ai-trust 0.1.3 → 0.2.1

package/README.md

@@ -41,13 +41,44 @@ Specify the package type explicitly:
 ai-trust check my-agent --type a2a_agent
 ```
 
+#### Scan on demand
+
+When a package isn't in the registry, ai-trust can download and scan it locally using [HackMyAgent](https://github.com/opena2a-org/hackmyagent). In interactive mode, you'll be prompted. In CI, use flags:
+
+```bash
+# Auto-scan unknown packages, contribute results to the community registry
+ai-trust check mcp-server-xyz --scan-if-missing --contribute
+
+# Force re-scan even if registry data exists
+ai-trust check server-filesystem --rescan
+
+# Disable scanning entirely (registry lookup only)
+ai-trust check server-filesystem --no-scan
+```
+
+#### Community contribution
+
+Scan results can be shared with the OpenA2A Registry as anonymized telemetry (check pass/fail and severity only -- no file paths, source code, or descriptions).
+
+On first scan, ai-trust asks whether you'd like to contribute. Your choice is saved in `~/.opena2a/config.json` and shared across all OpenA2A tools (opena2a-cli, hackmyagent).
+
+```bash
+# Contribute for this scan (non-interactive / CI)
+ai-trust check chalk --rescan --contribute
+
+# Configure globally via opena2a-cli
+opena2a config set contribute true    # opt in
+opena2a config set contribute false   # opt out
+```
+
 ### audit
 
-Parse `package.json` or `requirements.txt` and batch-query all dependencies.
+Parse dependency files and batch-query all dependencies. Supports any `.json` file (package.json format) or `.txt` file (requirements.txt format). Unknown extensions are auto-detected.
 
 ```bash
 ai-trust audit package.json
 ai-trust audit requirements.txt
+ai-trust audit deps/prod-deps.json
 ```
 
 Set a minimum trust level threshold (default: 3):
@@ -56,6 +87,12 @@ Set a minimum trust level threshold (default: 3):
 ai-trust audit package.json --min-trust 2
 ```
 
+Scan dependencies not found in the registry:
+
+```bash
+ai-trust audit package.json --scan-missing --contribute
+```
+
 ### batch
 
 Look up trust verdicts for multiple packages at once.
@@ -64,7 +101,7 @@ Look up trust verdicts for multiple packages at once.
 ai-trust batch express lodash chalk commander
 ```
 
-Apply the same type to all packages:
+Filter by package type (packages that don't match are excluded):
 
 ```bash
 ai-trust batch my-server-a my-server-b --type mcp_server
@@ -95,9 +132,9 @@ ai-trust check express --no-color
 
 | Code | Meaning |
 |------|---------|
-| 0 | All queried packages meet the minimum trust threshold |
-| 1 | Error (network failure, file not found, server error, package not found) |
-| 2 | One or more packages fall below the minimum trust threshold (`--min-trust`) |
+| 0 | All queried packages are safe / meet the trust threshold |
+| 1 | Operational error (network failure, file not found, server error) |
+| 2 | Policy signal: one or more packages have warning/blocked verdict or fall below `--min-trust` |
 
 ## Trust Levels
 
@@ -112,6 +149,7 @@ ai-trust check express --no-color
 ## Requirements
 
 - Node.js 18 or later
+- [HackMyAgent](https://github.com/opena2a-org/hackmyagent) (optional, required for local scanning)
 
 ## Development
 

package/dist/api/client.d.ts

@@ -43,6 +43,34 @@ export interface PackageQuery {
     name: string;
     type?: string;
 }
+export interface ScanSubmission {
+    name: string;
+    type?: string;
+    score: number;
+    maxScore: number;
+    findings: ScanFinding[];
+    projectType?: string;
+    scanTimestamp: string;
+    /** Ed25519 signature (hex) if user has an opena2a identity */
+    signature?: string;
+    /** Public key (hex) of the signer */
+    publicKey?: string;
+}
+export interface ScanFinding {
+    checkId: string;
+    name: string;
+    severity: string;
+    passed: boolean;
+    message: string;
+    category?: string;
+    /** Attack taxonomy class this finding maps to (from HMA taxonomy) */
+    attackClass?: string;
+}
+export interface PublishResponse {
+    accepted: boolean;
+    packageId?: string;
+    message?: string;
+}
 export declare class PackageNotFoundError extends Error {
     readonly packageName: string;
     constructor(name: string);
@@ -52,5 +80,9 @@ export declare class RegistryClient {
     constructor(registryUrl: string);
     checkTrust(name: string, type?: string): Promise<TrustAnswer>;
     batchQuery(packages: PackageQuery[]): Promise<BatchResponse>;
+    /**
+     * Publish scan results to the community registry.
+     */
+    publishScan(submission: ScanSubmission): Promise<PublishResponse>;
 }
 //# sourceMappingURL=client.d.ts.map

