agenthusk 0.1.0

package/CHANGELOG.md

@@ -0,0 +1,14 @@
+# Changelog
+
+All notable AgentHusk changes are documented here.
+
+## 0.1.0 - 2026-06-01
+
+### Added
+
+- Bounded, local-first scanning for 10 AI coding-agent storage roots.
+- Secret-shaped value fingerprints scoped to a single report.
+- Default path anonymization with an explicit unsafe `--show-paths` option.
+- Residue, local-permission, MCP-configuration, and coverage-gap findings.
+- Self-contained HTML reports, JSON reports, and aggregate-only SVG share cards.
+- Synthetic demo, regression tests, CI, packaged CLI smoke test, and launch materials.

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 AgentHusk contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,130 @@
+# AgentHusk
+
+**Find secret-shaped residue left in local AI coding-agent storage before it becomes an incident.**
+
+AgentHusk is a local-first forensic scanner. It inspects known agent directories without intentionally modifying source artifacts, flags secrets and risky residue, and keeps matched content values out of its default anonymized reports. It writes local report artifacts containing short fingerprints so repeated matches can be grouped without copying a matched credential into another artifact.
+
+No external API. No upload. No telemetry.
+
+AgentHusk does not start configured MCP servers, execute discovered commands, or inspect live agent traffic. Its scope is deliberately narrower: static local residue after the agent has run.
+
+![AgentHusk report preview](docs/assets/agenthusk-social.svg)
+
+## 30-second quickstart
+
+Requires Node.js 20 or later.
+
+```sh
+cd /path/to/agenthusk
+node src/cli.js demo
+node src/cli.js scan
+```
+
+`demo` creates a safe synthetic report. `scan` inspects the supported agent directories that exist under your home directory and writes a local report for review.
+
+After an npm release, the intended equivalent commands are:
+
+```sh
+npx agenthusk demo
+npx agenthusk scan
+```
+
+## What it detects
+
+AgentHusk currently looks for:
+
+- Secret-shaped values, including common API keys, access tokens, bearer tokens, webhook URLs, and assigned secret values.
+- The same detected secret appearing in more than one scanned file, grouped by a short fingerprint.
+- Environment-file copies, shell-history files, and locally retained agent session transcripts.
+- Sensitive residue files readable by other local users and agent directories traversable by other local users.
+- MCP server configuration declarations that deserve a trust-boundary review.
+- Coverage gaps such as oversized files that were not content-scanned.
+
+Findings are leads for review, not proof of compromise.
+
+The report's aggregate risk signal is a visual triage aid, not a security grade or proof that a machine is safe. Use the finding evidence and coverage section to decide what to inspect locally.
+
+## Trust model
+
+AgentHusk is designed to add less sensitive residue than it finds:
+
+- AgentHusk does not intentionally edit, delete, quarantine, rotate, or upload scanned source artifacts. It does write the requested local report artifacts.
+- The scanner does not call external APIs and does not send telemetry.
+- Matched content values are not copied into content-derived report fields. A per-run random HMAC key produces a 32-character fingerprint for grouping matches within that report.
+- Fingerprints are intentionally not stable across separate runs.
+- Reports anonymize source paths by default. They still contain metadata such as anonymized paths, line numbers, permission modes, and finding details. Review reports before sharing them.
+- Raw source paths are included only when you explicitly pass the unsafe `--show-paths` option. A raw path can itself contain sensitive text, including a value also present in file content.
+- The original secret, if any, remains in the source file until you remediate it.
+
+Run scans against a snapshot or copied tree when possible, as an ordinary user. Avoid scanning a live writable tree, FUSE or network mount, or running AgentHusk with elevated privileges. The scanner skips symlinks, but it is not designed to defend against a concurrently changing or adversarial filesystem.
