.sarif");
     console.log("");
-    console.log(`  ${chalk7.dim("# Scan and automatically upload results via a DSN")}`);
+    console.log(`  ${chalk11.dim("# Scan and automatically upload results via a DSN")}`);
     console.log("  vibgrate scan . --push --dsn $VIBGRATE_DSN");
     console.log("");
-    console.log(`  ${chalk7.dim("# Offline scan using a pre-downloaded package manifest")}`);
+    console.log(`  ${chalk11.dim("# Offline scan using a pre-downloaded package manifest")}`);
     console.log("  vibgrate scan . --offline --package-manifest ./manifest.zip");
   },
   init: () => {
     console.log("");
-    console.log(chalk7.bold.underline("vibgrate init") + chalk7.dim(" \u2014 Initialise vibgrate in a project directory"));
+    console.log(chalk11.bold.underline("vibgrate init") + chalk11.dim(" \u2014 Initialise vibgrate in a project directory"));
     console.log("");
-    console.log(chalk7.bold("Usage:"));
+    console.log(chalk11.bold("Usage:"));
     console.log("  vibgrate init [path] [options]");
     console.log("");
-    console.log(chalk7.bold("Arguments:"));
-    console.log(`  ${chalk7.cyan("[path]")}          Directory to initialise (default: current directory)`);
+    console.log(chalk11.bold("Arguments:"));
+    console.log(`  ${chalk11.cyan("[path]")}          Directory to initialise (default: current directory)`);
     console.log("");
-    console.log(chalk7.bold("Options:"));
-    console.log(`  ${chalk7.cyan("--baseline")}      Create an initial drift baseline after init`);
-    console.log(`  ${chalk7.cyan("--yes")}           Skip all confirmation prompts`);
+    console.log(chalk11.bold("Options:"));
+    console.log(`  ${chalk11.cyan("--baseline")}      Create an initial drift baseline after init`);
+    console.log(`  ${chalk11.cyan("--yes")}           Skip all confirmation prompts`);
     console.log("");
-    console.log(chalk7.bold("What it does:"));
+    console.log(chalk11.bold("What it does:"));
     console.log("  \u2022 Creates a .vibgrate/ directory");
     console.log("  \u2022 Writes a vibgrate.config.ts starter config");
     console.log("  \u2022 Optionally runs an initial baseline scan (--baseline)");
     console.log("");
-    console.log(chalk7.bold("Examples:"));
+    console.log(chalk11.bold("Examples:"));
     console.log("  vibgrate init");
     console.log("  vibgrate init ./my-project --baseline");
   },
   baseline: () => {
     console.log("");
-    console.log(chalk7.bold.underline("vibgrate baseline") + chalk7.dim(" \u2014 Save a drift baseline snapshot"));
+    console.log(chalk11.bold.underline("vibgrate baseline") + chalk11.dim(" \u2014 Save a drift baseline snapshot"));
     console.log("");
-    console.log(chalk7.bold("Usage:"));
+    console.log(chalk11.bold("Usage:"));
     console.log("  vibgrate baseline [path]");
     console.log("");
-    console.log(chalk7.bold("Arguments:"));
-    console.log(`  ${chalk7.cyan("[path]")}   Path to baseline (default: current directory)`);
+    console.log(chalk11.bold("Arguments:"));
+    console.log(`  ${chalk11.cyan("[path]")}   Path to baseline (default: current directory)`);
     console.log("");
-    console.log(chalk7.bold("What it does:"));
+    console.log(chalk11.bold("What it does:"));
     console.log("  Runs a full scan and saves the result as .vibgrate/baseline.json.");
     console.log("  Future scans can compare against this file using --baseline.");
     console.log("");
-    console.log(chalk7.bold("Examples:"));
+    console.log(chalk11.bold("Examples:"));
     console.log("  vibgrate baseline .");
     console.log("  vibgrate scan . --baseline .vibgrate/baseline.json --drift-worsening 10");
   },
   report: () => {
     console.log("");
-    console.log(chalk7.bold.underline("vibgrate report") + chalk7.dim(" \u2014 Generate a report from a saved scan artifact"));
+    console.log(chalk11.bold.underline("vibgrate report") + chalk11.dim(" \u2014 Generate a report from a saved scan artifact"));
     console.log("");
-    console.log(chalk7.bold("Usage:"));
+    console.log(chalk11.bold("Usage:"));
