@westbayberry/dg 1.3.2 → 2.0.0

package/dist/scan/render.js

@@ -0,0 +1,240 @@
+import { createTheme } from "../presentation/theme.js";
+const DETAIL_PROJECT_LIMIT = 8;
+const CLEAN_PROJECT_PREVIEW_LIMIT = 5;
+const FINDING_GROUP_PREVIEW_LIMIT = 3;
+const SCAN_STATUS_ROLE = {
+    pass: "pass",
+    warn: "warn",
+    block: "block",
+    unknown: "unknown",
+    error: "block"
+};
+export function renderTextReport(report, terminalWidth = terminalWidthFromEnv(), theme = createTheme(false), scannerUnavailable = false) {
+    const width = Math.max(48, Math.min(terminalWidth, 140));
+    const cleanProjects = report.projects.filter((project) => project.findings.length === 0);
+    const findingProjects = report.projects.filter((project) => project.findings.length > 0);
+    const shouldCollapseProjects = report.projects.length > DETAIL_PROJECT_LIMIT;
+    const lines = [
+        "Dependency Guardian scan",
+        `Target: ${report.target}`,
+        `Scanning: checked ${report.summary.projectCount} project manifest${report.summary.projectCount === 1 ? "" : "s"}.`,
+        `Status: ${theme.paint(SCAN_STATUS_ROLE[report.status], report.status)}`,
+        `Projects: ${report.summary.projectCount}`,
+        `Dependencies: ${report.summary.dependencyCount}`,
+        `Findings: ${report.summary.findingCount} (${report.summary.warnCount} warn, ${report.summary.blockCount} block)`,
+        ...(report.scanner
+            ? [`Scanner: score ${report.scanner.score}, ${report.scanner.packages.length} packages verified`]
+            : []),
+        ""
+    ];
+    if (scannerUnavailable) {
+        lines.push("server scan unavailable — local heuristics only (run 'dg doctor' to diagnose)");
+        lines.push("");
+    }
+    if (report.projects.length === 0 && report.errors.length === 0) {
+        lines.push("No supported project manifests found.");
+    }
+    if (findingProjects.length > 0) {
+        lines.push("Finding groups:");
+        for (const group of groupFindings(report.findings)) {
+            const severityLabel = theme.paint(group.severity === "block" ? "block" : "warn", group.severity.toUpperCase());
+            lines.push(`  ${severityLabel} ${group.id}: ${group.count} finding${group.count === 1 ? "" : "s"} across ${group.projectCount} project${group.projectCount === 1 ? "" : "s"}`);
+            for (const finding of group.examples) {
+                lines.push(...wrapLine("    example: ", `${finding.project} at ${finding.location}: ${finding.message}`, width));
+            }
+            if (group.hiddenCount > 0) {
+                lines.push(`    ${group.hiddenCount} more hidden by default.`);
+            }
+        }
+        lines.push("");
+    }
+    if (shouldCollapseProjects) {
+        if (findingProjects.length > 0) {
+            lines.push(`Projects with findings: ${findingProjects.length}`);
+            for (const project of findingProjects.slice(0, CLEAN_PROJECT_PREVIEW_LIMIT)) {
+                const version = project.version ? `@${project.version}` : "";
+                lines.push(`  ${project.name}${version} (${project.manifestPath}) findings:${project.findings.length}`);
+            }
+            if (findingProjects.length > CLEAN_PROJECT_PREVIEW_LIMIT) {
+                lines.push(`  ${findingProjects.length - CLEAN_PROJECT_PREVIEW_LIMIT} more projects with findings hidden by default.`);
+            }
+        }
+        if (cleanProjects.length > 0) {
+            const preview = cleanProjects.slice(0, CLEAN_PROJECT_PREVIEW_LIMIT).map((project) => project.name).join(", ");
+            const suffix = cleanProjects.length > CLEAN_PROJECT_PREVIEW_LIMIT ? `, plus ${cleanProjects.length - CLEAN_PROJECT_PREVIEW_LIMIT} more` : "";
+            lines.push(`Clean projects collapsed: ${cleanProjects.length}${preview.length > 0 ? ` (${preview}${suffix})` : ""}.`);
+        }
+        lines.push(`For full project detail, run: dg scan ${quoteTarget(report.target)} in a terminal (opens the interactive view) or dg scan ${quoteTarget(report.target)} --json`);
+        lines.push("");
+    }
+    else {
+        for (const project of report.projects) {
+            lines.push(...formatProject(project, width));
+            lines.push("");
+        }
+    }
+    for (const error of report.errors) {