+
+## Supported agents
+
+The default scan checks these known locations under the current user's home directory:
+
+| Agent | Location |
+| --- | --- |
+| Codex | `~/.codex` |
+| Claude Code | `~/.claude` |
+| Gemini | `~/.gemini` |
+| OpenClaw | `~/.openclaw` |
+| Hermes | `~/.hermes` |
+| Cursor | `~/.cursor` |
+| Windsurf | `~/.windsurf` |
+| OpenCode | `~/.config/opencode` |
+| Continue | `~/.continue` |
+| Cline | `~/.cline` |
+
+Support means that AgentHusk knows where to look. It does not imply affiliation with, endorsement by, or complete coverage of any agent.
+
+## Useful options
+
+By default, AgentHusk writes `agenthusk-report.html` and `agenthusk-report.json` in the current directory. On POSIX platforms, reports are created with owner-only mode `0600`. Windows ACL enforcement is not implemented.
+
+```sh
+node src/cli.js scan --root /path/to/review --max-files 5000
+node src/cli.js scan --root /path/to/review-copy --max-bytes 8388608
+node src/cli.js scan --card agenthusk-card.svg
+node src/cli.js demo --out demo/report.html --json demo/report.json --card demo/card.svg
+```
+
+Use `--root` to scan an explicit directory instead of the default known roots; repeat it to scan more than one. Run `node src/cli.js help` for the full option list.
+
+Paths are anonymized by default so reports are safer to review and share. Use `--max-bytes` to change the per-file content-inspection limit. The SVG share card omits paths entirely.
+
+`--show-paths` is an unsafe option for local investigation only. For roots under your home directory it includes local relative paths. For external explicit roots it keeps the absolute root hidden but includes descendant names. A path can itself contain sensitive text, so do not use this option for artifacts that may be shared.
+
+## Limits
+
+AgentHusk is a narrow forensic aid, not a secret manager, malware scanner, or compliance control.
+
+- Pattern matching can produce false positives and false negatives.
+- Files larger than 4 MiB are skipped for content inspection by default.
+- Aggregate content reads are capped at 64 MiB by default.
+- A scan is capped at 20,000 visited files and a maximum traversal depth of 14 by default.
+- Discovered symlinks, symlinked final roots, and roots under the selected home with symlinked descendant components are skipped. `.git`, `node_modules`, and `coverage` directories are not traversed.
+- Binary files are not content-scanned.
+- The scanner cannot detect secrets that do not match its current rules, residue outside scanned roots, or credentials that already left the machine.
+- Scanning a live writable tree, FUSE mount, network mount, or attacker-controlled filesystem can produce inconsistent results or expose the scanner to filesystem races. Prefer a snapshot or copied tree.
+- A clean report is not evidence that a machine or account is safe.
+
+## What to do with a finding
+
+1. Review the referenced source file locally. Do not paste the underlying value into an issue.
+2. Rotate or revoke a credential if exposure is possible or retention is unexpected.
+3. Remove stale residue or restrict permissions where appropriate.
+4. Re-run the scan and inspect the new local report.
+
+## Development
+
+```sh
+npm test
+npm run check
+npm run smoke:pack
+```
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) before changing detection or redaction behavior. The scanner boundary is documented in [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md). Planned work is tracked in [docs/ROADMAP.md](docs/ROADMAP.md). For usage questions, read [SUPPORT.md](SUPPORT.md). For security reports, read [SECURITY.md](SECURITY.md). Maintainers can use [docs/RELEASE.md](docs/RELEASE.md) for the publication checklist.
+
+## License
+
+MIT

package/SECURITY.md

@@ -0,0 +1,50 @@
+# Security Policy
+
+AgentHusk scans security-sensitive local files. Treat bugs that expose source content or weaken redaction as security issues.
+
+## Supported versions
+
+AgentHusk is pre-1.0 software. Security fixes are applied to the latest release line only.
