npm - agentaudit - Versions diffs - 3.10.2 → 3.10.4 - Mend

agentaudit 3.10.2 → 3.10.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/cli.mjs CHANGED Viewed

@@ -9,8 +9,13 @@
  *   scan <url> [url...]   Quick static scan (regex)
  *   audit <url> [url...]  Deep LLM-powered security audit
  *   lookup <name>         Look up package in registry
+ *   dashboard             Interactive full-screen dashboard
+ *   leaderboard           Top contributors ranking
+ *   benchmark             LLM model performance comparison
+ *   activity              Your recent audits & findings
+ *   search <query>        Search packages in registry
  *   model [name|reset]    Configure LLM provider + model
- *   setup                 Create account / enter API key
+ *   setup                 Log in to agentaudit.dev (for report uploads)
  *   status                Show current config + auth status
  *   help [command]        Show help
  *
@@ -142,6 +147,7 @@ const xdgConfig = process.env.XDG_CONFIG_HOME || path.join(home, '.config');
 const USER_CRED_DIR = path.join(xdgConfig, 'agentaudit');
 const USER_CRED_FILE = path.join(USER_CRED_DIR, 'credentials.json');
 const SKILL_CRED_FILE = path.join(SKILL_DIR, 'config', 'credentials.json');
+const PROFILE_CACHE_FILE = path.join(USER_CRED_DIR, 'profile-cache.json');
 function loadCredentials() {
   for (const f of [SKILL_CRED_FILE, USER_CRED_FILE]) {
@@ -224,6 +230,29 @@ function saveCredentials(data) {
   } catch {}
 }
+function loadProfileCache() {
+  try {
+    if (!fs.existsSync(PROFILE_CACHE_FILE)) return null;
+    const data = JSON.parse(fs.readFileSync(PROFILE_CACHE_FILE, 'utf8'));
+    // TTL: 10 minutes
+    if (data.fetched_at && Date.now() - data.fetched_at < 10 * 60 * 1000) return data;
+    return null; // expired
+  } catch { return null; }
+}
+function saveProfileCache(data) {
+  try {
+    fs.mkdirSync(USER_CRED_DIR, { recursive: true });
+    fs.writeFileSync(PROFILE_CACHE_FILE, JSON.stringify({
+      agent_name: data.agent_name,
+      rank: data.rank,
+      total_points: data.total_points,
+      total_reports: data.total_reports,
+      fetched_at: Date.now(),
+    }, null, 2), { mode: 0o600 });
+  } catch {}
+}
 function askQuestion(question) {
   const rl = createInterface({ input: process.stdin, output: process.stdout });
   return new Promise(resolve => rl.question(question, answer => { rl.close(); resolve(answer.trim()); }));
@@ -417,12 +446,13 @@ async function registerAgent(agentName) {
 }
 async function setupCommand() {
-  console.log(`  ${c.bold}Setup${c.reset}`);
+  console.log(`  ${c.bold}AgentAudit Login${c.reset}`);
+  console.log(`  ${c.dim}Create an account to upload audit reports to agentaudit.dev${c.reset}`);
   console.log();
   const existing = loadCredentials();
   if (existing) {
-    console.log(`  ${icons.safe}  Already configured as ${c.bold}${existing.agent_name}${c.reset}`);
+    console.log(`  ${icons.safe}  Already logged in as ${c.bold}${existing.agent_name}${c.reset}`);
     console.log(`  ${c.dim}Key: ${existing.api_key.slice(0, 8)}...${c.reset}`);
     console.log();
     const answer = await askQuestion(`  Reconfigure? ${c.dim}(y/N)${c.reset} `);
@@ -523,8 +553,17 @@ function getVersion() {
 function banner() {
   if (quietMode || jsonMode) return;
   console.log();
-  console.log(`  ${c.bold}${c.cyan}AgentAudit${c.reset} ${c.dim}v${getVersion()}${c.reset}`);
-  console.log(`  ${c.dim}Security scanner for AI packages${c.reset}`);
+  const cache = loadProfileCache();
+  if (cache) {
+    const rankStr = cache.rank != null ? `#${cache.rank}` : '';
+    const ptsStr = `${fmtNum(cache.total_points)}pts`;
+    const auditsStr = `${fmtNum(cache.total_reports)} audits`;
+    const profile = [cache.agent_name, rankStr, ptsStr, auditsStr].filter(Boolean).join(' \u00b7 ');
+    console.log(`  ${c.bold}${c.cyan}\u26e8 AgentAudit${c.reset} ${c.dim}v${getVersion()}${c.reset}  ${c.dim}\u2502${c.reset}  ${profile}`);
+  } else {
+    console.log(`  ${c.bold}${c.cyan}AgentAudit${c.reset} ${c.dim}v${getVersion()}${c.reset}`);
+    console.log(`  ${c.dim}Security scanner for AI packages${c.reset}`);
+  }
   console.log();
 }
@@ -567,6 +606,120 @@ function severityIcon(sev) {
   }
 }
+// ── TUI Rendering Helpers ───────────────────────────────
+const term = {
+  clearScreen: '\x1b[2J\x1b[H',
+  hideCursor: '\x1b[?25l',
+  showCursor: '\x1b[?25h',
+  altScreenOn: '\x1b[?1049h',
+  altScreenOff: '\x1b[?1049l',
+  moveTo: (r, col) => `\x1b[${r};${col}H`,
+  clearLine: '\x1b[2K',
+  underline: '\x1b[4m',
+  noUnderline: '\x1b[24m',
+};
+const BOX = { tl: '╭', tr: '╮', bl: '╰', br: '╯', h: '─', v: '│', lt: '├', rt: '┤', tt: '┬', bt: '┴', x: '┼' };
+// Strip ANSI escape codes for length calculations
+function stripAnsi(str) {
+  return str.replace(/\x1b\[[0-9;]*[a-zA-Z]/g, '');
+}
+function visLen(str) {
+  return stripAnsi(str).length;
+}
+function padRight(str, len) {
+  const diff = len - visLen(str);
+  return diff > 0 ? str + ' '.repeat(diff) : str;
+}
+function padLeft(str, len) {
+  const diff = len - visLen(str);
+  return diff > 0 ? ' '.repeat(diff) + str : str;
+}
+function drawBox(title, contentLines, width) {
+  const inner = width - 4; // 2 for "│ " + 2 for " │"
+  const lines = [];
+  const titleStr = title ? ` ${title} ` : '';
+  const titleLen = visLen(titleStr);
+  const topDash = BOX.h.repeat(Math.max(1, inner + 2 - titleLen));
+  lines.push(`  ${BOX.tl}${c.dim}─${c.reset}${c.bold}${titleStr}${c.reset}${c.dim}${topDash}${c.reset}${BOX.tr}`);
+  for (const line of contentLines) {
+    lines.push(`  ${BOX.v} ${padRight(line, inner + 1)}${BOX.v}`);
+  }
+  lines.push(`  ${BOX.bl}${c.dim}${BOX.h.repeat(inner + 2)}${c.reset}${BOX.br}`);
+  return lines;
+}
+// ████████░░░░ proportional bar
+function renderBar(value, maxValue, maxWidth) {
+  if (maxValue <= 0 || value <= 0) return c.dim + '░'.repeat(maxWidth) + c.reset;
