npm - agentaudit - Versions diffs - 3.10.2 → 3.10.3 - Mend

agentaudit 3.10.2 → 3.10.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/cli.mjs +668 -12
package/package.json +1 -1

package/cli.mjs CHANGED Viewed

@@ -9,8 +9,11 @@
  *   scan <url> [url...]   Quick static scan (regex)
  *   audit <url> [url...]  Deep LLM-powered security audit
  *   lookup <name>         Look up package in registry
+ *   dashboard             Interactive full-screen dashboard
+ *   leaderboard           Top contributors ranking
+ *   benchmark             LLM model performance comparison
  *   model [name|reset]    Configure LLM provider + model
- *   setup                 Create account / enter API key
+ *   setup                 Log in to agentaudit.dev (for report uploads)
  *   status                Show current config + auth status
  *   help [command]        Show help
  *
@@ -417,12 +420,13 @@ async function registerAgent(agentName) {
 }
 async function setupCommand() {
-  console.log(`  ${c.bold}Setup${c.reset}`);
+  console.log(`  ${c.bold}AgentAudit Login${c.reset}`);
+  console.log(`  ${c.dim}Create an account to upload audit reports to agentaudit.dev${c.reset}`);
   console.log();
   const existing = loadCredentials();
   if (existing) {
-    console.log(`  ${icons.safe}  Already configured as ${c.bold}${existing.agent_name}${c.reset}`);
+    console.log(`  ${icons.safe}  Already logged in as ${c.bold}${existing.agent_name}${c.reset}`);
     console.log(`  ${c.dim}Key: ${existing.api_key.slice(0, 8)}...${c.reset}`);
     console.log();
     const answer = await askQuestion(`  Reconfigure? ${c.dim}(y/N)${c.reset} `);
@@ -567,6 +571,120 @@ function severityIcon(sev) {
   }
 }
+// ── TUI Rendering Helpers ───────────────────────────────
+const term = {
+  clearScreen: '\x1b[2J\x1b[H',
+  hideCursor: '\x1b[?25l',
+  showCursor: '\x1b[?25h',
+  altScreenOn: '\x1b[?1049h',
+  altScreenOff: '\x1b[?1049l',
+  moveTo: (r, col) => `\x1b[${r};${col}H`,
+  clearLine: '\x1b[2K',
+  underline: '\x1b[4m',
+  noUnderline: '\x1b[24m',
+};
+const BOX = { tl: '╭', tr: '╮', bl: '╰', br: '╯', h: '─', v: '│', lt: '├', rt: '┤', tt: '┬', bt: '┴', x: '┼' };
+// Strip ANSI escape codes for length calculations
+function stripAnsi(str) {
+  return str.replace(/\x1b\[[0-9;]*[a-zA-Z]/g, '');
+}
+function visLen(str) {
+  return stripAnsi(str).length;
+}
+function padRight(str, len) {
+  const diff = len - visLen(str);
+  return diff > 0 ? str + ' '.repeat(diff) : str;
+}
+function padLeft(str, len) {
+  const diff = len - visLen(str);
+  return diff > 0 ? ' '.repeat(diff) + str : str;
+}
+function drawBox(title, contentLines, width) {
+  const inner = width - 4; // 2 for "│ " + 2 for " │"
+  const lines = [];
+  const titleStr = title ? ` ${title} ` : '';
+  const titleLen = visLen(titleStr);
+  const topDash = BOX.h.repeat(Math.max(1, inner + 2 - titleLen));
+  lines.push(`  ${BOX.tl}${c.dim}─${c.reset}${c.bold}${titleStr}${c.reset}${c.dim}${topDash}${c.reset}${BOX.tr}`);
+  for (const line of contentLines) {
+    lines.push(`  ${BOX.v} ${padRight(line, inner + 1)}${BOX.v}`);
+  }
+  lines.push(`  ${BOX.bl}${c.dim}${BOX.h.repeat(inner + 2)}${c.reset}${BOX.br}`);
+  return lines;
+}
+// ████████░░░░ proportional bar
+function renderBar(value, maxValue, maxWidth) {
+  if (maxValue <= 0 || value <= 0) return c.dim + '░'.repeat(maxWidth) + c.reset;
+  const filled = Math.min(Math.round((value / maxValue) * maxWidth), maxWidth);
+  const empty = maxWidth - filled;
+  return c.cyan + '█'.repeat(filled) + c.dim + '░'.repeat(empty) + c.reset;
+}
+// [████████░░] 89%
+function renderGauge(value, max, width) {
+  const pct = max > 0 ? Math.round((value / max) * 100) : 0;
+  const inner = width - 2; // subtract brackets
+  const filled = Math.min(Math.round((pct / 100) * inner), inner);