+
+| Version | Supported |
+| --- | --- |
+| Latest `0.x` release | Yes |
+| Older releases | No |
+
+## Reporting a vulnerability
+
+Do not open a public issue for a vulnerability or include real secrets, tokens, report files, or sensitive paths in public discussion.
+
+Use the repository's [private vulnerability-reporting form](https://github.com/seipass/agenthusk/security/advisories/new) when it is available. If it is not available, contact a maintainer privately through the channel listed on the repository profile. If no private channel is listed, open a minimal issue asking for a private contact method without disclosing vulnerability details.
+
+Include:
+
+- The affected AgentHusk version or commit.
+- The operating system and Node.js version.
+- A minimal reproduction using synthetic placeholders only.
+- The expected and actual behavior.
+- Whether a generated report, console output, or file path may reveal sensitive content.
+
+## Security invariants
+
+Changes should preserve these properties:
+
+- Scanned source artifacts are not intentionally modified. Requested local report artifacts are written.
+- No external API calls, uploads, or telemetry are introduced into the scanning path.
+- Default anonymized reports and normal CLI output do not contain matched content values.
+- Source paths are anonymized by default. Raw source paths appear only when the user explicitly passes the unsafe `--show-paths` option.
+- Secret fingerprints use a per-run random key and are not stable cross-run identifiers.
+- Discovered symlinks are not followed during traversal. Symlinked final roots and roots under the selected home with symlinked descendant components are skipped.
+- Test fixtures contain synthetic values only.
+
+## Report handling
+
+AgentHusk default anonymized reports omit matched content values, but they are not automatically safe public artifacts. Reports can still include line numbers, permission modes, agent names, and forensic findings. Reports generated with the unsafe `--show-paths` option also include raw source paths, which can themselves contain sensitive text or a value also present in file content. Review reports before sharing them outside the machine where they were generated.
+
+## Safe scanning environment
+
+Prefer scanning a snapshot or copied tree as an ordinary user. Avoid scanning a live writable tree, FUSE or network mount, or attacker-controlled filesystem. Do not run AgentHusk with elevated privileges unless you have a specific reason and understand the expanded exposure. Symlink skipping is not a complete defense against a filesystem that changes concurrently during traversal.
+
+## Response expectations
+
+Maintainers will validate the report, determine severity, prepare a fix, and coordinate disclosure when appropriate. Response timing depends on maintainer availability; no fixed service-level agreement is promised.

package/docs/assets/agenthusk-social.svg

@@ -0,0 +1,74 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="1200" height="630" viewBox="0 0 1200 630" role="img" aria-labelledby="title desc">
+  <title id="title">AgentHusk local-first agent forensic report</title>
+  <desc id="desc">A value-hidden scan summary with 7 local findings and a risk signal of 92. The signal is not proof.</desc>
+  <defs>
+    <pattern id="grid" width="24" height="24" patternUnits="userSpaceOnUse">
+      <path d="M24 0H0V24" fill="none" stroke="#171713" stroke-opacity=".09"/>
+    </pattern>
+    <filter id="noise">
+      <feTurbulence baseFrequency=".8" numOctaves="3" seed="17" stitchTiles="stitch"/>