+  const filled = Math.min(Math.round((value / maxValue) * maxWidth), maxWidth);
+  const empty = maxWidth - filled;
+  return c.cyan + '█'.repeat(filled) + c.dim + '░'.repeat(empty) + c.reset;
+}
+// [████████░░] 89%
+function renderGauge(value, max, width) {
+  const pct = max > 0 ? Math.round((value / max) * 100) : 0;
+  const inner = width - 2; // subtract brackets
+  const filled = Math.min(Math.round((pct / 100) * inner), inner);
+  const empty = inner - filled;
+  const color = pct >= 80 ? c.green : pct >= 50 ? c.yellow : c.red;
+  return `[${color}${'█'.repeat(filled)}${c.dim}${'░'.repeat(empty)}${c.reset}] ${pct}%`;
+}
+// ●●●○○ colored severity dots
+function severityDots(breakdown) {
+  const parts = [];
+  const critical = breakdown?.critical || 0;
+  const high = breakdown?.high || 0;
+  const medium = breakdown?.medium || 0;
+  const low = breakdown?.low || 0;
+  for (let i = 0; i < Math.min(critical, 3); i++) parts.push(`${c.red}●${c.reset}`);
+  for (let i = 0; i < Math.min(high, 3); i++) parts.push(`${c.red}●${c.reset}`);
+  for (let i = 0; i < Math.min(medium, 2); i++) parts.push(`${c.yellow}●${c.reset}`);
+  for (let i = 0; i < Math.min(low, 2); i++) parts.push(`${c.blue}●${c.reset}`);
+  // fill remaining with empty dots up to 5
+  while (parts.length < 5) parts.push(`${c.dim}○${c.reset}`);
+  return parts.slice(0, 5).join('');
+}
+// ▁▂▃▅▇█▆▃ mini sparkline
+function sparkline(values) {
+  const chars = '▁▂▃▄▅▆▇█';
+  if (!values || values.length === 0) return '';
+  const max = Math.max(...values, 1);
+  return values.map(v => {
+    const idx = Math.min(Math.round((v / max) * (chars.length - 1)), chars.length - 1);
+    return chars[idx];
+  }).join('');
+}
+function fmtNum(n) {
+  if (n == null) return '0';
+  return n.toLocaleString('en-US');
+}
+function fmtPct(n) {
+  if (n == null) return '0%';
+  return Math.round(n) + '%';
+}
+function dashboardBanner() {
+  const ver = getVersion();
+  return [
+    `  ${BOX.tl}${c.dim}${BOX.h.repeat(35)}${c.reset}${BOX.tr}`,
+    `  ${BOX.v}  ${c.bold}${c.cyan}⛨  AgentAudit${c.reset}  ${c.dim}v${ver}${c.reset}${' '.repeat(Math.max(0, 19 - ver.length))}${BOX.v}`,
+    `  ${BOX.v}  ${c.dim}Security Registry for AI Agents${c.reset}  ${BOX.v}`,
+    `  ${BOX.bl}${c.dim}${BOX.h.repeat(35)}${c.reset}${BOX.br}`,
+  ];
+}
 // ── File Collection (same logic as MCP server) ──────────
 function formatApiError(error, provider, statusCode) {
@@ -1940,6 +2093,835 @@ async function checkPackage(name) {
   return data;
 }
+// ── Dashboard / Leaderboard / Benchmark Commands ────────
+async function fetchDashboardData() {
+  const creds = loadCredentials();
+  const fetches = [
+    fetch(`${REGISTRY_URL}/api/stats`, { signal: AbortSignal.timeout(15_000) }).then(r => r.ok ? r.json() : null).catch(() => null),
+    fetch(`${REGISTRY_URL}/api/leaderboard?limit=50`, { signal: AbortSignal.timeout(15_000) }).then(r => r.ok ? r.json() : null).catch(() => null),
+    fetch(`${REGISTRY_URL}/api/benchmark`, { signal: AbortSignal.timeout(15_000) }).then(r => r.ok ? r.json() : null).catch(() => null),
+  ];
+  if (creds?.agent_name && creds.agent_name !== 'env') {
+    fetches.push(
+      fetch(`${REGISTRY_URL}/api/agents/${encodeURIComponent(creds.agent_name)}`, {
+        headers: { 'Authorization': `Bearer ${creds.api_key}` },
+        signal: AbortSignal.timeout(15_000),
+      }).then(r => r.ok ? r.json() : null).catch(() => null)
+    );
+  } else {
+    fetches.push(Promise.resolve(null));
+  }
+  const [stats, leaderboard, benchmark, agent] = await Promise.all(fetches);
+  // Update profile cache if we have agent data
+  if (agent && creds) {
+    let rank = null;
+    if (Array.isArray(leaderboard)) {
+      const idx = leaderboard.findIndex(e => e.agent_name === creds.agent_name);
+      if (idx >= 0) rank = idx + 1;
+    }
+    saveProfileCache({
+      agent_name: creds.agent_name,
+      rank,
+      total_points: agent.total_points || 0,
+      total_reports: agent.total_reports || 0,
+    });
+  }
+  return { stats, leaderboard, benchmark, agent, creds };
+}
+function renderOverviewTab(data, width) {
+  const { stats, agent, leaderboard, creds } = data;
+  const lines = [];
+  const halfW = Math.min(Math.floor((width - 6) / 2), 40);
+  // Profile box
+  const profileLines = [];
+  if (agent && creds) {
+    // Find rank
+    let rank = '-';
+    if (leaderboard && Array.isArray(leaderboard)) {
+      const idx = leaderboard.findIndex(e => e.agent_name === creds.agent_name);
+      if (idx >= 0) rank = `#${idx + 1} of ${leaderboard.length}`;
+    }
+    profileLines.push(`${c.bold}${creds.agent_name}${c.reset}${' '.repeat(Math.max(1, halfW - 14 - visLen(creds.agent_name) - visLen(rank)))}${c.dim}${rank}${c.reset}`);
+    profileLines.push(`Points     ${c.bold}${fmtNum(agent.total_points)}${c.reset}`);
+    profileLines.push(`Audits     ${c.bold}${fmtNum(agent.total_reports)}${c.reset}`);
+    profileLines.push(`Findings   ${c.bold}${fmtNum(agent.total_findings_submitted)}${c.reset} ${c.dim}(${fmtNum(agent.total_findings_confirmed)} confirmed)${c.reset}`);
+    const sev = agent.severity_breakdown || {};
+    profileLines.push('');
+    const sevParts = [];
+    if (sev.critical) sevParts.push(`${c.red}${sev.critical} crit${c.reset}`);
+    if (sev.high) sevParts.push(`${c.red}${sev.high} high${c.reset}`);
+    if (sev.medium) sevParts.push(`${c.yellow}${sev.medium} med${c.reset}`);
+    if (sev.low) sevParts.push(`${c.blue}${sev.low} low${c.reset}`);
+    profileLines.push(sevParts.join('  ') || `${c.dim}no findings yet${c.reset}`);
+  } else {
+    profileLines.push(`${c.dim}Not logged in${c.reset}`);
+    profileLines.push(`${c.dim}Run ${c.cyan}agentaudit setup${c.dim} to create account${c.reset}`);
+  }
+  // Registry box
+  const regLines = [];
+  if (stats) {
+    regLines.push(`Packages Audited    ${c.bold}${fmtNum(stats.skills_audited)}${c.reset}`);
+    regLines.push(`Total Findings      ${c.bold}${fmtNum(stats.total_findings)}${c.reset}`);