+  const empty = inner - filled;
+  const color = pct >= 80 ? c.green : pct >= 50 ? c.yellow : c.red;
+  return `[${color}${'█'.repeat(filled)}${c.dim}${'░'.repeat(empty)}${c.reset}] ${pct}%`;
+}
+// ●●●○○ colored severity dots
+function severityDots(breakdown) {
+  const parts = [];
+  const critical = breakdown?.critical || 0;
+  const high = breakdown?.high || 0;
+  const medium = breakdown?.medium || 0;
+  const low = breakdown?.low || 0;
+  for (let i = 0; i < Math.min(critical, 3); i++) parts.push(`${c.red}●${c.reset}`);
+  for (let i = 0; i < Math.min(high, 3); i++) parts.push(`${c.red}●${c.reset}`);
+  for (let i = 0; i < Math.min(medium, 2); i++) parts.push(`${c.yellow}●${c.reset}`);
+  for (let i = 0; i < Math.min(low, 2); i++) parts.push(`${c.blue}●${c.reset}`);
+  // fill remaining with empty dots up to 5
+  while (parts.length < 5) parts.push(`${c.dim}○${c.reset}`);
+  return parts.slice(0, 5).join('');
+}
+// ▁▂▃▅▇█▆▃ mini sparkline
+function sparkline(values) {
+  const chars = '▁▂▃▄▅▆▇█';
+  if (!values || values.length === 0) return '';
+  const max = Math.max(...values, 1);
+  return values.map(v => {
+    const idx = Math.min(Math.round((v / max) * (chars.length - 1)), chars.length - 1);
+    return chars[idx];
+  }).join('');
+}
+function fmtNum(n) {
+  if (n == null) return '0';
+  return n.toLocaleString('en-US');
+}
+function fmtPct(n) {
+  if (n == null) return '0%';
+  return Math.round(n) + '%';
+}
+function dashboardBanner() {
+  const ver = getVersion();
+  return [
+    `  ${BOX.tl}${c.dim}${BOX.h.repeat(35)}${c.reset}${BOX.tr}`,
+    `  ${BOX.v}  ${c.bold}${c.cyan}⛨  AgentAudit${c.reset}  ${c.dim}v${ver}${c.reset}${' '.repeat(Math.max(0, 19 - ver.length))}${BOX.v}`,
+    `  ${BOX.v}  ${c.dim}Security Registry for AI Agents${c.reset}  ${BOX.v}`,
+    `  ${BOX.bl}${c.dim}${BOX.h.repeat(35)}${c.reset}${BOX.br}`,
+  ];
+}
 // ── File Collection (same logic as MCP server) ──────────
 function formatApiError(error, provider, statusCode) {
@@ -1940,6 +2058,443 @@ async function checkPackage(name) {
   return data;
 }
+// ── Dashboard / Leaderboard / Benchmark Commands ────────
+async function fetchDashboardData() {
+  const creds = loadCredentials();
+  const fetches = [
+    fetch(`${REGISTRY_URL}/api/stats`, { signal: AbortSignal.timeout(15_000) }).then(r => r.ok ? r.json() : null).catch(() => null),
+    fetch(`${REGISTRY_URL}/api/leaderboard?limit=50`, { signal: AbortSignal.timeout(15_000) }).then(r => r.ok ? r.json() : null).catch(() => null),
+    fetch(`${REGISTRY_URL}/api/benchmark`, { signal: AbortSignal.timeout(15_000) }).then(r => r.ok ? r.json() : null).catch(() => null),
+  ];
+  if (creds?.agent_name && creds.agent_name !== 'env') {
+    fetches.push(
+      fetch(`${REGISTRY_URL}/api/agents/${encodeURIComponent(creds.agent_name)}`, {
+        headers: { 'Authorization': `Bearer ${creds.api_key}` },
+        signal: AbortSignal.timeout(15_000),
+      }).then(r => r.ok ? r.json() : null).catch(() => null)
+    );
+  } else {
+    fetches.push(Promise.resolve(null));
+  }
+  const [stats, leaderboard, benchmark, agent] = await Promise.all(fetches);
+  return { stats, leaderboard, benchmark, agent, creds };
+}
+function renderOverviewTab(data, width) {
+  const { stats, agent, leaderboard, creds } = data;
+  const lines = [];
+  const halfW = Math.min(Math.floor((width - 6) / 2), 40);
+  // Profile box
+  const profileLines = [];
+  if (agent && creds) {
+    // Find rank
+    let rank = '-';
+    if (leaderboard && Array.isArray(leaderboard)) {
+      const idx = leaderboard.findIndex(e => e.agent_name === creds.agent_name);
+      if (idx >= 0) rank = `#${idx + 1} of ${leaderboard.length}`;
+    }