     console.log("  vibgrate report [options]");
     console.log("");
-    console.log(chalk7.bold("Options:"));
-    console.log(`  ${chalk7.cyan("--in <file>")}        Input artifact file (default: .vibgrate/scan_result.json)`);
-    console.log(`  ${chalk7.cyan("--format <format>")}  Output format: ${chalk7.white("text")} | md | json  (default: text)`);
+    console.log(chalk11.bold("Options:"));
+    console.log(`  ${chalk11.cyan("--in <file>")}        Input artifact file (default: .vibgrate/scan_result.json)`);
+    console.log(`  ${chalk11.cyan("--format <format>")}  Output format: ${chalk11.white("text")} | md | json  (default: text)`);
     console.log("");
-    console.log(chalk7.bold("Examples:"));
+    console.log(chalk11.bold("Examples:"));
     console.log("  vibgrate report");
     console.log("  vibgrate report --format md > DRIFT-REPORT.md");
     console.log("  vibgrate report --in ./ci/scan_result.json --format json");
   },
   sbom: () => {
     console.log("");
-    console.log(chalk7.bold.underline("vibgrate sbom") + chalk7.dim(" \u2014 Export a Software Bill of Materials from a scan artifact"));
+    console.log(chalk11.bold.underline("vibgrate sbom") + chalk11.dim(" \u2014 Export a Software Bill of Materials from a scan artifact"));
     console.log("");
-    console.log(chalk7.bold("Usage:"));
+    console.log(chalk11.bold("Usage:"));
     console.log("  vibgrate sbom [options]");
     console.log("");
-    console.log(chalk7.bold("Options:"));
-    console.log(`  ${chalk7.cyan("--in <file>")}        Input artifact (default: .vibgrate/scan_result.json)`);
-    console.log(`  ${chalk7.cyan("--format <format>")}  SBOM format: ${chalk7.white("cyclonedx")} | spdx  (default: cyclonedx)`);
-    console.log(`  ${chalk7.cyan("--out <file>")}       Write SBOM to file instead of stdout`);
+    console.log(chalk11.bold("Options:"));
+    console.log(`  ${chalk11.cyan("--in <file>")}        Input artifact (default: .vibgrate/scan_result.json)`);
+    console.log(`  ${chalk11.cyan("--format <format>")}  SBOM format: ${chalk11.white("cyclonedx")} | spdx  (default: cyclonedx)`);
+    console.log(`  ${chalk11.cyan("--out <file>")}       Write SBOM to file instead of stdout`);
     console.log("");
-    console.log(chalk7.bold("Examples:"));
+    console.log(chalk11.bold("Examples:"));
     console.log("  vibgrate sbom --format cyclonedx --out sbom.json");
     console.log("  vibgrate sbom --format spdx --out sbom.spdx.json");
   },
   push: () => {
     console.log("");
-    console.log(chalk7.bold.underline("vibgrate push") + chalk7.dim(" \u2014 Upload a scan artifact to the Vibgrate API"));
+    console.log(chalk11.bold.underline("vibgrate push") + chalk11.dim(" \u2014 Upload a scan artifact to the Vibgrate API"));
     console.log("");
-    console.log(chalk7.bold("Usage:"));
+    console.log(chalk11.bold("Usage:"));
     console.log("  vibgrate push [options]");
     console.log("");
-    console.log(chalk7.bold("Options:"));
-    console.log(`  ${chalk7.cyan("--dsn <dsn>")}        DSN token (or set VIBGRATE_DSN env var)`);
-    console.log(`  ${chalk7.cyan("--file <file>")}      Artifact to upload (default: .vibgrate/scan_result.json)`);
-    console.log(`  ${chalk7.cyan("--region <region>")}  Override data residency region: us | eu`);
-    console.log(`  ${chalk7.cyan("--strict")}           Fail with non-zero exit code on upload error`);
+    console.log(chalk11.bold("Options:"));
+    console.log(`  ${chalk11.cyan("--dsn <dsn>")}        DSN token (or set VIBGRATE_DSN env var)`);
+    console.log(`  ${chalk11.cyan("--file <file>")}      Artifact to upload (default: .vibgrate/scan_result.json)`);
+    console.log(`  ${chalk11.cyan("--region <region>")}  Override data residency region: us | eu`);
+    console.log(`  ${chalk11.cyan("--strict")}           Fail with non-zero exit code on upload error`);
     console.log("");
-    console.log(chalk7.bold("Examples:"));
+    console.log(chalk11.bold("Examples:"));
     console.log("  vibgrate push --dsn $VIBGRATE_DSN");
     console.log("  vibgrate push --file ./ci/scan_result.json --strict");