+    regLines.push(`Total Reports       ${c.bold}${fmtNum(stats.total_reports)}${c.reset}`);
+    regLines.push(`Contributors        ${c.bold}${fmtNum(stats.reporters)}${c.reset}`);
+    regLines.push(`Avg Trust Score     ${c.bold}${stats.avg_trust_score || 0}${c.reset}`);
+    regLines.push('');
+    const parts = [];
+    if (stats.safe_packages) parts.push(`${c.green}●${fmtNum(stats.safe_packages)} safe${c.reset}`);
+    if (stats.caution_packages) parts.push(`${c.yellow}●${fmtNum(stats.caution_packages)} caution${c.reset}`);
+    if (stats.unsafe_packages) parts.push(`${c.red}●${fmtNum(stats.unsafe_packages)} unsafe${c.reset}`);
+    regLines.push(parts.join('  ') || `${c.dim}no packages yet${c.reset}`);
+  } else {
+    regLines.push(`${c.dim}Could not load registry stats${c.reset}`);
+  }
+  const boxW = halfW + 4;
+  const profileBox = drawBox('Your Profile', profileLines, boxW);
+  const registryBox = drawBox('Registry', regLines, boxW);
+  // Side by side if wide enough, stacked otherwise
+  if (width >= boxW * 2 + 4) {
+    const maxLen = Math.max(profileBox.length, registryBox.length);
+    while (profileBox.length < maxLen) profileBox.push(`  ${BOX.v} ${' '.repeat(halfW + 1)}${BOX.v}`);
+    while (registryBox.length < maxLen) registryBox.push(`  ${BOX.v} ${' '.repeat(halfW + 1)}${BOX.v}`);
+    for (let i = 0; i < maxLen; i++) {
+      lines.push(profileBox[i] + '  ' + registryBox[i].trimStart());
+    }
+  } else {
+    lines.push(...profileBox, '', ...registryBox);
+  }
+  return lines;
+}
+function renderLeaderboardTab(data, width, opts = {}) {
+  const { leaderboard, creds } = data;
+  const lines = [];
+  const maxNameW = 20;
+  const barW = Math.min(Math.max(10, width - 70), 30);
+  if (!leaderboard || !Array.isArray(leaderboard) || leaderboard.length === 0) {
+    lines.push(`  ${c.dim}No leaderboard data available${c.reset}`);
+    return lines;
+  }
+  const maxPts = leaderboard[0]?.total_points || 1;
+  const medals = ['🥇', '🥈', '🥉'];
+  for (let i = 0; i < leaderboard.length; i++) {
+    const entry = leaderboard[i];
+    const name = (entry.agent_name || '').slice(0, maxNameW);
+    const isMe = creds && entry.agent_name === creds.agent_name;
+    const prefix = i < 3 ? ` ${medals[i]} ` : `  ${c.dim}#${String(i + 1).padStart(2)}${c.reset} `;
+    const nameStr = isMe ? `${c.green}${c.bold}${name}${c.reset}` : name;
+    const bar = renderBar(entry.total_points || 0, maxPts, barW);
+    const pts = padLeft(`${fmtNum(entry.total_points || 0)} pts`, 12);
+    const audits = padLeft(`${fmtNum(entry.total_reports || 0)} audits`, 12);
+    const extra = entry.monthly_reports != null ? padLeft(`${fmtNum(entry.monthly_reports)} this mo`, 12) : '';
+    lines.push(`${prefix}${padRight(nameStr, maxNameW)}  ${bar}  ${pts}  ${audits}${extra}`);
+    // Separator after top 3
+    if (i === 2 && leaderboard.length > 3) {
+      lines.push(`  ${c.dim}${'─'.repeat(Math.min(width - 4, 76))}${c.reset}`);
+    }
+  }
+  // Highlight current user if not in top list
+  if (creds && !leaderboard.find(e => e.agent_name === creds.agent_name)) {
+    lines.push('');
+    lines.push(`  ${c.dim}← you are not on this leaderboard yet${c.reset}`);
+  }
+  return lines;
+}
+function renderBenchmarkTab(data, width) {
+  const { benchmark } = data;
+  const lines = [];
+  if (!benchmark || !benchmark.models || benchmark.models.length === 0) {
+    lines.push(`  ${c.dim}No benchmark data available${c.reset}`);
+    return lines;
+  }
+  const overview = benchmark.overview || {};
+  lines.push(`  ${c.bold}${fmtNum(benchmark.models.length)}${c.reset} models ${c.dim}│${c.reset} ${c.bold}${fmtNum(overview.total_reports || 0)}${c.reset} audits ${c.dim}│${c.reset} ${c.bold}${fmtNum(overview.total_findings || 0)}${c.reset} findings`);
+  lines.push('');
+  // Header
+  const nameW = 28;
+  const hdr = `  ${padRight(`${c.bold}Model${c.reset}`, nameW + 9)}  ${padRight('Audits', 7)} ${padRight('Risk', 5)} ${padRight('Detection', 16)}  Severity`;
+  lines.push(hdr);
+  lines.push(`  ${c.dim}${'─'.repeat(Math.min(width - 4, 86))}${c.reset}`);
+  for (const m of benchmark.models) {
+    const name = (m.audit_model || 'unknown').slice(0, nameW - 2);
+    const audits = padLeft(fmtNum(m.total_audits), 5);
+    const riskVal = parseFloat(m.avg_risk_score) || 0;
+    const riskColor = riskVal <= 20 ? c.green : riskVal <= 40 ? c.yellow : c.red;
+    const risk = `${riskColor}${padLeft(String(Math.round(riskVal)), 3)}${c.reset}`;
+    const detection = renderGauge(m.detection_rate || 0, 100, 10);
+    // Severity as compact text instead of dots
+    const sev = m.severity_breakdown || {};
+    const sevParts = [];
+    if (sev.critical) sevParts.push(`${c.red}${sev.critical}C${c.reset}`);
+    if (sev.high) sevParts.push(`${c.red}${sev.high}H${c.reset}`);
+    if (sev.medium) sevParts.push(`${c.yellow}${sev.medium}M${c.reset}`);
+    if (sev.low) sevParts.push(`${c.blue}${sev.low}L${c.reset}`);
+    const sevStr = sevParts.length > 0 ? sevParts.join(' ') : `${c.dim}—${c.reset}`;
+    lines.push(`  ${padRight(name, nameW)} ${audits}  ${risk}  ${detection}  ${sevStr}`);
+  }
+  // Vulnerability landscape
+  const cats = benchmark.global_categories;
+  if (cats && cats.length > 0) {
+    lines.push('');
+    const catTotal = cats.reduce((sum, cat) => sum + (cat.count || 0), 0) || 1;
+    const catW = Math.min(width - 8, 56);
+    const catLines = [];
+    for (const cat of cats.slice(0, 6)) {
+      const pct = Math.round((cat.count / catTotal) * 100);
+      const barFill = Math.round((cat.count / catTotal) * (catW - 30));
+      catLines.push(`${padRight(cat.category || 'Other', 22)} ${c.cyan}${'█'.repeat(Math.max(1, barFill))}${c.dim}${'░'.repeat(Math.max(0, catW - 30 - barFill))}${c.reset}  ${padLeft(fmtPct(pct), 4)}`);
+    }
+    lines.push(...drawBox('Vulnerability Landscape', catLines, catW + 4));
+  }