package/dist/api/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,cAAc,CAAC;IAE9B,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,qBAAqB,CAAC;CACrC;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAQD,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,oBAAqB,SAAQ,KAAK;IAC7C,SAAgB,WAAW,EAAE,MAAM,CAAC;gBAExB,IAAI,EAAE,MAAM;CAKzB;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,OAAO,CAAS;gBAEZ,WAAW,EAAE,MAAM;IAIzB,UAAU,CACd,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,WAAW,CAAC;IAmCjB,UAAU,CAAC,QAAQ,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC;CAkCnE"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,cAAc,CAAC;IAE9B,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,qBAAqB,CAAC;CACrC;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAQD,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,8DAA8D;IAC9D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qEAAqE;IACrE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,oBAAqB,SAAQ,KAAK;IAC7C,SAAgB,WAAW,EAAE,MAAM,CAAC;gBAExB,IAAI,EAAE,MAAM;CAKzB;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,OAAO,CAAS;gBAEZ,WAAW,EAAE,MAAM;IAIzB,UAAU,CACd,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,WAAW,CAAC;IAmCjB,UAAU,CAAC,QAAQ,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC;IAmClE;;OAEG;IACG,WAAW,CACf,UAAU,EAAE,cAAc,GACzB,OAAO,CAAC,eAAe,CAAC;CAqB5B"}

package/dist/api/client.js

@@ -76,5 +76,25 @@ export class RegistryClient {
             },
         };
     }
+    /**
+     * Publish scan results to the community registry.
+     */
+    async publishScan(submission) {
+        const url = `${this.baseUrl}/api/v1/trust/publish`;
+        const response = await fetch(url, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                "Accept": "application/json",
+                "User-Agent": USER_AGENT,
+            },
+            body: JSON.stringify(submission),
+        });
+        if (!response.ok) {
+            const body = await response.text();
+            throw new Error(`Registry publish failed (${response.status}): ${body}`);
+        }
+        return (await response.json());
+    }
 }
 //# sourceMappingURL=client.js.map

package/dist/api/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAC1C,MAAM,UAAU,GAAG,YAAY,GAAG,CAAC,OAAO,EAAE,CAAC;AAwD7C,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAC7B,WAAW,CAAS;IAEpC,YAAY,IAAY;QACtB,KAAK,CAAC,YAAY,IAAI,sCAAsC,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;QACnC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,OAAO,cAAc;IACjB,OAAO,CAAS;IAExB,YAAY,WAAmB;QAC7B,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,UAAU,CACd,IAAY,EACZ,IAAa;QAEb,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,IAAI;YACJ,cAAc,EAAE,MAAM;YACtB,WAAW,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3B,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,uBAAuB,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;QACtE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,UAAU;aACzB;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC;YACvC,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,yBAAyB,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CACpD,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgB,CAAC;QACpD,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAwB;QACvC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,qBAAqB,CAAC;QACjD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,UAAU;aACzB;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,yBAAyB,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CACpD,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;QACxD,MAAM,SAAS,GAAG,sCAAsC,CAAC;QACzD,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAC5B,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC;QACvD,CAAC;QACD,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;QACxD,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,IAAI,EAAE;gBACJ,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,KAAK;gBACL,QAAQ,EAAE,GAAG,CAAC,KAAK,GAAG,KAAK;aAC5B;SACF,CAAC;IACJ,CAAC;CACF"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAC1C,MAAM,UAAU,GAAG,YAAY,GAAG,CAAC,OAAO,EAAE,CAAC;AAuF7C,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAC7B,WAAW,CAAS;IAEpC,YAAY,IAAY;QACtB,KAAK,CAAC,YAAY,IAAI,sCAAsC,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;QACnC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,OAAO,cAAc;IACjB,OAAO,CAAS;IAExB,YAAY,WAAmB;QAC7B,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,UAAU,CACd,IAAY,EACZ,IAAa;QAEb,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,IAAI;YACJ,cAAc,EAAE,MAAM;YACtB,WAAW,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3B,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,uBAAuB,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;QACtE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,UAAU;aACzB;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC;YACvC,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,yBAAyB,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CACpD,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgB,CAAC;QACpD,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAwB;QACvC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,qBAAqB,CAAC;QACjD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,UAAU;aACzB;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,yBAAyB,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CACpD,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;QACxD,MAAM,SAAS,GAAG,sCAAsC,CAAC;QACzD,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAC5B,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC;QACvD,CAAC;QACD,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;QACxD,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,IAAI,EAAE;gBACJ,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,KAAK;gBACL,QAAQ,EAAE,GAAG,CAAC,KAAK,GAAG,KAAK;aAC5B;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CACf,UAA0B;QAE1B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,uBAAuB,CAAC;QACnD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,UAAU;aACzB;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;SACjC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,4BAA4B,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CACxD,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAoB,CAAC;IACpD,CAAC;CACF"}