+    profileLines.push(`${c.bold}${creds.agent_name}${c.reset}${' '.repeat(Math.max(1, halfW - 14 - visLen(creds.agent_name) - visLen(rank)))}${c.dim}${rank}${c.reset}`);
+    profileLines.push(`Points     ${c.bold}${fmtNum(agent.total_points)}${c.reset}`);
+    profileLines.push(`Audits     ${c.bold}${fmtNum(agent.total_reports)}${c.reset}`);
+    profileLines.push(`Findings   ${c.bold}${fmtNum(agent.total_findings_submitted)}${c.reset} ${c.dim}(${fmtNum(agent.total_findings_confirmed)} confirmed)${c.reset}`);
+    const sev = agent.severity_breakdown || {};
+    profileLines.push('');
+    const sevParts = [];
+    if (sev.critical) sevParts.push(`${c.red}${sev.critical} crit${c.reset}`);
+    if (sev.high) sevParts.push(`${c.red}${sev.high} high${c.reset}`);
+    if (sev.medium) sevParts.push(`${c.yellow}${sev.medium} med${c.reset}`);
+    if (sev.low) sevParts.push(`${c.blue}${sev.low} low${c.reset}`);
+    profileLines.push(sevParts.join('  ') || `${c.dim}no findings yet${c.reset}`);
+  } else {
+    profileLines.push(`${c.dim}Not logged in${c.reset}`);
+    profileLines.push(`${c.dim}Run ${c.cyan}agentaudit setup${c.dim} to create account${c.reset}`);
+  }
+  // Registry box
+  const regLines = [];
+  if (stats) {
+    regLines.push(`Packages Audited    ${c.bold}${fmtNum(stats.skills_audited)}${c.reset}`);
+    regLines.push(`Total Findings      ${c.bold}${fmtNum(stats.total_findings)}${c.reset}`);
+    regLines.push(`Total Reports       ${c.bold}${fmtNum(stats.total_reports)}${c.reset}`);
+    regLines.push(`Contributors        ${c.bold}${fmtNum(stats.reporters)}${c.reset}`);
+    regLines.push(`Avg Trust Score     ${c.bold}${stats.avg_trust_score || 0}${c.reset}`);
+    regLines.push('');
+    const parts = [];
+    if (stats.safe_packages) parts.push(`${c.green}●${fmtNum(stats.safe_packages)} safe${c.reset}`);
+    if (stats.caution_packages) parts.push(`${c.yellow}●${fmtNum(stats.caution_packages)} caution${c.reset}`);
+    if (stats.unsafe_packages) parts.push(`${c.red}●${fmtNum(stats.unsafe_packages)} unsafe${c.reset}`);
+    regLines.push(parts.join('  ') || `${c.dim}no packages yet${c.reset}`);
+  } else {
+    regLines.push(`${c.dim}Could not load registry stats${c.reset}`);
+  }
+  const boxW = halfW + 4;
+  const profileBox = drawBox('Your Profile', profileLines, boxW);
+  const registryBox = drawBox('Registry', regLines, boxW);
+  // Side by side if wide enough, stacked otherwise
+  if (width >= boxW * 2 + 4) {
+    const maxLen = Math.max(profileBox.length, registryBox.length);
+    while (profileBox.length < maxLen) profileBox.push(`  ${BOX.v} ${' '.repeat(halfW + 1)}${BOX.v}`);
+    while (registryBox.length < maxLen) registryBox.push(`  ${BOX.v} ${' '.repeat(halfW + 1)}${BOX.v}`);
+    for (let i = 0; i < maxLen; i++) {
+      lines.push(profileBox[i] + '  ' + registryBox[i].trimStart());
+    }
+  } else {
+    lines.push(...profileBox, '', ...registryBox);
+  }
+  return lines;
+}
+function renderLeaderboardTab(data, width, opts = {}) {
+  const { leaderboard, creds } = data;
+  const lines = [];
+  const maxNameW = 20;
+  const barW = Math.min(Math.max(10, width - 70), 30);
+  if (!leaderboard || !Array.isArray(leaderboard) || leaderboard.length === 0) {
+    lines.push(`  ${c.dim}No leaderboard data available${c.reset}`);
+    return lines;
+  }
+  const maxPts = leaderboard[0]?.total_points || 1;
+  const medals = ['🥇', '🥈', '🥉'];
+  for (let i = 0; i < leaderboard.length; i++) {
+    const entry = leaderboard[i];
+    const name = (entry.agent_name || '').slice(0, maxNameW);
+    const isMe = creds && entry.agent_name === creds.agent_name;
+    const prefix = i < 3 ? ` ${medals[i]} ` : `  ${c.dim}#${String(i + 1).padStart(2)}${c.reset} `;
+    const nameStr = isMe ? `${c.green}${c.bold}${name}${c.reset}` : name;
+    const bar = renderBar(entry.total_points || 0, maxPts, barW);