+  // Cross-model findings
+  const cross = benchmark.cross_model_findings;
+  if (cross && cross.length > 0) {
+    lines.push('');
+    lines.push(`  ${c.bold}Cross-Model Findings${c.reset} ${c.dim}(confirmed by multiple models)${c.reset}`);
+    for (const cf of cross.slice(0, 5)) {
+      const models = (cf.models || []).slice(0, 3).join(', ');
+      lines.push(`  ${c.dim}•${c.reset} ${cf.title || cf.pattern_id}  ${c.dim}[${cf.model_count} models: ${models}]${c.reset}`);
+    }
+  }
+  return lines;
+}
+function timeAgo(dateStr) {
+  if (!dateStr) return '';
+  const diff = Date.now() - new Date(dateStr).getTime();
+  const mins = Math.floor(diff / 60000);
+  if (mins < 60) return `${mins}m ago`;
+  const hours = Math.floor(mins / 60);
+  if (hours < 24) return `${hours}h ago`;
+  const days = Math.floor(hours / 24);
+  if (days < 30) return `${days}d ago`;
+  return `${Math.floor(days / 30)}mo ago`;
+}
+function renderActivityTab(data, width) {
+  const { agent, creds } = data;
+  const lines = [];
+  if (!creds || !agent) {
+    lines.push(`  ${c.dim}Not logged in${c.reset}`);
+    lines.push(`  ${c.dim}Run ${c.cyan}agentaudit setup${c.dim} to see your activity${c.reset}`);
+    return lines;
+  }
+  // Recent Audits
+  const reports = agent.recent_reports || [];
+  const auditLines = [];
+  if (reports.length > 0) {
+    for (const r of reports.slice(0, 10)) {
+      const time = padRight(timeAgo(r.created_at), 8);
+      const name = padRight((r.skill_slug || r.package_name || '').slice(0, 20), 20);
+      const score = r.risk_score ?? r.latest_risk_score ?? 0;
+      let status;
+      if (score === 0) status = `${c.green}safe${c.reset}   `;
+      else if (score <= 30) status = `${c.yellow}caution${c.reset}`;
+      else status = `${c.red}unsafe${c.reset} `;
+      const findCount = r.finding_count != null ? `${r.finding_count} findings` : '';
+      const model = r.audit_model ? `${c.dim}${(r.audit_model || '').slice(0, 14)}${c.reset}` : '';
+      auditLines.push(`${c.dim}${time}${c.reset}  ${name}  ${status}  ${padRight(findCount, 12)} ${model}`);
+    }
+  } else {
+    auditLines.push(`${c.dim}No audits yet — run ${c.cyan}agentaudit audit <url>${c.dim} to get started${c.reset}`);
+  }
+  lines.push(...drawBox('Recent Audits', auditLines, Math.min(width - 4, 72)));
+  lines.push('');
+  // Recent Findings
+  const findings = agent.recent_findings || [];
+  const findingLines = [];
+  if (findings.length > 0) {
+    for (const f of findings.slice(0, 10)) {
+      const asfId = padRight(f.asf_id || f.id || '', 16);
+      const sev = severityIcon(f.severity);
+      const sevLabel = padRight(f.severity || '', 9);
+      const title = (f.title || f.pattern_id || '').slice(0, 40);
+      findingLines.push(`${asfId} ${sev} ${sevLabel} ${title}`);
+    }
+  } else {
+    findingLines.push(`${c.dim}No findings yet${c.reset}`);
+  }
+  lines.push(...drawBox('Recent Findings', findingLines, Math.min(width - 4, 72)));
+  return lines;
+}
+async function activityCommand(args) {
+  const creds = loadCredentials();
+  if (!creds?.agent_name || creds.agent_name === 'env') {
+    if (jsonMode) {
+      console.log(JSON.stringify({ error: 'not_logged_in' }));
+    } else {
+      banner();
+      console.log(`  ${c.yellow}Not logged in${c.reset}`);
+      console.log(`  ${c.dim}Run ${c.cyan}agentaudit setup${c.dim} to create an account${c.reset}`);
+    }
+    return;
+  }
+  if (!quietMode && !jsonMode) {
+    banner();
+    process.stdout.write(`  ${c.dim}Loading activity...${c.reset}`);
+  }
+  let agentData;
+  try {
+    const res = await fetch(`${REGISTRY_URL}/api/agents/${encodeURIComponent(creds.agent_name)}`, {
+      headers: { 'Authorization': `Bearer ${creds.api_key}` },
+      signal: AbortSignal.timeout(15_000),
+    });
+    if (!res.ok) throw new Error(`HTTP ${res.status}`);
+    agentData = await res.json();
+  } catch (err) {
+    if (!jsonMode) {
+      process.stdout.write('\r\x1b[2K');
+      console.log(`  ${c.red}Failed to load activity: ${err.message}${c.reset}`);
+    }
+    process.exitCode = 1;
+    return;
+  }
+  if (jsonMode) {
+    console.log(JSON.stringify(agentData, null, 2));
+    return;
+  }
+  process.stdout.write('\r\x1b[2K');
+  // Update profile cache
+  try {
+    const lbRes = await fetch(`${REGISTRY_URL}/api/leaderboard?limit=100`, { signal: AbortSignal.timeout(10_000) }).then(r => r.ok ? r.json() : null);
+    let rank = null;
+    if (Array.isArray(lbRes)) {
+      const idx = lbRes.findIndex(e => e.agent_name === creds.agent_name);
+      if (idx >= 0) rank = idx + 1;
+    }
+    saveProfileCache({
+      agent_name: creds.agent_name,
+      rank,
+      total_points: agentData.total_points || 0,
+      total_reports: agentData.total_reports || 0,
+    });
+  } catch {}
+  const width = process.stdout.columns || 80;
+  const activityLines = renderActivityTab({ agent: agentData, creds }, width);
+  console.log(`  ${c.bold}Activity${c.reset}  ${c.dim}${creds.agent_name}${c.reset}`);
+  console.log();
+  for (const line of activityLines) console.log(line);
+  console.log();
+}
+function renderSearchResults(data, width) {
+  const lines = [];
+  const boxW = Math.min(width - 4, 72);
+  // Lookup API returns { reports: [], findings: [], total_matches }
+  const lookupData = Array.isArray(data) ? data[0] : data;
+  const reports = lookupData?.reports || [];
+  const findings = lookupData?.findings || [];
+  const total = lookupData?.total_matches || (reports.length + findings.length);
+  if (total === 0) return lines;
+  // Packages (from reports)
+  if (reports.length > 0) {
+    const pkgLines = [];
+    for (const r of reports.slice(0, 10)) {
+      const name = padRight((r.skill_slug || '').slice(0, 22), 22);
+      const riskScore = r.risk_score ?? 0;
+      let badge;
+      if (riskScore === 0) badge = `${c.green}SAFE${c.reset}   `;
+      else if (riskScore <= 30) badge = `${c.yellow}CAUTION${c.reset}`;