+        lines.push(...wrapLine(`ERROR ${error.location}: `, error.message, width));
+    }
+    return `${lines.join("\n").replace(/\n{3,}/g, "\n\n").trimEnd()}\n`;
+}
+function formatProject(project, width) {
+    const lines = [];
+    const version = project.version ? `@${project.version}` : "";
+    const license = project.license ?? "unknown";
+    lines.push(`${project.name}${version} (${project.manifestPath})`);
+    lines.push(`  license: ${license}`);
+    lines.push(`  dependencies: ${project.dependencyCount}`);
+    if (project.findings.length === 0) {
+        lines.push("  result: pass");
+    }
+    else {
+        for (const finding of project.findings) {
+            lines.push(...formatFinding(finding, width));
+        }
+    }
+    return lines;
+}
+export function renderJsonReport(report, scannerUnavailable = false) {
+    return `${JSON.stringify({ ...report, scannerUnavailable }, null, 2)}\n`;
+}
+export function renderSarifReport(report) {
+    const rules = uniqueFindings(report.findings).map((finding) => ({
+        id: finding.id,
+        name: finding.title,
+        shortDescription: {
+            text: finding.title
+        },
+        fullDescription: {
+            text: finding.message
+        },
+        defaultConfiguration: {
+            level: finding.severity === "block" ? "error" : "warning"
+        }
+    }));
+    const sarif = {
+        version: "2.1.0",
+        $schema: "https://json.schemastore.org/sarif-2.1.0.json",
+        runs: [
+            {
+                tool: {
+                    driver: {
+                        name: "Dependency Guardian",
+                        informationUri: "https://westbayberry.com",
+                        rules
+                    }
+                },
+                results: report.findings.map((finding) => ({
+                    ruleId: finding.id,
+                    level: finding.severity === "block" ? "error" : "warning",
+                    message: {
+                        text: finding.message
+                    },
+                    locations: [
+                        {
+                            physicalLocation: {
+                                artifactLocation: {
+                                    uri: artifactUri(finding.location)
+                                }
+                            }
+                        }
+                    ]
+                }))
+            }
+        ]
+    };
+    return `${JSON.stringify(sarif, null, 2)}\n`;
+}
+function artifactUri(location) {
+    return location.replace(/:\d+$/u, "");
+}
+function uniqueFindings(findings) {
+    const seen = new Set();
+    const unique = [];
+    for (const finding of findings) {
+        if (seen.has(finding.id)) {
+            continue;
+        }
+        seen.add(finding.id);
+        unique.push(finding);
+    }
+    return unique;
+}
+function formatFinding(finding, width) {
+    const prefix = `  ${finding.severity.toUpperCase()} ${finding.id} ${finding.location}: `;
+    return wrapLine(prefix, finding.message, width);
+}
+function groupFindings(findings) {
+    const groups = new Map();
+    for (const finding of findings) {
+        const key = `${finding.severity}:${finding.id}`;
+        const group = groups.get(key) ?? {
+            findings: [],
+            projects: new Set()
+        };
+        group.findings.push(finding);
+        group.projects.add(finding.project);
+        groups.set(key, group);
+    }
+    return [...groups.entries()]
+        .map(([key, group]) => {
+        const [severity, id] = key.split(":");
+        return {
+            id,
+            severity,
+            count: group.findings.length,
+            projectCount: group.projects.size,
+            examples: group.findings.slice(0, FINDING_GROUP_PREVIEW_LIMIT),
+            hiddenCount: Math.max(0, group.findings.length - FINDING_GROUP_PREVIEW_LIMIT)
+        };
+    })
+        .sort((left, right) => {
+        if (left.severity !== right.severity) {
+            return left.severity === "block" ? -1 : 1;
+        }
+        return left.id.localeCompare(right.id);
+    });
+}
+function quoteTarget(target) {
+    if (/^[A-Za-z0-9_./:-]+$/u.test(target)) {
+        return target;
+    }