   },
   dsn: () => {
     console.log("");
-    console.log(chalk7.bold.underline("vibgrate dsn") + chalk7.dim(" \u2014 Manage DSN tokens for API authentication"));
+    console.log(chalk11.bold.underline("vibgrate dsn") + chalk11.dim(" \u2014 Manage DSN tokens for API authentication"));
     console.log("");
-    console.log(chalk7.bold("Subcommands:"));
-    console.log(`  ${chalk7.cyan("vibgrate dsn create")}   Generate a new DSN token`);
+    console.log(chalk11.bold("Subcommands:"));
+    console.log(`  ${chalk11.cyan("vibgrate dsn create")}   Generate a new DSN token`);
     console.log("");
-    console.log(chalk7.bold("dsn create options:"));
-    console.log(`  ${chalk7.cyan("--workspace <id>")}   Workspace ID or "new" to auto-generate ${chalk7.red("(required)")}`);
-    console.log(`  ${chalk7.cyan("--region <region>")}  Data residency region: us | eu  (default: us)`);
-    console.log(`  ${chalk7.cyan("--ingest <url>")}     Override ingest API URL`);
-    console.log(`  ${chalk7.cyan("--write <path>")}     Write the DSN to a file (add to .gitignore!)`);
+    console.log(chalk11.bold("dsn create options:"));
+    console.log(`  ${chalk11.cyan("--workspace <id>")}   Workspace ID or "new" to auto-generate ${chalk11.red("(required)")}`);
+    console.log(`  ${chalk11.cyan("--region <region>")}  Data residency region: us | eu  (default: us)`);
+    console.log(`  ${chalk11.cyan("--ingest <url>")}     Override ingest API URL`);
+    console.log(`  ${chalk11.cyan("--write <path>")}     Write the DSN to a file (add to .gitignore!)`);
     console.log("");
-    console.log(chalk7.bold("Examples:"));
+    console.log(chalk11.bold("Examples:"));
     console.log("  vibgrate dsn create --workspace new");
     console.log("  vibgrate dsn create --workspace abc123");
     console.log("  vibgrate dsn create --workspace new --region eu --write .vibgrate/.dsn");
   },
   update: () => {
     console.log("");
-    console.log(chalk7.bold.underline("vibgrate update") + chalk7.dim(" \u2014 Update the vibgrate CLI to the latest version"));
+    console.log(chalk11.bold.underline("vibgrate update") + chalk11.dim(" \u2014 Update the vibgrate CLI to the latest version"));
     console.log("");
-    console.log(chalk7.bold("Usage:"));
+    console.log(chalk11.bold("Usage:"));
     console.log("  vibgrate update [options]");
     console.log("");
-    console.log(chalk7.bold("Options:"));
-    console.log(`  ${chalk7.cyan("--check")}         Check for a newer version without installing`);
-    console.log(`  ${chalk7.cyan("--pm <manager>")} Force a package manager: npm | pnpm | yarn | bun`);
+    console.log(chalk11.bold("Options:"));
+    console.log(`  ${chalk11.cyan("--check")}         Check for a newer version without installing`);
+    console.log(`  ${chalk11.cyan("--pm <manager>")} Force a package manager: npm | pnpm | yarn | bun`);
     console.log("");
-    console.log(chalk7.bold("Examples:"));
+    console.log(chalk11.bold("Examples:"));
     console.log("  vibgrate update");
     console.log("  vibgrate update --check");
     console.log("  vibgrate update --pm pnpm");
@@ -2015,40 +3390,40 @@ var detailedHelp = {
 };
 function printSummaryHelp() {
   console.log("");
-  console.log(chalk7.bold("vibgrate") + chalk7.dim(" \u2014 Continuous Drift Intelligence"));
+  console.log(chalk11.bold("vibgrate") + chalk11.dim(" \u2014 Continuous Drift Intelligence"));
   console.log("");
-  console.log(chalk7.bold("Usage:"));
+  console.log(chalk11.bold("Usage:"));
   console.log("  vibgrate <command> [options]");
   console.log("  vibgrate help [command]     Show detailed help for a command");
   console.log("");
-  console.log(chalk7.bold("Getting started:"));
-  console.log(`  ${chalk7.cyan("init")}       Initialise vibgrate in a project (creates config & .vibgrate/ dir)`);
+  console.log(chalk11.bold("Getting started:"));
+  console.log(`  ${chalk11.cyan("init")}       Initialise vibgrate in a project (creates config & .vibgrate/ dir)`);
   console.log("");
-  console.log(chalk7.bold("Core scanning:"));