+      <feColorMatrix type="saturate" values="0"/>
+      <feComponentTransfer><feFuncA type="table" tableValues="0 .12"/></feComponentTransfer>
+    </filter>
+    <style>
+      .serif { font-family: Georgia, "Times New Roman", serif; }
+      .mono { font-family: "Courier New", Courier, monospace; }
+      .label { font: 700 12px "Courier New", Courier, monospace; letter-spacing: 2px; fill: #bd4a35; }
+      .metric { font: 700 48px Georgia, "Times New Roman", serif; letter-spacing: -4px; fill: #fff9ed; }
+      .metric-label { font: 700 10px "Courier New", Courier, monospace; letter-spacing: 1.3px; fill: #776f61; }
+      .node-label { font: 700 12px Georgia, "Times New Roman", serif; fill: #171713; }
+      .node-count { font: 700 9px "Courier New", Courier, monospace; letter-spacing: 1px; fill: #776f61; }
+    </style>
+  </defs>
+  <rect width="1200" height="630" fill="#f3ead8"/>
+  <rect width="1200" height="630" fill="url(#grid)"/>
+  <rect width="1200" height="630" filter="url(#noise)" opacity=".65"/>
+  <rect width="26" height="630" fill="#ed6a4d"/>
+  <rect x="1072" width="128" height="630" fill="#171713"/>
+  <rect x="1101" width="1" height="630" fill="#f3b63f" fill-opacity=".4"/>
+
+  <text x="72" y="79" class="serif" font-size="58" font-weight="700" letter-spacing="-5" fill="#171713">agenthusk</text>
+  <text x="76" y="108" class="label">LOCAL-FIRST AGENT FORENSICS // 2026-06-01</text>
+  <text x="74" y="208" class="serif" font-size="94" font-weight="700" letter-spacing="-8" fill="#171713">Residue leaves</text>
+  <text x="74" y="292" class="serif" font-size="94" font-style="italic" letter-spacing="-8" fill="#ed6a4d">an agent husk.</text>
+  <text x="76" y="353" class="mono" font-size="15" fill="#514b41">LOCAL SCAN / 7 FINDINGS / COVERAGE CAP: NOT HIT</text>
+  <text x="76" y="378" class="mono" font-size="12" letter-spacing="1" fill="#776f61">1,842 FILES VISITED / 906 TEXT FILES INSPECTED / VALUE-HIDDEN</text>
+
+  <path d="M74 413H813" stroke="#171713" stroke-width="2"/>
+  <text x="74" y="444" class="label">AGENT EXPOSURE MAP / EVIDENCE DENSITY</text>
+  <circle cx="76" cy="473" r="26" fill="none" stroke="#f3b63f" stroke-opacity=".25"/>
+  <circle cx="76" cy="473" r="18" fill="#f3b63f"/>
+  <text x="76" y="536" class="node-label" text-anchor="middle">Codex</text>
+  <text x="76" y="557" class="node-count" text-anchor="middle">1 SIGNALS</text>
+  <circle cx="224" cy="473" r="26" fill="none" stroke="#e27650" stroke-opacity=".25"/>
+  <circle cx="224" cy="473" r="18" fill="#e27650"/>
+  <text x="224" y="536" class="node-label" text-anchor="middle">Claude Code</text>
+  <text x="224" y="557" class="node-count" text-anchor="middle">1 SIGNALS</text>
+  <circle cx="372" cy="473" r="32" fill="none" stroke="#6fb5ff" stroke-opacity=".25"/>
+  <circle cx="372" cy="473" r="24" fill="#6fb5ff"/>
+  <text x="372" y="536" class="node-label" text-anchor="middle">Gemini</text>
+  <text x="372" y="557" class="node-count" text-anchor="middle">3 SIGNALS</text>
+  <circle cx="520" cy="473" r="29" fill="none" stroke="#e96666" stroke-opacity=".25"/>
+  <circle cx="520" cy="473" r="21" fill="#e96666"/>
+  <text x="520" y="536" class="node-label" text-anchor="middle">OpenClaw</text>
+  <text x="520" y="557" class="node-count" text-anchor="middle">2 SIGNALS</text>
+
+  <rect x="840" y="56" width="285" height="518" fill="#171713"/>
+  <text x="875" y="100" class="mono" font-size="12" font-weight="700" letter-spacing="2" fill="#f3b63f">RISK SIGNAL / 100</text>