+    const pts = padLeft(`${fmtNum(entry.total_points || 0)} pts`, 12);
+    const audits = padLeft(`${fmtNum(entry.total_reports || 0)} audits`, 12);
+    const extra = entry.monthly_reports != null ? padLeft(`${fmtNum(entry.monthly_reports)} this mo`, 12) : '';
+    lines.push(`${prefix}${padRight(nameStr, maxNameW + (isMe ? 14 : 0))}  ${bar}  ${pts}  ${audits}${extra}`);
+    // Separator after top 3
+    if (i === 2 && leaderboard.length > 3) {
+      lines.push(`  ${c.dim}${'─'.repeat(Math.min(width - 4, 76))}${c.reset}`);
+    }
+  }
+  // Highlight current user if not in top list
+  if (creds && !leaderboard.find(e => e.agent_name === creds.agent_name)) {
+    lines.push('');
+    lines.push(`  ${c.dim}← you are not on this leaderboard yet${c.reset}`);
+  }
+  return lines;
+}
+function renderBenchmarkTab(data, width) {
+  const { benchmark } = data;
+  const lines = [];
+  if (!benchmark || !benchmark.models || benchmark.models.length === 0) {
+    lines.push(`  ${c.dim}No benchmark data available${c.reset}`);
+    return lines;
+  }
+  const overview = benchmark.overview || {};
+  lines.push(`  ${c.bold}${fmtNum(benchmark.models.length)}${c.reset} models ${c.dim}│${c.reset} ${c.bold}${fmtNum(overview.total_reports || 0)}${c.reset} audits ${c.dim}│${c.reset} ${c.bold}${fmtNum(overview.total_findings || 0)}${c.reset} findings`);
+  lines.push('');
+  // Header
+  const nameW = 26;
+  const hdr = `  ${padRight(`${c.bold}Model${c.reset}`, nameW + 9)}  ${padRight('Audits', 8)}  ${padRight('Risk', 8)}  ${padRight('Detection', 16)}  Severity`;
+  lines.push(hdr);
+  lines.push(`  ${c.dim}${'─'.repeat(Math.min(width - 4, 80))}${c.reset}`);
+  for (const m of benchmark.models) {
+    const name = (m.audit_model || 'unknown').slice(0, nameW - 2);
+    const audits = padLeft(fmtNum(m.total_audits), 6);
+    const riskVal = parseFloat(m.avg_risk_score) || 0;
+    const riskColor = riskVal <= 20 ? c.green : riskVal <= 40 ? c.yellow : c.red;
+    const risk = `${riskColor}${padLeft(String(Math.round(riskVal)), 3)}${c.reset}`;
+    const detection = renderGauge(m.detection_rate || 0, 100, 10);
+    const dots = severityDots(m.severity_breakdown);
+    lines.push(`  ${padRight(name, nameW)}  ${audits}   ${risk}   ${detection}  ${dots}`);
+  }
+  // Vulnerability landscape
+  const cats = benchmark.global_categories;
+  if (cats && cats.length > 0) {
+    lines.push('');
+    const catTotal = cats.reduce((sum, cat) => sum + (cat.count || 0), 0) || 1;
+    const catW = Math.min(width - 8, 56);
+    const catLines = [];
+    for (const cat of cats.slice(0, 6)) {
+      const pct = Math.round((cat.count / catTotal) * 100);
+      const barFill = Math.round((cat.count / catTotal) * (catW - 30));
+      catLines.push(`${padRight(cat.category || 'Other', 22)} ${c.cyan}${'█'.repeat(Math.max(1, barFill))}${c.dim}${'░'.repeat(Math.max(0, catW - 30 - barFill))}${c.reset}  ${padLeft(fmtPct(pct), 4)}`);
+    }
+    lines.push(...drawBox('Vulnerability Landscape', catLines, catW + 4));
+  }
+  // Cross-model findings
+  const cross = benchmark.cross_model_findings;
+  if (cross && cross.length > 0) {
+    lines.push('');
+    lines.push(`  ${c.bold}Cross-Model Findings${c.reset} ${c.dim}(confirmed by multiple models)${c.reset}`);
+    for (const cf of cross.slice(0, 5)) {
+      const models = (cf.models || []).slice(0, 3).join(', ');
+      lines.push(`  ${c.dim}•${c.reset} ${cf.title || cf.pattern_id}  ${c.dim}[${cf.model_count} models: ${models}]${c.reset}`);
+    }
+  }
+  return lines;
+}
+async function leaderboardCommand(args) {
+  const tabArg = args.find((a, i) => args[i - 1] === '--tab') || 'overall';
+  const showAll = args.includes('--all');
+  const limit = showAll ? 200 : 20;
+  if (!quietMode && !jsonMode) {
+    banner();