+    return JSON.stringify(target);
+}
+function wrapLine(prefix, text, width) {
+    if (prefix.length > width - 16) {
+        return [
+            prefix.trimEnd(),
+            ...wrapLine("    ", text, width)
+        ];
+    }
+    const available = Math.max(16, width - prefix.length);
+    const words = text.split(/\s+/);
+    const lines = [];
+    let current = "";
+    for (const word of words) {
+        if (current.length === 0) {
+            current = word;
+            continue;
+        }
+        if (current.length + 1 + word.length > available) {
+            lines.push(current);
+            current = word;
+            continue;
+        }
+        current = `${current} ${word}`;
+    }
+    if (current.length > 0) {
+        lines.push(current);
+    }
+    if (lines.length === 0) {
+        return [prefix.trimEnd()];
+    }
+    const continuation = " ".repeat(Math.min(prefix.length, width - available));
+    return lines.map((line, index) => `${index === 0 ? prefix : continuation}${line}`);
+}
+function terminalWidthFromEnv() {
+    const value = process.env.DG_TEST_TERMINAL_WIDTH ?? String(process.stdout.columns ?? 100);
+    const parsed = Number.parseInt(value, 10);
+    return Number.isFinite(parsed) ? parsed : 100;
+}

package/dist/scan/scanner-report.js

@@ -0,0 +1,82 @@
+import { spawnSync } from "node:child_process";
+import { existsSync } from "node:fs";
+import { resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+import { collectScanPackages, discoverScanProjects } from "./collect.js";
+const WORKER_TIMEOUT_MS = 180_000;
+export function tryScannerScan(targetPath, localReport, env = process.env) {
+    const projects = discoverScanProjects(resolve(targetPath));
+    if (projects.length === 0) {
+        return null;
+    }
+    const { byEcosystem } = collectScanPackages(projects);
+    const groups = [...byEcosystem.entries()].map(([ecosystem, packages]) => ({ ecosystem, packages }));
+    const total = groups.reduce((sum, group) => sum + group.packages.length, 0);
+    if (total === 0) {
+        return null;
+    }
+    const workerPath = [
+        fileURLToPath(new URL("./analyze-worker.js", import.meta.url)),
+        fileURLToPath(new URL("../../dist/scan/analyze-worker.js", import.meta.url))
+    ].find((candidate) => existsSync(candidate));
+    if (!workerPath) {
+        return null;
+    }
+    const worker = spawnSync(process.execPath, [workerPath, JSON.stringify(groups)], {
+        encoding: "utf8",
+        env,
+        timeout: WORKER_TIMEOUT_MS
+    });
+    if (worker.status !== 0 || !worker.stdout) {
+        return null;
+    }
+    let response;
+    try {
+        response = JSON.parse(worker.stdout);
+    }
+    catch {
+        return null;
+    }
+    return buildScannerReport(localReport, response, total);
+}
+export function buildScannerReport(localReport, response, analyzedCount) {
+    const findings = response.packages
+        .filter((pkg) => (pkg.action ?? "pass") !== "pass")
+        .map((pkg) => scannerFinding(pkg));
+    const warnCount = findings.filter((finding) => finding.severity === "warn").length;
+    const blockCount = findings.filter((finding) => finding.severity === "block").length;
+    return {
+        target: localReport.target,
+        status: statusFromAction(response.action),
+        projects: localReport.projects.map((project) => ({ ...project, findings: [] })),
+        findings,
+        errors: localReport.errors,
+        summary: {
+            projectCount: localReport.summary.projectCount,
+            dependencyCount: analyzedCount,
+            findingCount: findings.length,
+            warnCount,
+            blockCount,
+            errorCount: localReport.summary.errorCount
+        },
+        scanner: response
+    };
+}
+function scannerFinding(pkg) {
+    const action = pkg.action ?? "pass";
+    const top = pkg.findings[0];
+    return {
+        id: top?.category ?? top?.id ?? "scanner-finding",
+        severity: action === "block" ? "block" : "warn",
+        title: top?.title ?? pkg.reasons[0] ?? `scanner ${action} verdict`,
+        message: pkg.reasons.join("; ") || top?.title || `scanner returned ${action} (score ${pkg.score})`,
+        project: "",
+        location: `${pkg.name}@${pkg.version}`
+    };
+}