+      else badge = `${c.red}UNSAFE${c.reset} `;
+      const time = padRight(timeAgo(r.created_at), 8);
+      pkgLines.push(`${name}  ${badge}  ${c.dim}${time}${c.reset}`);
+    }
+    lines.push(...drawBox(`Packages (${reports.length})`, pkgLines, boxW));
+    lines.push('');
+  }
+  // Findings
+  if (findings.length > 0) {
+    const findLines = [];
+    for (const f of findings.slice(0, 10)) {
+      const asfId = padRight(f.asf_id || '', 16);
+      const sev = severityIcon(f.severity);
+      const sevLabel = padRight(f.severity || '', 9);
+      const title = (f.title || '').slice(0, 36);
+      findLines.push(`${asfId} ${sev} ${sevLabel} ${title}`);
+    }
+    lines.push(...drawBox(`Findings (${findings.length})`, findLines, boxW));
+  }
+  return lines;
+}
+function renderSearchTab(searchState, width) {
+  const { query, results, loading, error } = searchState;
+  const lines = [];
+  // Search input
+  lines.push(`  ${c.bold}Search:${c.reset} ${query || ''}${c.dim}\u2588${c.reset}`);
+  lines.push('');
+  if (loading) {
+    lines.push(`  ${c.dim}Searching...${c.reset}`);
+    return lines;
+  }
+  if (error) {
+    lines.push(`  ${c.red}${error}${c.reset}`);
+    return lines;
+  }
+  if (results) {
+    const resultLines = renderSearchResults(results, width);
+    if (resultLines.length > 0) {
+      lines.push(...resultLines);
+    } else {
+      lines.push(`  ${c.dim}No results found for "${query}"${c.reset}`);
+    }
+  } else if (!query) {
+    lines.push(`  ${c.dim}Type to search packages in the registry${c.reset}`);
+  }
+  lines.push('');
+  lines.push(`  ${c.dim}Type to search  \u2502  Enter=search  \u2502  Esc=clear  \u2502  Tab=switch tab${c.reset}`);
+  return lines;
+}
+async function searchCommand(args) {
+  const query = args.filter(a => !a.startsWith('--')).join(' ').trim();
+  if (!query) {
+    if (jsonMode) {
+      console.log(JSON.stringify({ error: 'query_required' }));
+    } else {
+      banner();
+      console.log(`  ${c.red}Error: search query required${c.reset}`);
+      console.log(`  ${c.dim}Usage: ${c.cyan}agentaudit search <query>${c.dim} \u2014 e.g. agentaudit search fastmcp${c.reset}`);
+    }
+    process.exitCode = 2;
+    return;
+  }
+  if (!quietMode && !jsonMode) {
+    banner();
+    process.stdout.write(`  ${c.dim}Searching "${query}"...${c.reset}`);
+  }
+  let data;
+  try {
+    const res = await fetch(`${REGISTRY_URL}/api/lookup?hash=${encodeURIComponent(query)}`, {
+      signal: AbortSignal.timeout(15_000),
+    });
+    if (!res.ok) throw new Error(`HTTP ${res.status}`);
+    data = await res.json();
+  } catch (err) {
+    if (!jsonMode) {
+      process.stdout.write('\r\x1b[2K');
+      console.log(`  ${c.red}Search failed: ${err.message}${c.reset}`);
+    }
+    process.exitCode = 1;
+    return;
+  }
+  if (jsonMode) {
+    console.log(JSON.stringify(data, null, 2));
+    return;
+  }
+  process.stdout.write('\r\x1b[2K');
+  console.log(`  ${c.bold}Search${c.reset}  ${c.dim}"${query}"${c.reset}`);
+  console.log();
+  const width = process.stdout.columns || 80;
+  const resultLines = renderSearchResults(data, width);
+  if (resultLines.length === 0) {
+    console.log(`  ${c.dim}No results found${c.reset}`);
+    console.log(`  ${c.dim}Tip: try ${c.cyan}agentaudit scan <repo-url>${c.dim} to audit a new package${c.reset}`);
+    console.log();
+    return;
+  }
+  for (const line of resultLines) console.log(line);
+  console.log();
+}
+async function leaderboardCommand(args) {
+  const tabArg = args.find((a, i) => args[i - 1] === '--tab') || 'overall';
+  const showAll = args.includes('--all');
+  const limit = showAll ? 200 : 20;
+  if (!quietMode && !jsonMode) {
+    banner();
+    process.stdout.write(`  ${c.dim}Loading leaderboard...${c.reset}`);
+  }
+  let data;
+  try {
+    const url = `${REGISTRY_URL}/api/leaderboard?tab=${encodeURIComponent(tabArg)}&limit=${limit}`;
+    const res = await fetch(url, { signal: AbortSignal.timeout(15_000) });
+    if (!res.ok) throw new Error(`HTTP ${res.status}`);
+    data = await res.json();
+  } catch (err) {
+    if (!jsonMode) {
+      process.stdout.write('\r\x1b[2K');
+      console.log(`  ${c.red}Failed to load leaderboard: ${err.message}${c.reset}`);
+    }
+    process.exitCode = 1;
+    return;
+  }
+  if (jsonMode) {
+    console.log(JSON.stringify(data, null, 2));
+    return;
+  }
+  process.stdout.write('\r\x1b[2K');
+  const creds = loadCredentials();
+  console.log(`  ${c.bold}Leaderboard${c.reset}  ${c.dim}${tabArg}${c.reset}`);
+  console.log();
+  if (!Array.isArray(data) || data.length === 0) {
+    console.log(`  ${c.dim}No data available${c.reset}`);
+    return;
+  }
+  const maxPts = data[0]?.total_points || 1;
+  const medals = ['🥇', '🥈', '🥉'];
+  const barW = 24;
+  for (let i = 0; i < data.length; i++) {
+    const entry = data[i];
+    const name = (entry.agent_name || '').slice(0, 20);
+    const isMe = creds && entry.agent_name === creds.agent_name;
+    const prefix = i < 3 ? ` ${medals[i]} ` : `  #${String(i + 1).padStart(2)}  `;
+    const nameStr = isMe ? `${c.green}${c.bold}${name}${c.reset}` : name;
+    const bar = renderBar(entry.total_points || 0, maxPts, barW);
+    const pts = `${fmtNum(entry.total_points || 0)} pts`;
+    const audits = `${fmtNum(entry.total_reports || 0)} audits`;
+    console.log(`${prefix}${padRight(nameStr, 22)}  ${bar}  ${padLeft(pts, 12)}  ${padLeft(audits, 10)}`);
+    if (i === 2 && data.length > 3) {
+      console.log(`  ${c.dim}${'─'.repeat(74)}${c.reset}`);
+    }
+  }
+  console.log();
+}
+async function benchmarkCommand(args) {
+  if (!quietMode && !jsonMode) {
+    banner();
+    process.stdout.write(`  ${c.dim}Loading benchmark data...${c.reset}`);
+  }
+  let data;
+  try {
+    const res = await fetch(`${REGISTRY_URL}/api/benchmark`, { signal: AbortSignal.timeout(15_000) });
+    if (!res.ok) throw new Error(`HTTP ${res.status}`);