+    process.stdout.write(`  ${c.dim}Loading leaderboard...${c.reset}`);
+  }
+  let data;
+  try {
+    const url = `${REGISTRY_URL}/api/leaderboard?tab=${encodeURIComponent(tabArg)}&limit=${limit}`;
+    const res = await fetch(url, { signal: AbortSignal.timeout(15_000) });
+    if (!res.ok) throw new Error(`HTTP ${res.status}`);
+    data = await res.json();
+  } catch (err) {
+    if (!jsonMode) {
+      process.stdout.write('\r\x1b[2K');
+      console.log(`  ${c.red}Failed to load leaderboard: ${err.message}${c.reset}`);
+    }
+    process.exitCode = 1;
+    return;
+  }
+  if (jsonMode) {
+    console.log(JSON.stringify(data, null, 2));
+    return;
+  }
+  process.stdout.write('\r\x1b[2K');
+  const creds = loadCredentials();
+  console.log(`  ${c.bold}Leaderboard${c.reset}  ${c.dim}${tabArg}${c.reset}`);
+  console.log();
+  if (!Array.isArray(data) || data.length === 0) {
+    console.log(`  ${c.dim}No data available${c.reset}`);
+    return;
+  }
+  const maxPts = data[0]?.total_points || 1;
+  const medals = ['🥇', '🥈', '🥉'];
+  const barW = 24;
+  for (let i = 0; i < data.length; i++) {
+    const entry = data[i];
+    const name = (entry.agent_name || '').slice(0, 20);
+    const isMe = creds && entry.agent_name === creds.agent_name;
+    const prefix = i < 3 ? ` ${medals[i]} ` : `  #${String(i + 1).padStart(2)}  `;
+    const nameStr = isMe ? `${c.green}${c.bold}${name}${c.reset}` : name;
+    const bar = renderBar(entry.total_points || 0, maxPts, barW);
+    const pts = `${fmtNum(entry.total_points || 0)} pts`;
+    const audits = `${fmtNum(entry.total_reports || 0)} audits`;
+    console.log(`${prefix}${padRight(nameStr, 22 + (isMe ? 14 : 0))}  ${bar}  ${padLeft(pts, 12)}  ${padLeft(audits, 10)}`);
+    if (i === 2 && data.length > 3) {
+      console.log(`  ${c.dim}${'─'.repeat(74)}${c.reset}`);
+    }
+  }
+  console.log();
+}
+async function benchmarkCommand(args) {
+  if (!quietMode && !jsonMode) {
+    banner();
+    process.stdout.write(`  ${c.dim}Loading benchmark data...${c.reset}`);
+  }
+  let data;
+  try {
+    const res = await fetch(`${REGISTRY_URL}/api/benchmark`, { signal: AbortSignal.timeout(15_000) });
+    if (!res.ok) throw new Error(`HTTP ${res.status}`);
+    data = await res.json();
+  } catch (err) {
+    if (!jsonMode) {
+      process.stdout.write('\r\x1b[2K');
+      console.log(`  ${c.red}Failed to load benchmark: ${err.message}${c.reset}`);
+    }
+    process.exitCode = 1;
+    return;
+  }
+  if (jsonMode) {
+    console.log(JSON.stringify(data, null, 2));
+    return;
+  }
+  process.stdout.write('\r\x1b[2K');
+  const width = process.stdout.columns || 80;
+  const benchLines = renderBenchmarkTab({ benchmark: data }, width);
+  console.log(`  ${c.bold}Model Benchmark${c.reset} ${c.dim}— LLM Audit Performance${c.reset}`);
+  console.log();
+  for (const line of benchLines) console.log(line);
+  console.log();
+}
+async function dashboardCommand() {
+  if (!process.stdin.isTTY || !process.stdout.isTTY) {
+    console.log(`${c.red}Error: dashboard requires an interactive terminal${c.reset}`);
+    console.log(`${c.dim}Tip: use ${c.cyan}agentaudit leaderboard${c.dim} or ${c.cyan}agentaudit benchmark${c.dim} for non-interactive output${c.reset}`);
+    process.exitCode = 1;
+    return;
+  }
+  const tabs = [
+    { key: '1', label: 'Overview' },
+    { key: '2', label: 'Leaderboard' },
+    { key: '3', label: 'Benchmark' },
+  ];
+  let activeTab = 0;
+  let scrollOffset = 0;
+  let running = true;
+  // Enter alt screen
+  process.stdout.write(term.altScreenOn + term.hideCursor);
+  // Loading screen
+  process.stdout.write(term.clearScreen);
+  const bannerLines = dashboardBanner();
+  for (const line of bannerLines) process.stdout.write(line + '\n');
+  process.stdout.write(`\n  ${c.dim}Loading data...${c.reset}\n`);