package/dist/commands/audit.d.ts

@@ -1,5 +1,6 @@
 /**
- * oa2a audit - Parse dependency files and batch query trust.
+ * ai-trust audit - Parse dependency files and batch query trust.
+ * Supports scanning missing packages locally with HMA.
  */
 import type { Command } from "commander";
 export declare function registerAuditCommand(program: Command): void;

package/dist/commands/audit.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAKzC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAuE3D"}
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA0BzC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAuH3D"}

package/dist/commands/audit.js

@@ -1,14 +1,21 @@
 /**
- * oa2a audit - Parse dependency files and batch query trust.
+ * ai-trust audit - Parse dependency files and batch query trust.
+ * Supports scanning missing packages locally with HMA.
  */
+import chalk from "chalk";
 import { RegistryClient } from "../api/client.js";
 import { parseDependencyFile } from "../utils/parser.js";
-import { formatBatchResults, formatJson } from "../output/formatter.js";
+import { formatBatchResults, formatJson, } from "../output/formatter.js";
+import { isHmaAvailable, scanPackage } from "../scanner/index.js";
+import { confirm } from "../utils/prompt.js";
+import { isContributeEnabled, shouldPromptContribute, showContributePrompt, incrementScanCount, buildContributionPayload, submitContribution, } from "../telemetry/index.js";
 export function registerAuditCommand(program) {
     program
         .command("audit <file>")
         .description("Audit dependencies from package.json or requirements.txt")
         .option("--min-trust <level>", "minimum trust level threshold", "3")
+        .option("--scan-missing", "scan packages not found in registry using HMA")
+        .option("--contribute", "contribute scan results to community registry")
         .action(async (file, opts) => {
         const globalOpts = program.opts();
         const minTrust = parseInt(opts.minTrust, 10);
@@ -30,31 +37,146 @@ export function registerAuditCommand(program) {
             }
             const client = new RegistryClient(globalOpts.registryUrl);
             const response = await client.batchQuery(packages);
+            // Scan missing packages if requested
+            const notFound = response.results.filter((r) => !r.found);
+            if (notFound.length > 0 && opts.scanMissing) {
+                await scanMissingPackages(notFound, response.results, opts, globalOpts.registryUrl);
+            }
+            else if (notFound.length > 0 &&
+                !opts.scanMissing &&
+                process.stdin.isTTY) {
+                // Interactive: offer to scan
+                const shouldScan = await confirm(`${notFound.length} package(s) not in registry. Scan locally?`, false);
+                if (shouldScan) {
+                    if (!(await isHmaAvailable())) {
+                        console.error("HMA (HackMyAgent) is required for scanning. Install it with:");
+                        console.error("  npm install -g hackmyagent");
+                    }
+                    else {
+                        await scanMissingPackages(notFound, response.results, opts, globalOpts.registryUrl);
+                    }
+                }
+            }
             if (globalOpts.json) {
                 console.log(formatJson(response));
             }
             else {
                 console.log(formatBatchResults(response, minTrust));
             }
-            // Exit code 2 for policy violation (below threshold).
-            // Exit code 1 is reserved for actual errors (network, server).
             const belowThreshold = response.results.some((r) => r.found && r.trustLevel < minTrust);
             if (belowThreshold) {
                 process.exitCode = 2;
             }
         }
         catch (err) {
+            let message;
             if (err instanceof Error &&
                 "code" in err &&