+    data = await res.json();
+  } catch (err) {
+    if (!jsonMode) {
+      process.stdout.write('\r\x1b[2K');
+      console.log(`  ${c.red}Failed to load benchmark: ${err.message}${c.reset}`);
+    }
+    process.exitCode = 1;
+    return;
+  }
+  if (jsonMode) {
+    console.log(JSON.stringify(data, null, 2));
+    return;
+  }
+  process.stdout.write('\r\x1b[2K');
+  const width = process.stdout.columns || 80;
+  const benchLines = renderBenchmarkTab({ benchmark: data }, width);
+  console.log(`  ${c.bold}Model Benchmark${c.reset} ${c.dim}— LLM Audit Performance${c.reset}`);
+  console.log();
+  for (const line of benchLines) console.log(line);
+  console.log();
+}
+async function dashboardCommand() {
+  if (!process.stdin.isTTY || !process.stdout.isTTY) {
+    console.log(`${c.red}Error: dashboard requires an interactive terminal${c.reset}`);
+    console.log(`${c.dim}Tip: use ${c.cyan}agentaudit leaderboard${c.dim} or ${c.cyan}agentaudit benchmark${c.dim} for non-interactive output${c.reset}`);
+    process.exitCode = 1;
+    return;
+  }
+  const tabs = [
+    { key: '1', label: 'Overview' },
+    { key: '2', label: 'Leaderboard' },
+    { key: '3', label: 'Benchmark' },
+    { key: '4', label: 'Activity' },
+    { key: '5', label: 'Search' },
+  ];
+  let activeTab = 0;
+  let scrollOffset = 0;
+  let running = true;
+  // Search tab state
+  let searchQuery = '';
+  let searchResults = null;
+  let searchLoading = false;
+  let searchError = null;
+  // Enter alt screen
+  process.stdout.write(term.altScreenOn + term.hideCursor);
+  // Loading screen
+  process.stdout.write(term.clearScreen);
+  const bannerLines = dashboardBanner();
+  for (const line of bannerLines) process.stdout.write(line + '\n');
+  process.stdout.write(`\n  ${c.dim}Loading data...${c.reset}\n`);
+  // Fetch data
+  const data = await fetchDashboardData();
+  async function doSearch() {
+    if (!searchQuery.trim()) return;
+    searchLoading = true;
+    searchError = null;
+    render();
+    try {
+      const res = await fetch(`${REGISTRY_URL}/api/lookup?hash=${encodeURIComponent(searchQuery.trim())}`, {
+        signal: AbortSignal.timeout(15_000),
+      });
+      if (!res.ok) throw new Error(`HTTP ${res.status}`);
+      searchResults = await res.json();
+    } catch (err) {
+      searchError = `Search failed: ${err.message}`;
+      searchResults = null;
+    }
+    searchLoading = false;
+    if (running) render();
+  }
+  function render() {
+    const cols = process.stdout.columns || 80;
+    const rows = process.stdout.rows || 24;
+    let output = term.clearScreen;
+    // Banner
+    const bLines = dashboardBanner();
+    for (const line of bLines) output += line + '\n';
+    output += '\n';
+    // Tab bar
+    let tabBar = '  ';
+    for (let i = 0; i < tabs.length; i++) {
+      const tab = tabs[i];
+      if (i === activeTab) {
+        tabBar += `${c.bold}${c.cyan}${term.underline} [${tab.key}] ${tab.label} ${term.noUnderline}${c.reset}`;
+      } else {
+        tabBar += `${c.dim} [${tab.key}] ${tab.label} ${c.reset}`;
+      }
+      if (i < tabs.length - 1) tabBar += `${c.dim}\u2500${c.reset}`;
+    }
+    output += tabBar + '\n\n';
+    // Tab content
+    let contentLines = [];
+    switch (activeTab) {
+      case 0:
+        contentLines = renderOverviewTab(data, cols);
+        break;
+      case 1:
+        contentLines = renderLeaderboardTab(data, cols);
+        break;
+      case 2:
+        contentLines = renderBenchmarkTab(data, cols);
+        break;
+      case 3:
+        contentLines = renderActivityTab(data, cols);
+        break;
+      case 4:
+        contentLines = renderSearchTab({ query: searchQuery, results: searchResults, loading: searchLoading, error: searchError }, cols);
+        break;
+    }
+    // Apply scroll
+    const availableRows = rows - 10; // header + tab bar + footer
+    const maxScroll = Math.max(0, contentLines.length - availableRows);
+    scrollOffset = Math.min(scrollOffset, maxScroll);
+    scrollOffset = Math.max(0, scrollOffset);
+    const visible = contentLines.slice(scrollOffset, scrollOffset + availableRows);
+    for (const line of visible) output += line + '\n';
+    // Footer
+    output += '\n';
+    const scrollInfo = contentLines.length > availableRows ? `  ${c.dim}[${scrollOffset + 1}-${Math.min(scrollOffset + availableRows, contentLines.length)}/${contentLines.length}]${c.reset}` : '';
+    const isSearchTab = activeTab === 4;
+    const footerHint = isSearchTab
+      ? `${c.dim}\u2190\u2192 tab  Enter=search  Esc=clear  q quit${c.reset}`
+      : `${c.dim}\u2190\u2192 tab  \u2191\u2193 scroll  1-5 jump  q quit${c.reset}`;
+    output += `  ${footerHint}${scrollInfo}\n`;
+    process.stdout.write(output);
+  }
+  function cleanup() {
+    if (!running) return;
+    running = false;
+    process.stdout.write(term.showCursor + term.altScreenOff);
+    try { process.stdin.setRawMode(false); } catch {}
+    process.stdin.pause();
+    process.stdin.removeListener('data', onKeypress);
+    process.stdout.removeListener('resize', render);
+  }
+  function onKeypress(key) {
+    if (!running) return;
+    const isSearchTab = activeTab === 4;
+    // Ctrl+C always quits
+    if (key === '\x03') {
+      cleanup();
+      return;
+    }
+    // Search tab: route printable keys to search input
+    if (isSearchTab) {
+      // Escape: clear search
+      if (key === '\x1b' && key.length === 1) {
+        searchQuery = '';
+        searchResults = null;
+        searchError = null;
+        scrollOffset = 0;
+        render();
+        return;
+      }
+      // Enter: trigger search
+      if (key === '\r' || key === '\n') {
+        doSearch();
+        return;
+      }
+      // Backspace / Delete
+      if (key === '\x7f' || key === '\b') {
+        if (searchQuery.length > 0) {
+          searchQuery = searchQuery.slice(0, -1);
+          render();
+        }