+  // Fetch data
+  const data = await fetchDashboardData();
+  function render() {
+    const cols = process.stdout.columns || 80;
+    const rows = process.stdout.rows || 24;
+    let output = term.clearScreen;
+    // Banner
+    const bLines = dashboardBanner();
+    for (const line of bLines) output += line + '\n';
+    output += '\n';
+    // Tab bar
+    let tabBar = '  ';
+    for (let i = 0; i < tabs.length; i++) {
+      const tab = tabs[i];
+      if (i === activeTab) {
+        tabBar += `${c.bold}${c.cyan}${term.underline} [${tab.key}] ${tab.label} ${term.noUnderline}${c.reset}`;
+      } else {
+        tabBar += `${c.dim} [${tab.key}] ${tab.label} ${c.reset}`;
+      }
+      if (i < tabs.length - 1) tabBar += `${c.dim}──${c.reset}`;
+    }
+    output += tabBar + '\n\n';
+    // Tab content
+    let contentLines = [];
+    switch (activeTab) {
+      case 0:
+        contentLines = renderOverviewTab(data, cols);
+        break;
+      case 1:
+        contentLines = renderLeaderboardTab(data, cols);
+        break;
+      case 2:
+        contentLines = renderBenchmarkTab(data, cols);
+        break;
+    }
+    // Apply scroll
+    const availableRows = rows - 10; // header + tab bar + footer
+    const maxScroll = Math.max(0, contentLines.length - availableRows);
+    scrollOffset = Math.min(scrollOffset, maxScroll);
+    scrollOffset = Math.max(0, scrollOffset);
+    const visible = contentLines.slice(scrollOffset, scrollOffset + availableRows);
+    for (const line of visible) output += line + '\n';
+    // Footer
+    output += '\n';
+    const scrollInfo = contentLines.length > availableRows ? `  ${c.dim}[${scrollOffset + 1}-${Math.min(scrollOffset + availableRows, contentLines.length)}/${contentLines.length}]${c.reset}` : '';
+    output += `  ${c.dim}←→ tab  ↑↓ scroll  1-3 jump  q quit${c.reset}${scrollInfo}\n`;
+    process.stdout.write(output);
+  }
+  function cleanup() {
+    if (!running) return;
+    running = false;
+    process.stdout.write(term.showCursor + term.altScreenOff);
+    try { process.stdin.setRawMode(false); } catch {}
+    process.stdin.pause();
+    process.stdin.removeListener('data', onKeypress);
+    process.stdout.removeListener('resize', render);
+  }
+  function onKeypress(key) {
+    if (!running) return;
+    // q or Ctrl+C = quit
+    if (key === 'q' || key === '\x03') {
+      cleanup();
+      return;
+    }
+    // Tab navigation
+    if (key === '\x1b[C' || key === '\t') { // Right arrow or Tab
+      activeTab = (activeTab + 1) % tabs.length;
+      scrollOffset = 0;
+      render();
+      return;
+    }
+    if (key === '\x1b[D') { // Left arrow
+      activeTab = (activeTab - 1 + tabs.length) % tabs.length;
+      scrollOffset = 0;
+      render();
+      return;
+    }
+    // Number keys
+    if (key === '1') { activeTab = 0; scrollOffset = 0; render(); return; }
+    if (key === '2') { activeTab = 1; scrollOffset = 0; render(); return; }
+    if (key === '3') { activeTab = 2; scrollOffset = 0; render(); return; }
+    // Scroll
+    if (key === '\x1b[A' || key === 'k') { scrollOffset = Math.max(0, scrollOffset - 1); render(); return; } // Up
+    if (key === '\x1b[B' || key === 'j') { scrollOffset++; render(); return; } // Down
+    if (key === '\x1b[5~') { scrollOffset = Math.max(0, scrollOffset - 10); render(); return; } // PageUp
+    if (key === '\x1b[6~') { scrollOffset += 10; render(); return; } // PageDown
+  }
+  // Setup input
+  process.stdin.setRawMode(true);
+  process.stdin.resume();
+  process.stdin.setEncoding('utf8');
+  process.stdin.on('data', onKeypress);
+  process.stdout.on('resize', render);
+  // Graceful cleanup
+  process.on('exit', cleanup);
+  process.on('SIGINT', () => { cleanup(); process.exit(0); });