+function statusFromAction(action) {
+    if (action === "analysis_incomplete") {
+        return "unknown";
+    }
+    return action;
+}

package/dist/scan/staged.js

@@ -0,0 +1,173 @@
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { basename, dirname, join } from "node:path";
+import { createTheme } from "../presentation/theme.js";
+import { resolvePresentation } from "../presentation/mode.js";
+import { loadUserConfig } from "../config/settings.js";
+import { gitSync, gitTrimmed } from "../util/git.js";
+import { promptYesNo } from "../util/tty-prompt.js";
+import { GUARD_SELFTEST_ENV } from "../setup/git-hook.js";
+import { isLockfileName } from "./collect.js";
+import { tryScannerScan } from "./scanner-report.js";
+import { EXIT_USAGE } from "../commands/types.js";
+function emptyLocalReport(target) {
+    return {
+        target,
+        status: "unknown",
+        projects: [],
+        findings: [],
+        errors: [],
+        summary: {
+            projectCount: 0,
+            dependencyCount: 0,
+            findingCount: 0,
+            warnCount: 0,
+            blockCount: 0,
+            errorCount: 0
+        }
+    };
+}
+export function stagedLockfilePaths(cwd, env) {
+    const diff = gitSync(["diff", "--cached", "--name-only", "--diff-filter=ACMR", "-z"], { cwd, env });
+    if (!diff.ok) {
+        return null;
+    }
+    return diff.stdout.split("\0").filter(Boolean).filter((path) => isLockfileName(basename(path)));
+}
+export function materializeStaged(relPaths, cwd, env) {
+    const dir = mkdtempSync(join(tmpdir(), "dg-staged-"));
+    let count = 0;
+    for (const relative of relPaths) {
+        const blob = gitSync(["show", `:${relative}`], { cwd, env });
+        if (!blob.ok) {
+            continue;
+        }
+        const destination = join(dir, relative);
+        mkdirSync(dirname(destination), { recursive: true });
+        writeFileSync(destination, blob.stdout, "utf8");
+        count += 1;
+    }
+    return { dir, count };
+}
+export function runStagedScan(options) {
+    const env = options.env ?? process.env;
+    const cwd = options.cwd ?? process.cwd();
+    const theme = createTheme(resolvePresentation().color);
+    if (env[GUARD_SELFTEST_ENV] === "1") {
+        return { exitCode: 2, stdout: "", stderr: "dg guard-commit self-test: synthetic block (exit 2)\n" };
+    }
+    const root = gitTrimmed(["rev-parse", "--show-toplevel"], { cwd, env });
+    if (!root) {
+        return { exitCode: EXIT_USAGE, stdout: "", stderr: "dg scan --staged: not a git repository.\n" };
+    }
+    const lockfiles = stagedLockfilePaths(cwd, env);
+    if (lockfiles === null) {
+        return failOpen(theme, "could not read staged changes");
+    }
+    if (lockfiles.length === 0) {
+        return { exitCode: 0, stdout: "", stderr: "" };
+    }
+    const { dir, count } = materializeStaged(lockfiles, cwd, env);
+    try {
+        if (count === 0) {
+            return failOpen(theme, "could not read the staged lockfile contents");
+        }
+        const report = tryScannerScan(dir, emptyLocalReport(dir), env);
+        if (!report || !report.scanner) {
+            return failOpen(theme, "could not reach the scanner");
+        }
+        return decideStagedVerdict(report, env, options.hook);
+    }
+    finally {
+        rmSync(dir, { recursive: true, force: true });
+    }
+}
+export function decideStagedVerdict(report, env = process.env, hook = false) {
+    const theme = createTheme(resolvePresentation().color);
+    const action = report.scanner?.action ?? report.status;
+    const config = loadUserConfig(env);
+    const count = report.summary.dependencyCount;
+    if (action === "block") {
+        return { exitCode: 2, stdout: "", stderr: renderBlock(report.findings, theme) };
+    }
+    if (action === "error" || action === "unknown") {
+        return scannerUnavailable(theme);
+    }
+    if (action === "warn") {
+        return decideWarn(report.findings, theme, config.gitHook.onWarn, config.policy.mode, hook);
+    }
+    if (action === "analysis_incomplete") {
+        if (config.gitHook.onIncomplete === "block") {
+            return { exitCode: 1, stdout: "", stderr: incompleteNotice(theme, true) };
+        }
+        return { exitCode: 0, stdout: "", stderr: incompleteNotice(theme, false) };