+  <text x="875" y="123" class="mono" font-size="10" font-weight="700" letter-spacing="1.4" fill="#cfc4b0">SIGNAL, NOT PROOF</text>
+  <circle cx="985" cy="252" r="92" fill="none" stroke="#ffffff" stroke-opacity=".14" stroke-width="18"/>
+  <circle cx="985" cy="252" r="92" fill="none" stroke="#ed6a4d" stroke-width="18" pathLength="100" stroke-dasharray="92 100" transform="rotate(-90 985 252)"/>
+  <text x="985" y="279" class="serif" font-size="102" font-weight="700" letter-spacing="-10" text-anchor="middle" fill="#fff9ed">92</text>
+  <text x="985" y="334" class="mono" font-size="12" font-weight="700" letter-spacing="2" text-anchor="middle" fill="#ed6a4d">CRITICAL TRIAGE BAND</text>
+
+  <path d="M874 376H1091" stroke="#ffffff" stroke-opacity=".2"/>
+  <text x="875" y="423" class="metric" fill="#fff9ed">7</text>
+  <text x="875" y="446" class="metric-label" fill="#cfc4b0">FINDINGS</text>
+  <text x="958" y="423" class="metric" fill="#fff9ed">2</text>
+  <text x="958" y="446" class="metric-label" fill="#cfc4b0">CRITICAL</text>
+  <text x="1033" y="423" class="metric" fill="#fff9ed">3</text>
+  <text x="1033" y="446" class="metric-label" fill="#cfc4b0">HIGH</text>
+  <rect x="874" y="485" width="218" height="51" fill="#f3b63f"/>
+  <text x="983" y="507" class="mono" font-size="10" font-weight="700" letter-spacing="1.4" text-anchor="middle" fill="#171713">VALUE-HIDDEN GUARANTEE</text>
+  <text x="983" y="524" class="mono" font-size="9" font-weight="700" letter-spacing=".7" text-anchor="middle" fill="#171713">MATCHED VALUES STAY HIDDEN</text>
+</svg>

package/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "agenthusk",
+  "version": "0.1.0",
+  "description": "Local-first forensic scanner for secrets and risky residue left by AI coding agents.",
+  "type": "module",
+  "bin": {
+    "agenthusk": "src/cli.js"
+  },
+  "files": [
+    "src",
+    "docs/assets/agenthusk-social.svg",
+    "CHANGELOG.md",
+    "README.md",
+    "LICENSE",
+    "SECURITY.md"
+  ],
+  "scripts": {
+    "demo": "node src/cli.js demo --out demo/agenthusk-demo.html --json demo/agenthusk-demo.json",
+    "scan": "node src/cli.js scan",
+    "test": "node --test",
+    "check": "node --check src/cli.js && node --check src/scanner.js && node --check src/report.js && node --check src/demo.js && node --check scripts/smoke-pack.js",
+    "smoke:pack": "node scripts/smoke-pack.js",
+    "release:check": "npm test && npm run check && npm run demo && npm run smoke:pack && npm publish --dry-run"
+  },
+  "keywords": [
+    "ai-agent",
+    "security",
+    "secrets",
+    "mcp",
+    "forensics",
+    "local-first",
+    "codex",
+    "claude-code",
+    "gemini-cli"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/seipass/agenthusk.git"
+  },
+  "bugs": {
+    "url": "https://github.com/seipass/agenthusk/issues"
+  },
+  "homepage": "https://github.com/seipass/agenthusk#readme",
+  "license": "MIT",
+  "engines": {
+    "node": ">=20"
+  }
+}

package/src/catalog.js

@@ -0,0 +1,28 @@
+import path from "node:path";
+
+export const AGENT_CATALOG = [
+  { id: "codex", label: "Codex", color: "#f3b63f", paths: [".codex"] },
+  { id: "claude", label: "Claude Code", color: "#e27650", paths: [".claude"] },
+  { id: "gemini", label: "Gemini", color: "#6fb5ff", paths: [".gemini"] },
+  { id: "openclaw", label: "OpenClaw", color: "#e96666", paths: [".openclaw"] },
+  { id: "hermes", label: "Hermes", color: "#dc8fff", paths: [".hermes"] },
+  { id: "cursor", label: "Cursor", color: "#a78bfa", paths: [".cursor"] },