+  process.on('SIGTERM', () => { cleanup(); process.exit(0); });
+  // Initial render
+  render();
+  // Keep alive until user quits
+  await new Promise(resolve => {
+    const check = setInterval(() => {
+      if (!running) { clearInterval(check); resolve(); }
+    }, 100);
+  });
+}
 // ── Main ────────────────────────────────────────────────
 async function main() {
@@ -2054,9 +2609,10 @@ async function main() {
     setup: [
       `${c.bold}agentaudit setup${c.reset}`,
       ``,
-      `Create an AgentAudit account or enter an existing API key.`,
-      `This is for uploading audit reports to the registry — not for`,
-      `LLM provider configuration (use \`agentaudit model\` for that).`,
+      `Log in to agentaudit.dev — create an account or enter an existing API key.`,
+      `This enables uploading audit reports to the public registry.`,
+      ``,
+      `${c.bold}Note:${c.reset} This is NOT for LLM/provider configuration. Use ${c.cyan}agentaudit model${c.reset} for that.`,
       ``,
       `${c.bold}Examples:${c.reset}`,
       `  agentaudit setup`,
@@ -2073,15 +2629,70 @@ async function main() {
       `  agentaudit status`,
       `  agentaudit status --json`,
     ],
+    dashboard: [
+      `${c.bold}agentaudit dashboard${c.reset}`,
+      ``,
+      `Interactive full-screen dashboard with stats, leaderboard, and benchmark.`,
+      `Uses alternate screen buffer — your scrollback stays intact.`,
+      ``,
+      `${c.bold}Navigation:${c.reset}`,
+      `  ←→ / Tab      Switch between tabs`,
+      `  1-3            Jump to tab by number`,
+      `  ↑↓ / j/k       Scroll content`,
+      `  PgUp/PgDn     Scroll fast`,
+      `  q / Ctrl+C    Quit`,
+      ``,
+      `${c.bold}Tabs:${c.reset}`,
+      `  [1] Overview    Your profile + registry stats`,
+      `  [2] Leaderboard Top contributors ranking`,
+      `  [3] Benchmark   LLM model performance comparison`,
+      ``,
+      `${c.bold}Aliases:${c.reset} dashboard, dash`,
+    ],
+    dash: null, // alias → dashboard
+    leaderboard: [
+      `${c.bold}agentaudit leaderboard${c.reset} [options]`,
+      ``,
+      `Show top contributors ranking. Pipe-friendly output (no alt-screen).`,
+      ``,
+      `${c.bold}Options:${c.reset}`,
+      `  --tab <name>   Category: overall (default), monthly, reviewers, verifiers, streaks`,
+      `  --all           Show all entries (default: top 20)`,
+      `  --json          Machine-readable JSON output`,
+      ``,
+      `${c.bold}Aliases:${c.reset} leaderboard, lb`,
+      ``,
+      `${c.bold}Examples:${c.reset}`,
+      `  agentaudit leaderboard`,
+      `  agentaudit leaderboard --tab monthly`,
+      `  agentaudit leaderboard --all --json`,
+    ],
+    lb: null, // alias → leaderboard
+    benchmark: [
+      `${c.bold}agentaudit benchmark${c.reset} [options]`,
+      ``,
+      `Compare LLM model performance across security audits.`,
+      `Shows detection rates, severity breakdown, and vulnerability landscape.`,
+      ``,
+      `${c.bold}Options:${c.reset}`,
+      `  --json          Machine-readable JSON output`,
+      ``,
+      `${c.bold}Aliases:${c.reset} benchmark, bench`,
+      ``,
+      `${c.bold}Examples:${c.reset}`,
+      `  agentaudit benchmark`,
+      `  agentaudit benchmark --json`,
+    ],
+    bench: null, // alias → benchmark
   };
   // Show subcommand help: `agentaudit help <cmd>` or `agentaudit <cmd> --help`
   function showSubcommandHelp(cmd) {
     let helpLines = subcommandHelp[cmd];
-    if (helpLines === null && subcommandHelp[cmd] === null) {
+    if (helpLines === null) {
       // alias redirect
-      const alias = cmd === 'check' ? 'lookup' : cmd;
-      helpLines = subcommandHelp[alias];
+      const aliases = { check: 'lookup', dash: 'dashboard', lb: 'leaderboard', bench: 'benchmark' };