+        return;
+      }
+      // Tab: switch to next tab
+      if (key === '\t') {
+        activeTab = (activeTab + 1) % tabs.length;
+        scrollOffset = 0;
+        render();
+        return;
+      }
+      // Arrow keys still navigate
+      if (key === '\x1b[C') { activeTab = (activeTab + 1) % tabs.length; scrollOffset = 0; render(); return; }
+      if (key === '\x1b[D') { activeTab = (activeTab - 1 + tabs.length) % tabs.length; scrollOffset = 0; render(); return; }
+      if (key === '\x1b[A') { scrollOffset = Math.max(0, scrollOffset - 1); render(); return; }
+      if (key === '\x1b[B') { scrollOffset++; render(); return; }
+      // q quits only if search buffer is empty
+      if (key === 'q' && searchQuery.length === 0) {
+        cleanup();
+        return;
+      }
+      // Printable ASCII → append to search query
+      if (key.length === 1 && key.charCodeAt(0) >= 32 && key.charCodeAt(0) <= 126) {
+        searchQuery += key;
+        render();
+        return;
+      }
+      return;
+    }
+    // Non-search tabs: normal keypress handling
+    // q = quit
+    if (key === 'q') {
+      cleanup();
+      return;
+    }
+    // Tab navigation
+    if (key === '\x1b[C' || key === '\t') {
+      activeTab = (activeTab + 1) % tabs.length;
+      scrollOffset = 0;
+      render();
+      return;
+    }
+    if (key === '\x1b[D') {
+      activeTab = (activeTab - 1 + tabs.length) % tabs.length;
+      scrollOffset = 0;
+      render();
+      return;
+    }
+    // Number keys 1-5
+    if (key >= '1' && key <= '5') {
+      const idx = parseInt(key, 10) - 1;
+      if (idx < tabs.length) { activeTab = idx; scrollOffset = 0; render(); }
+      return;
+    }
+    // Scroll
+    if (key === '\x1b[A' || key === 'k') { scrollOffset = Math.max(0, scrollOffset - 1); render(); return; }
+    if (key === '\x1b[B' || key === 'j') { scrollOffset++; render(); return; }
+    if (key === '\x1b[5~') { scrollOffset = Math.max(0, scrollOffset - 10); render(); return; }
+    if (key === '\x1b[6~') { scrollOffset += 10; render(); return; }
+  }
+  // Setup input
+  process.stdin.setRawMode(true);
+  process.stdin.resume();
+  process.stdin.setEncoding('utf8');
+  process.stdin.on('data', onKeypress);
+  process.stdout.on('resize', render);
+  // Graceful cleanup
+  process.on('exit', cleanup);
+  process.on('SIGINT', () => { cleanup(); process.exit(0); });
+  process.on('SIGTERM', () => { cleanup(); process.exit(0); });
+  // Initial render
+  render();
+  // Keep alive until user quits
+  await new Promise(resolve => {
+    const check = setInterval(() => {
+      if (!running) { clearInterval(check); resolve(); }
+    }, 100);
+  });
+}
 // ── Main ────────────────────────────────────────────────
 async function main() {
@@ -2054,9 +3036,10 @@ async function main() {
     setup: [
       `${c.bold}agentaudit setup${c.reset}`,
       ``,
-      `Create an AgentAudit account or enter an existing API key.`,
-      `This is for uploading audit reports to the registry — not for`,
-      `LLM provider configuration (use \`agentaudit model\` for that).`,
+      `Log in to agentaudit.dev — create an account or enter an existing API key.`,
+      `This enables uploading audit reports to the public registry.`,
+      ``,
+      `${c.bold}Note:${c.reset} This is NOT for LLM/provider configuration. Use ${c.cyan}agentaudit model${c.reset} for that.`,
       ``,
       `${c.bold}Examples:${c.reset}`,
       `  agentaudit setup`,
@@ -2073,15 +3056,107 @@ async function main() {
       `  agentaudit status`,
       `  agentaudit status --json`,
     ],
+    dashboard: [
+      `${c.bold}agentaudit dashboard${c.reset}`,
+      ``,
+      `Interactive full-screen dashboard with stats, leaderboard, and benchmark.`,
+      `Uses alternate screen buffer — your scrollback stays intact.`,
+      ``,
+      `${c.bold}Navigation:${c.reset}`,
+      `  \u2190\u2192 / Tab      Switch between tabs`,
+      `  1-5            Jump to tab by number`,
+      `  \u2191\u2193 / j/k       Scroll content`,
+      `  PgUp/PgDn     Scroll fast`,
+      `  q / Ctrl+C    Quit`,
+      ``,
+      `${c.bold}Tabs:${c.reset}`,
+      `  [1] Overview    Your profile + registry stats`,
+      `  [2] Leaderboard Top contributors ranking`,
+      `  [3] Benchmark   LLM model performance comparison`,
+      `  [4] Activity    Your recent audits & findings`,
+      `  [5] Search      Search packages (interactive input)`,
+      ``,
+      `${c.bold}Aliases:${c.reset} dashboard, dash`,
+    ],
+    dash: null, // alias → dashboard
+    leaderboard: [
+      `${c.bold}agentaudit leaderboard${c.reset} [options]`,
+      ``,
+      `Show top contributors ranking. Pipe-friendly output (no alt-screen).`,
+      ``,
+      `${c.bold}Options:${c.reset}`,
+      `  --tab <name>   Category: overall (default), monthly, reviewers, verifiers, streaks`,
+      `  --all           Show all entries (default: top 20)`,
+      `  --json          Machine-readable JSON output`,
+      ``,
+      `${c.bold}Aliases:${c.reset} leaderboard, lb`,
+      ``,
+      `${c.bold}Examples:${c.reset}`,
+      `  agentaudit leaderboard`,
+      `  agentaudit leaderboard --tab monthly`,
+      `  agentaudit leaderboard --all --json`,
+    ],
+    lb: null, // alias → leaderboard
+    benchmark: [
+      `${c.bold}agentaudit benchmark${c.reset} [options]`,
+      ``,
+      `Compare LLM model performance across security audits.`,
+      `Shows detection rates, severity breakdown, and vulnerability landscape.`,
+      ``,
+      `${c.bold}Options:${c.reset}`,
+      `  --json          Machine-readable JSON output`,
+      ``,
+      `${c.bold}Aliases:${c.reset} benchmark, bench`,
+      ``,
+      `${c.bold}Examples:${c.reset}`,
+      `  agentaudit benchmark`,
+      `  agentaudit benchmark --json`,
+    ],
+    bench: null, // alias → benchmark
+    activity: [
+      `${c.bold}agentaudit activity${c.reset} [options]`,