+    }
+    return { exitCode: 0, stdout: "", stderr: `  ${theme.paint("pass", "✓")} ${theme.paint("muted", `DG verified ${count} staged package${count === 1 ? "" : "s"} — clean`)}\n` };
+}
+function decideWarn(findings, theme, onWarn, policyMode, hook) {
+    const summary = warnSummary(findings, theme);
+    if (onWarn === "allow") {
+        return { exitCode: 0, stdout: "", stderr: `${summary}  ${theme.paint("muted", "proceeding (gitHook.onWarn=allow)")}\n` };
+    }
+    if (onWarn === "block") {
+        return { exitCode: 1, stdout: "", stderr: `${summary}  ${theme.paint("muted", "commit blocked (gitHook.onWarn=block). Use")} ${theme.paint("accent", "git commit --no-verify")} ${theme.paint("muted", "to override.")}\n` };
+    }
+    const answer = hook ? null : promptYesNo(`${summary}  ${theme.paint("accent", "Commit anyway?")}`, false);
+    if (answer === null) {
+        const proceed = policyMode === "warn" || policyMode === "off";
+        if (proceed) {
+            return { exitCode: 0, stdout: "", stderr: `${summary}  ${theme.paint("muted", `proceeding (no terminal; policy ${policyMode})`)}\n` };
+        }
+        return { exitCode: 1, stdout: "", stderr: `${summary}  ${theme.paint("muted", `commit blocked (no terminal; policy ${policyMode}). Use`)} ${theme.paint("accent", "git commit --no-verify")} ${theme.paint("muted", "to override.")}\n` };
+    }
+    if (answer) {
+        return { exitCode: 0, stdout: "", stderr: "" };
+    }
+    return { exitCode: 1, stdout: "", stderr: `  ${theme.paint("muted", "Nothing was committed.")}\n` };
+}
+function warnSummary(findings, theme) {
+    const warns = findings.filter((finding) => finding.severity === "warn");
+    const lines = [`  ${theme.paint("warn", "⚠")} ${theme.paint("warn", `DG flagged ${warns.length} staged package${warns.length === 1 ? "" : "s"}`)}`];
+    for (const finding of warns.slice(0, 5)) {
+        lines.push(`    ${theme.paint("warn", "⚠")} ${finding.location}  ${theme.paint("muted", finding.message)}`);
+    }
+    if (warns.length > 5) {
+        lines.push(`    ${theme.paint("muted", `…and ${warns.length - 5} more`)}`);
+    }
+    return `${lines.join("\n")}\n`;
+}
+function renderBlock(findings, theme) {
+    const blocks = findings.filter((finding) => finding.severity === "block");
+    const lines = [
+        "",
+        `  ${theme.paint("block", "✘ DG blocked this commit")} ${theme.paint("muted", "— a staged dependency is unsafe")}`
+    ];
+    for (const finding of blocks) {
+        lines.push(`    ${theme.paint("block", "✘")} ${finding.location}  ${theme.paint("muted", finding.message)}`);
+    }
+    lines.push(`  ${theme.paint("muted", "Details:")}  ${theme.paint("accent", `dg verify ${blocks[0]?.location ?? "<package>"}`)}`);
+    lines.push(`  ${theme.paint("muted", "Override:")} ${theme.paint("accent", "git commit --no-verify")} ${theme.paint("muted", "(installs nothing — only skips the check)")}`);
+    lines.push("");
+    return `${lines.join("\n")}\n`;
+}
+function incompleteNotice(theme, blocked) {
+    const head = `  ${theme.paint("unknown", "?")} ${theme.paint("muted", "DG could not fully analyze the staged change")}`;
+    if (blocked) {
+        return `${head}\n  ${theme.paint("muted", "commit blocked (gitHook.onIncomplete=block). Use")} ${theme.paint("accent", "git commit --no-verify")} ${theme.paint("muted", "to override.")}\n`;
+    }
+    return `${head} ${theme.paint("muted", "— proceeding")}\n`;
+}
+function failOpen(theme, reason) {
+    return {
+        exitCode: 0,
+        stdout: "",
+        stderr: `  ${theme.paint("unknown", "?")} ${theme.paint("muted", `DG could not verify (${reason}) — commit allowed`)}\n`
+    };
+}
+function scannerUnavailable(theme) {
+    return {
+        exitCode: 0,
+        stdout: "",
+        stderr: `  ${theme.paint("unknown", "?")} ${theme.paint("muted", "dg: scanner unavailable — staged changes not verified")}\n`
+    };
+}

package/dist/scan/types.js

@@ -0,0 +1 @@
+export {};

package/dist/scan-ui/LegacyApp.js

@@ -0,0 +1,156 @@
+import { jsx as _jsx, jsxs as _jsxs, Fragment as _Fragment } from "react/jsx-runtime";
+import { useEffect, useLayoutEffect, useCallback, useRef } from "react";
+import { Box, Text, useApp, useInput } from "ink";