+      helpLines = subcommandHelp[aliases[cmd] || cmd];
     }
     if (!helpLines) {
       console.log(`  ${c.red}No help available for "${cmd}"${c.reset}`);
@@ -2124,9 +2735,14 @@ async function main() {
     console.log(`    ${c.cyan}audit${c.reset} <url> [url...]  Deep LLM-powered security audit (~30s)`);
     console.log(`    ${c.cyan}lookup${c.reset} <name>         Look up package in registry`);
     console.log();
+    console.log(`  ${c.bold}COMMUNITY${c.reset}`);
+    console.log(`    ${c.cyan}dashboard${c.reset}             Interactive dashboard (full-screen)`);
+    console.log(`    ${c.cyan}leaderboard${c.reset}           Top contributors ranking`);
+    console.log(`    ${c.cyan}benchmark${c.reset}             LLM model performance comparison`);
+    console.log();
     console.log(`  ${c.bold}CONFIGURATION${c.reset}`);
     console.log(`    ${c.cyan}model${c.reset}                 Configure LLM provider + model`);
-    console.log(`    ${c.cyan}setup${c.reset}                 Create account / enter API key`);
+    console.log(`    ${c.cyan}setup${c.reset}                 Log in to agentaudit.dev (for report uploads)`);
     console.log(`    ${c.cyan}status${c.reset}                Show current config + auth status`);
     console.log();
     console.log(`  ${c.bold}FLAGS${c.reset}`);
@@ -2154,9 +2770,23 @@ async function main() {
   // Default no-arg → discover
   const command = args.length === 0 ? 'discover' : args[0];
   const targets = args.slice(1);
+  // Dashboard/Leaderboard/Benchmark — before banner() since dashboard uses alt-screen
+  if (command === 'dashboard' || command === 'dash') {
+    await dashboardCommand();
+    return;
+  }
+  if (command === 'leaderboard' || command === 'lb') {
+    await leaderboardCommand(targets);
+    return;
+  }
+  if (command === 'benchmark' || command === 'bench') {
+    await benchmarkCommand(targets);
+    return;
+  }
   banner();
   if (command === 'setup') {
     await setupCommand();
     return;
@@ -2218,6 +2848,32 @@ async function main() {
     }
     console.log();
+    // Personal stats (from registry, silently skip on error)
+    if (creds?.agent_name && creds.agent_name !== 'env') {
+      try {
+        const [agentRes, lbRes] = await Promise.all([
+          fetch(`${REGISTRY_URL}/api/agents/${encodeURIComponent(creds.agent_name)}`, {
+            headers: { 'Authorization': `Bearer ${creds.api_key}` },
+            signal: AbortSignal.timeout(10_000),
+          }).then(r => r.ok ? r.json() : null),
+          fetch(`${REGISTRY_URL}/api/leaderboard?limit=100`, { signal: AbortSignal.timeout(10_000) }).then(r => r.ok ? r.json() : null),
+        ]);
+        if (agentRes) {
+          console.log(`  ${c.bold}Profile${c.reset}`);
+          let rank = '-';
+          if (Array.isArray(lbRes)) {
+            const idx = lbRes.findIndex(e => e.agent_name === creds.agent_name);
+            if (idx >= 0) rank = `#${idx + 1} of ${lbRes.length}`;
+          }
+          console.log(`    Rank        ${c.bold}${rank}${c.reset}`);
+          console.log(`    Points      ${c.bold}${fmtNum(agentRes.total_points || 0)}${c.reset}`);
+          console.log(`    Audits      ${c.bold}${fmtNum(agentRes.total_reports || 0)}${c.reset}`);
+          console.log(`    Findings    ${c.bold}${fmtNum(agentRes.total_findings_submitted || 0)}${c.reset} ${c.dim}(${fmtNum(agentRes.total_findings_confirmed || 0)} confirmed)${c.reset}`);
+          console.log();
+        }
+      } catch {}
+    }
     // JSON mode
     if (jsonMode) {
       const status = {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "agentaudit",
-  "version": "3.10.2",
+  "version": "3.10.3",
   "description": "Security scanner for AI packages — MCP server + CLI",
   "type": "module",
   "bin": {