+  { id: "windsurf", label: "Windsurf", color: "#4fc3b3", paths: [".windsurf"] },
+  {
+    id: "opencode",
+    label: "OpenCode",
+    color: "#5bd2a6",
+    paths: [path.join(".config", "opencode")]
+  },
+  { id: "continue", label: "Continue", color: "#8ad56b", paths: [".continue"] },
+  { id: "cline", label: "Cline", color: "#ff8c73", paths: [".cline"] }
+];
+
+export function knownRoots(homeDir) {
+  return AGENT_CATALOG.flatMap(agent =>
+    agent.paths.map(relativePath => ({
+      ...agent,
+      path: path.join(homeDir, relativePath)
+    }))
+  );
+}

package/src/cli.js

@@ -0,0 +1,214 @@
+#!/usr/bin/env node
+
+import crypto from "node:crypto";
+import fs from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { createDemoReport } from "./demo.js";
+import { renderHtmlReport, renderShareCard } from "./report.js";
+import { ScanUsageError, scan } from "./scanner.js";
+
+const DEFAULT_HTML_PATH = "agenthusk-report.html";
+const DEFAULT_JSON_PATH = "agenthusk-report.json";
+export const VERSION = JSON.parse(
+  fs.readFileSync(new URL("../package.json", import.meta.url), "utf8")
+).version;
+
+export const USAGE = `Usage:
+  agenthusk scan [options]
+  agenthusk demo [options]
+  agenthusk help
+  agenthusk --version
+
+Options:
+  --home <directory>    Override the home directory used by scan
+  --root <directory>    Scan a specific root; may be repeated
+  --out <file>          Write the HTML report to this file
+  --json <file>         Write the JSON report to this file
+  --card <file>         Write an SVG share card to this file
+  --max-files <count>   Stop scanning after this many files
+  --max-bytes <count>   Skip content inspection for files larger than this
+  --show-paths          Unsafe: include relative paths in a private report
+  --no-html             Do not write an HTML report
+  --version             Show the AgentHusk version
+  --help                Show this help
+`;
+
+class CliUsageError extends Error {}
+
+function takeValue(args, option) {
+  const value = args.shift();
+  if (!value || value.startsWith("--")) {
+    throw new CliUsageError(`Missing value for ${option}.`);
+  }
+  return value;
+}
+
+export function parseArguments(argv) {
+  const args = [...argv];
+  const command = args.shift() ?? "help";
+  const options = {
+    command,
+    homeDir: undefined,
+    roots: [],
+    htmlPath: DEFAULT_HTML_PATH,
+    jsonPath: DEFAULT_JSON_PATH,
+    cardPath: undefined,
+    maxFiles: undefined,
+    maxBytes: undefined,
+    showPaths: false,
+    html: true
+  };
+
+  if (command === "--help" || command === "-h") {
+    return { ...options, command: "help" };
+  }
+  if (command === "--version" || command === "-v") {
+    return { ...options, command: "version" };
+  }
+  if (!["scan", "demo", "help", "version"].includes(command)) {
+    throw new CliUsageError("Unknown command.");
+  }
+
+  while (args.length > 0) {
+    const option = args.shift();
+    switch (option) {
+      case "--home":
+        options.homeDir = takeValue(args, option);
+        break;
+      case "--root":
+        options.roots.push(takeValue(args, option));
+        break;
+      case "--out":
+        options.htmlPath = takeValue(args, option);
+        break;
+      case "--json":
+        options.jsonPath = takeValue(args, option);
+        break;
+      case "--card":
+        options.cardPath = takeValue(args, option);
+        break;
+      case "--max-files": {
+        const maxFiles = Number(takeValue(args, option));
+        if (!Number.isSafeInteger(maxFiles) || maxFiles <= 0) {