+import { getStoredApiKey } from "./shims.js";
+import { useScan } from "./hooks/useScan.js";
+import { Spinner } from "./components/Spinner.js";
+import { ProgressBar } from "./components/ProgressBar.js";
+import { InteractiveResultsView } from "./components/InteractiveResultsView.js";
+import { ErrorView } from "./components/ErrorView.js";
+import { ProjectSelector } from "./components/ProjectSelector.js";
+import { SetupBanner } from "./components/SetupBanner.js";
+import { useTerminalSize } from "./hooks/useTerminalSize.js";
+import { scanExitCode } from "./shims.js";
+import { enterTui, leaveTui, showCursor } from "./alt-screen.js";
+export const App = ({ config, userStatus, scanUsage, setupIssues = [], initialView }) => {
+    const { state, scanSelectedProjects, restartSelection } = useScan(config);
+    const { exit } = useApp();
+    useTerminalSize();
+    const prevPhaseRef = useRef(state.phase);
+    const altScreenActiveRef = useRef(false);
+    // Enter the alternate screen ONLY after we leave the discovering phase.
+    // The spinner stays inline on the user's main terminal during discovery so
+    // they see "Searching for dependencies..." in their normal scrollback rather
+    // than a cleared screen. useLayoutEffect runs synchronously after React
+    // commits the new tree but before Ink writes the next frame to stdout, so
+    // post-discovery content lands directly in the alt buffer (avoiding the
+    // "blank until keypress" diff-tracker mismatch documented in alt-screen.ts).
+    useLayoutEffect(() => {
+        if (state.phase === "discovering")
+            return;
+        if (!process.stdout.isTTY)
+            return;
+        if (altScreenActiveRef.current)
+            return;
+        enterTui();
+        altScreenActiveRef.current = true;
+    }, [state.phase]);
+    // Cleanup on unmount: leave alt screen, restore cursor.
+    useEffect(() => {
+        return () => {
+            if (altScreenActiveRef.current) {
+                leaveTui();
+                altScreenActiveRef.current = false;
+            }
+            else {
+                showCursor();
+            }
+        };
+    }, []);
+    // Track phase transitions (Ink handles repainting automatically)
+    useEffect(() => {
+        prevPhaseRef.current = state.phase;
+    }, [state.phase]);
+    const leaveAltScreen = useCallback(() => {
+        if (altScreenActiveRef.current) {
+            leaveTui();
+            altScreenActiveRef.current = false;
+        }
+        else {
+            showCursor();
+        }
+    }, []);
+    const handleResultsExit = useCallback(() => {
+        if (state.phase === "results") {
+            process.exitCode = scanExitCode(state.result.action, config.mode);
+        }
+        leaveAltScreen();
+        exit();
+    }, [state, config, exit, leaveAltScreen]);
+    // Exit alt screen BEFORE writing messages so they appear on the main screen.
+    // `delayMs` keeps the alt-screen panel visible for that long before tearing
+    // down (default 0 — fire-and-exit). Used by the free_cap_reached path to
+    // give the free_cap_reached path time to read the "sign in to unlock" panel.
+    const exitWithMessage = useCallback((message, exitCode, delayMs = 0) => {
+        process.exitCode = exitCode;
+        if (delayMs === 0) {
+            leaveAltScreen();
+            process.stderr.write(message);
+            return setTimeout(() => exit(), 0);
+        }
+        return setTimeout(() => {
+            leaveAltScreen();
+            process.stderr.write(message);
+            exit();
+        }, delayMs);
+    }, [exit, leaveAltScreen]);
+    useEffect(() => {
+        if (state.phase === "empty") {
+            const timer = exitWithMessage(`${state.message}\n`, 0);
+            return () => clearTimeout(timer);
+        }
+        if (state.phase === "error") {
+            const timer = exitWithMessage(`Error: ${state.error.message}\n`, 3);
+            return () => clearTimeout(timer);
+        }
+        // Reflect the verdict in the process exit code as soon as results render,
+        // not only when the user dismisses the view — a piped/killed/non-TTY exit
+        // must still carry the right code (an unverified scan is never a silent 0).