-  console.log(`  ${chalk7.cyan("scan")}       Scan a project for upgrade drift and generate a report`);
-  console.log(`  ${chalk7.cyan("baseline")}   Save a baseline snapshot to compare future scans against`);
+  console.log(chalk11.bold("Core scanning:"));
+  console.log(`  ${chalk11.cyan("scan")}       Scan a project for upgrade drift and generate a report`);
+  console.log(`  ${chalk11.cyan("baseline")}   Save a baseline snapshot to compare future scans against`);
   console.log("");
-  console.log(chalk7.bold("Reporting & export:"));
-  console.log(`  ${chalk7.cyan("report")}     Re-generate a report from a previously saved scan artifact`);
-  console.log(`  ${chalk7.cyan("sbom")}       Export a Software Bill of Materials (CycloneDX or SPDX)`);
+  console.log(chalk11.bold("Reporting & export:"));
+  console.log(`  ${chalk11.cyan("report")}     Re-generate a report from a previously saved scan artifact`);
+  console.log(`  ${chalk11.cyan("sbom")}       Export a Software Bill of Materials (CycloneDX or SPDX)`);
   console.log("");
-  console.log(chalk7.bold("CI/CD integration:"));
-  console.log(`  ${chalk7.cyan("push")}       Upload a scan artifact to the Vibgrate API`);
-  console.log(`  ${chalk7.cyan("dsn")}        Create and manage DSN tokens for API authentication`);
+  console.log(chalk11.bold("CI/CD integration:"));
+  console.log(`  ${chalk11.cyan("push")}       Upload a scan artifact to the Vibgrate API`);
+  console.log(`  ${chalk11.cyan("dsn")}        Create and manage DSN tokens for API authentication`);
   console.log("");
-  console.log(chalk7.bold("Maintenance:"));
-  console.log(`  ${chalk7.cyan("update")}     Update the vibgrate CLI to the latest version`);
+  console.log(chalk11.bold("Maintenance:"));
+  console.log(`  ${chalk11.cyan("update")}     Update the vibgrate CLI to the latest version`);
   console.log("");
-  console.log(chalk7.dim("Run") + ` ${chalk7.cyan("vibgrate help <command>")} ` + chalk7.dim("for detailed options, e.g.") + ` ${chalk7.cyan("vibgrate help scan")}`);
+  console.log(chalk11.dim("Run") + ` ${chalk11.cyan("vibgrate help <command>")} ` + chalk11.dim("for detailed options, e.g.") + ` ${chalk11.cyan("vibgrate help scan")}`);
 }
-var helpCommand = new Command7("help").description("Show help for vibgrate commands").argument("[command]", "Command to show detailed help for").helpOption(false).action((cmd) => {
+var helpCommand = new Command10("help").description("Show help for vibgrate commands").argument("[command]", "Command to show detailed help for").helpOption(false).action((cmd) => {
   const name = cmd?.toLowerCase().trim();
   if (name && detailedHelp[name]) {
     detailedHelp[name]();
   } else if (name) {
     console.log("");
-    console.log(chalk7.red(`Unknown command: ${name}`));
-    console.log(chalk7.dim(`Available commands: ${Object.keys(detailedHelp).join(", ")}`));
+    console.log(chalk11.red(`Unknown command: ${name}`));
+    console.log(chalk11.dim(`Available commands: ${Object.keys(detailedHelp).join(", ")}`));
     printSummaryHelp();
   } else {
     printSummaryHelp();
@@ -2057,7 +3432,7 @@ var helpCommand = new Command7("help").description("Show help for vibgrate comma
 });
 
 // src/cli.ts
-var program = new Command8();
+var program = new Command11();
 program.name("vibgrate").description("Continuous Drift Intelligence").version(VERSION).addHelpText("after", "\nSee https://vibgrate.com/help for more guidance");
 program.addCommand(helpCommand);
 program.addCommand(initCommand);
@@ -2074,8 +3449,8 @@ function notifyIfUpdateAvailable() {
   void checkForUpdate().then((update) => {
     if (!update?.updateAvailable) return;
     console.error("");
-    console.error(chalk8.yellow(`  Update available: ${update.current} \u2192 ${update.latest}`));
-    console.error(chalk8.dim('  Run "vibgrate update" to install the latest version.'));
+    console.error(chalk12.yellow(`  Update available: ${update.current} \u2192 ${update.latest}`));
+    console.error(chalk12.dim('  Run "vibgrate update" to install the latest version.'));
     console.error("");
   }).catch(() => {
   });