+          throw new CliUsageError("--max-files must be a positive integer.");
+        }
+        options.maxFiles = maxFiles;
+        break;
+      }
+      case "--max-bytes": {
+        const maxBytes = Number(takeValue(args, option));
+        if (!Number.isSafeInteger(maxBytes) || maxBytes <= 0) {
+          throw new CliUsageError("--max-bytes must be a positive integer.");
+        }
+        options.maxBytes = maxBytes;
+        break;
+      }
+      case "--no-html":
+        options.html = false;
+        break;
+      case "--show-paths":
+        options.showPaths = true;
+        break;
+      case "--help":
+      case "-h":
+        options.command = "help";
+        break;
+      case "--version":
+      case "-v":
+        options.command = "version";
+        break;
+      default:
+        throw new CliUsageError("Unknown option.");
+    }
+  }
+
+  return options;
+}
+
+export function atomicWrite(filePath, contents) {
+  const destination = path.resolve(filePath);
+  const directory = path.dirname(destination);
+  const temporaryPath = path.join(
+    directory,
+    `.${path.basename(destination)}.${process.pid}.${crypto.randomUUID()}.tmp`
+  );
+
+  fs.mkdirSync(directory, { recursive: true });
+  try {
+    fs.writeFileSync(temporaryPath, contents, {
+      encoding: "utf8",
+      flag: "wx",
+      mode: 0o600
+    });
+    fs.renameSync(temporaryPath, destination);
+  } finally {
+    try {
+      fs.unlinkSync(temporaryPath);
+    } catch {
+      // The rename succeeded or the temporary file was never created.
+    }
+  }
+}
+
+function createReport(options) {
+  if (options.command === "demo") return createDemoReport();
+  return scan({
+    homeDir: options.homeDir,
+    roots: options.roots.length > 0 ? options.roots : undefined,
+    maxFiles: options.maxFiles,
+    maxContentBytes: options.maxBytes,
+    showPaths: options.showPaths
+  });
+}
+
+export function runCli(
+  argv = process.argv.slice(2),
+  streams = { stdout: process.stdout, stderr: process.stderr }
+) {
+  try {
+    const options = parseArguments(argv);
+    if (options.command === "help") {
+      streams.stdout.write(USAGE);
+      return 0;
+    }
+    if (options.command === "version") {
+      streams.stdout.write(`${VERSION}\n`);
+      return 0;
+    }
+
+    const report = createReport(options);
+    const artifacts = [
+      [options.jsonPath, `${JSON.stringify(report, null, 2)}\n`]
+    ];
+    if (options.html) artifacts.push([options.htmlPath, renderHtmlReport(report)]);
+    if (options.cardPath) artifacts.push([options.cardPath, renderShareCard(report)]);
+
+    for (const [filePath, contents] of artifacts) atomicWrite(filePath, contents);
+    const coverage = report.stats.coverageIncomplete ? "coverage gaps reported" : "no cap hit";
+    streams.stdout.write(
+      `AgentHusk report generated. ${report.agents.length} roots scanned, ${report.findings.length} findings, ${coverage}.\n`
+    );
+    return 0;
+  } catch (error) {
+    if (error instanceof CliUsageError || error instanceof ScanUsageError) {
+      streams.stderr.write(`agenthusk: ${error.message}\n\n${USAGE}`);
+      return 2;
+    }
+    streams.stderr.write("agenthusk: unable to generate report.\n");
+    return 1;
+  }
+}
+
+function resolveEntryPoint(filePath) {
+  try {
+    return fs.realpathSync.native(filePath);
+  } catch {
+    return path.resolve(filePath);
+  }
+}
+
+const isEntryPoint = process.argv[1]
+  && resolveEntryPoint(process.argv[1]) === fileURLToPath(import.meta.url);
+
+if (isEntryPoint) process.exitCode = runCli();