+        if (state.phase === "results") {
+            process.exitCode = scanExitCode(state.result.action, config.mode);
+        }
+    }, [state, config, exitWithMessage]);
+    useInput((input, key) => {
+        if (state.phase === "discovering" || state.phase === "scanning") {
+            if (input === "q" || key.escape) {
+                process.exitCode = 0;
+                leaveAltScreen();
+                exit();
+            }
+        }
+        if (state.phase === "free_cap_reached") {
+            if (input === "q" || key.escape || key.return) {
+                process.exitCode = 1;
+                leaveAltScreen();
+                exit();
+            }
+        }
+    });
+    const content = (() => {
+        switch (state.phase) {
+            case "discovering": {
+                if (!state.found || !state.path) {
+                    return _jsx(Spinner, { label: "Scanning for projects\u2026" });
+                }
+                const path = state.path.length > 52 ? `…${state.path.slice(-51)}` : state.path;
+                return _jsx(Spinner, { label: `Found ${state.found} · ${path}` });
+            }
+            case "selecting":
+                return (_jsx(ProjectSelector, { projects: state.projects, onConfirm: scanSelectedProjects, onCancel: () => { process.exitCode = 0; leaveAltScreen(); exit(); }, userStatus: userStatus }));
+            case "scanning":
+                return (_jsx(ProgressBar, { value: state.done, total: state.total, label: state.currentBatch.length > 0
+                        ? state.currentBatch[state.currentBatch.length - 1]
+                        : undefined }));
+            case "results":
+                return (_jsx(InteractiveResultsView, { result: state.result, config: config, durationMs: state.durationMs, onExit: handleResultsExit, onBack: restartSelection ?? undefined, discoveredTotal: state.discoveredTotal, userStatus: userStatus, scanUsage: scanUsage, initialView: initialView }));
+            case "empty":
+                return _jsx(Text, { dimColor: true, children: state.message });
+            case "error":
+                return _jsx(ErrorView, { error: state.error });
+            case "free_cap_reached": {
+                let hasKey = false;
+                try {
+                    hasKey = !!getStoredApiKey();
+                }
+                catch { /* ignore — best-effort */ }
+                return (_jsxs(Box, { flexDirection: "column", paddingLeft: 2, children: [hasKey ? (_jsxs(_Fragment, { children: [_jsx(Text, { color: "yellow", bold: true, children: "Your session expired." }), _jsx(Text, { children: " " }), _jsxs(Text, { children: ["Run ", _jsx(Text, { color: "cyan", bold: true, children: "dg logout" }), " then ", _jsx(Text, { color: "cyan", bold: true, children: "dg login" }), " to re-authenticate."] })] })) : state.capReason === "prefix_cap" ? (_jsxs(_Fragment, { children: [_jsx(Text, { color: "yellow", bold: true, children: "Too many anonymous devices from your network this month." }), _jsxs(Text, { children: ["Sign in with ", _jsx(Text, { color: "cyan", bold: true, children: "dg login" }), " to keep scanning."] })] })) : (_jsxs(_Fragment, { children: [_jsxs(Text, { color: "yellow", bold: true, children: ["Free monthly limit reached (", state.scansUsed.toLocaleString(), "/", state.maxScans.toLocaleString(), " packages)."] }), _jsxs(Text, { children: ["Upgrade to Pro with ", _jsx(Text, { color: "cyan", bold: true, children: "dg upgrade" }), " for 250k packages/month."] })] })), _jsx(Text, { children: " " }), _jsx(Text, { dimColor: true, children: "[q] quit" })] }));
+            }
+        }
+    })();
+    // Show the setup banner above the results — but not during empty/error/
+    // free_cap_reached phases where it would compete with the message the user
+    // actually needs to read.
+    const showBanner = state.phase === "selecting" &&
+        setupIssues.length > 0;
+    return (_jsxs(Box, { flexDirection: "column", children: [showBanner ? _jsx(SetupBanner, { issues: setupIssues }) : null, content] }));
+};