+      ``,
+      `Show your recent audits and findings from the AgentAudit registry.`,
+      `Requires being logged in (run ${c.cyan}agentaudit setup${c.reset} first).`,
+      ``,
+      `${c.bold}Options:${c.reset}`,
+      `  --json          Machine-readable JSON output`,
+      ``,
+      `${c.bold}Aliases:${c.reset} activity, my`,
+      ``,
+      `${c.bold}Examples:${c.reset}`,
+      `  agentaudit activity`,
+      `  agentaudit activity --json`,
+      `  agentaudit my`,
+    ],
+    my: null, // alias → activity
+    search: [
+      `${c.bold}agentaudit search${c.reset} <query> [options]`,
+      ``,
+      `Search for packages in the AgentAudit registry by name, ASF-ID, or hash.`,
+      ``,
+      `${c.bold}Options:${c.reset}`,
+      `  --json          Machine-readable JSON output`,
+      ``,
+      `${c.bold}Aliases:${c.reset} search, find`,
+      ``,
+      `${c.bold}Examples:${c.reset}`,
+      `  agentaudit search fastmcp`,
+      `  agentaudit search mcp-server`,
+      `  agentaudit search ASF-2025-0001`,
+      `  agentaudit search fastmcp --json`,
+      `  agentaudit find fastmcp`,
+    ],
+    find: null, // alias → search
   };
   // Show subcommand help: `agentaudit help <cmd>` or `agentaudit <cmd> --help`
   function showSubcommandHelp(cmd) {
     let helpLines = subcommandHelp[cmd];
-    if (helpLines === null && subcommandHelp[cmd] === null) {
+    if (helpLines === null) {
       // alias redirect
-      const alias = cmd === 'check' ? 'lookup' : cmd;
-      helpLines = subcommandHelp[alias];
+      const aliases = { check: 'lookup', dash: 'dashboard', lb: 'leaderboard', bench: 'benchmark', my: 'activity', find: 'search' };
+      helpLines = subcommandHelp[aliases[cmd] || cmd];
     }
     if (!helpLines) {
       console.log(`  ${c.red}No help available for "${cmd}"${c.reset}`);
@@ -2124,9 +3199,16 @@ async function main() {
     console.log(`    ${c.cyan}audit${c.reset} <url> [url...]  Deep LLM-powered security audit (~30s)`);
     console.log(`    ${c.cyan}lookup${c.reset} <name>         Look up package in registry`);
     console.log();
+    console.log(`  ${c.bold}COMMUNITY${c.reset}`);
+    console.log(`    ${c.cyan}dashboard${c.reset}             Interactive dashboard (full-screen)`);
+    console.log(`    ${c.cyan}leaderboard${c.reset}           Top contributors ranking`);
+    console.log(`    ${c.cyan}benchmark${c.reset}             LLM model performance comparison`);
+    console.log(`    ${c.cyan}activity${c.reset}              Your recent audits & findings`);
+    console.log(`    ${c.cyan}search${c.reset} <query>        Search packages in registry`);
+    console.log();
     console.log(`  ${c.bold}CONFIGURATION${c.reset}`);
     console.log(`    ${c.cyan}model${c.reset}                 Configure LLM provider + model`);
-    console.log(`    ${c.cyan}setup${c.reset}                 Create account / enter API key`);
+    console.log(`    ${c.cyan}setup${c.reset}                 Log in to agentaudit.dev (for report uploads)`);
     console.log(`    ${c.cyan}status${c.reset}                Show current config + auth status`);
     console.log();
     console.log(`  ${c.bold}FLAGS${c.reset}`);
@@ -2154,9 +3236,31 @@ async function main() {
   // Default no-arg → discover
   const command = args.length === 0 ? 'discover' : args[0];
   const targets = args.slice(1);
+  // Dashboard/Leaderboard/Benchmark — before banner() since dashboard uses alt-screen
+  if (command === 'dashboard' || command === 'dash') {
+    await dashboardCommand();
+    return;
+  }
+  if (command === 'leaderboard' || command === 'lb') {
+    await leaderboardCommand(targets);
+    return;
+  }
+  if (command === 'benchmark' || command === 'bench') {
+    await benchmarkCommand(targets);
+    return;
+  }
+  if (command === 'activity' || command === 'my') {
+    await activityCommand(targets);
+    return;
+  }
+  if (command === 'search' || command === 'find') {
+    await searchCommand(targets);
+    return;
+  }
   banner();
   if (command === 'setup') {
     await setupCommand();
     return;
@@ -2218,6 +3322,39 @@ async function main() {
     }
     console.log();
+    // Personal stats (from registry, silently skip on error)
+    if (creds?.agent_name && creds.agent_name !== 'env') {
+      try {
+        const [agentRes, lbRes] = await Promise.all([
+          fetch(`${REGISTRY_URL}/api/agents/${encodeURIComponent(creds.agent_name)}`, {
+            headers: { 'Authorization': `Bearer ${creds.api_key}` },
+            signal: AbortSignal.timeout(10_000),
+          }).then(r => r.ok ? r.json() : null),
+          fetch(`${REGISTRY_URL}/api/leaderboard?limit=100`, { signal: AbortSignal.timeout(10_000) }).then(r => r.ok ? r.json() : null),
+        ]);
+        if (agentRes) {
+          let rank = null;
+          if (Array.isArray(lbRes)) {
+            const idx = lbRes.findIndex(e => e.agent_name === creds.agent_name);
+            if (idx >= 0) rank = idx + 1;
+          }
+          // Update profile cache
+          saveProfileCache({
+            agent_name: creds.agent_name,
+            rank,
+            total_points: agentRes.total_points || 0,
+            total_reports: agentRes.total_reports || 0,
+          });
+          console.log(`  ${c.bold}Profile${c.reset}`);
+          console.log(`    Rank        ${c.bold}${rank ? `#${rank} of ${lbRes.length}` : '-'}${c.reset}`);
+          console.log(`    Points      ${c.bold}${fmtNum(agentRes.total_points || 0)}${c.reset}`);
+          console.log(`    Audits      ${c.bold}${fmtNum(agentRes.total_reports || 0)}${c.reset}`);
+          console.log(`    Findings    ${c.bold}${fmtNum(agentRes.total_findings_submitted || 0)}${c.reset} ${c.dim}(${fmtNum(agentRes.total_findings_confirmed || 0)} confirmed)${c.reset}`);
+          console.log();
+        }
+      } catch {}
+    }
     // JSON mode
     if (jsonMode) {
       const status = {