                 err.code === "ENOENT") {
-                console.error(`Error: File not found: ${file}`);
+                message = `File not found: ${file}`;
+            }
+            else {
+                message = err instanceof Error ? err.message : String(err);
+            }
+            if (globalOpts.json) {
+                console.log(formatJson({ file, error: message }));
             }
             else {
-                const message = err instanceof Error ? err.message : String(err);
                 console.error(`Error: ${message}`);
             }
             process.exitCode = 1;
         }
     });
 }
+/**
+ * Scan packages not found in registry and update the results array in-place.
+ */
+async function scanMissingPackages(notFound, allResults, opts, registryUrl) {
+    const available = await isHmaAvailable();
+    if (!available) {
+        console.error("HMA (HackMyAgent) is required for scanning. Install it with:");
+        console.error("  npm install -g hackmyagent");
+        return;
+    }
+    console.error(chalk.gray(`Scanning ${notFound.length} missing package(s)...`));
+    const scannedResults = [];
+    for (const pkg of notFound) {
+        try {
+            console.error(chalk.gray(`  Scanning ${pkg.name}...`));
+            const scanResult = await scanPackage(pkg.name);
+            // Update the result in-place
+            const idx = allResults.findIndex((r) => r.name === pkg.name);
+            if (idx !== -1) {
+                allResults[idx] = {
+                    ...allResults[idx],
+                    found: true,
+                    trustLevel: scanResult.trustLevel,
+                    trustScore: scanResult.trustScore,
+                    verdict: scanResult.verdict,
+                    scanStatus: "local",
+                };
+            }
+            scannedResults.push({ name: pkg.name, scanResult });
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            console.error(chalk.yellow(`  Could not scan ${pkg.name}: ${message}`));
+        }
+    }
+    // Handle community contribution for all scanned packages
+    if (scannedResults.length > 0) {
+        await handleAuditContribution(scannedResults, opts, registryUrl);
+    }
+}
+/**
+ * Handle community contribution after audit scanning.
+ * Follows the same opt-in flow as check: config -> prompt -> submit.
+ */
+async function handleAuditContribution(scannedResults, opts, registryUrl) {
+    // Track scan count for each scanned package
+    for (let i = 0; i < scannedResults.length; i++) {
+        incrementScanCount();
+    }
+    if (opts.contribute) {
+        for (const { name, scanResult } of scannedResults) {
+            await submitAnonymizedTelemetry(name, scanResult, registryUrl);
+        }
+        return;
+    }
+    const configEnabled = isContributeEnabled();
+    if (configEnabled === true) {
+        // Already opted in: auto-contribute anonymized telemetry
+        for (const { name, scanResult } of scannedResults) {
+            await submitAnonymizedTelemetry(name, scanResult, registryUrl);
+        }
+        return;
+    }
+    if (configEnabled === false) {
+        return;
+    }
+    // Not yet configured: check if we should prompt
+    if (shouldPromptContribute()) {
+        const enabled = await showContributePrompt();
+        if (enabled) {
+            for (const { name, scanResult } of scannedResults) {
+                await submitAnonymizedTelemetry(name, scanResult, registryUrl);
+            }
+        }
+    }
+}
+/**
+ * Submit anonymized telemetry to the registry (opt-in contribution).
+ */
+async function submitAnonymizedTelemetry(name, scanResult, registryUrl) {
+    try {
+        const payload = buildContributionPayload(name, scanResult.scan.findings);
+        const result = await submitContribution(payload, registryUrl);
+        if (result.success) {
+            console.error(chalk.green(`  Anonymized scan data shared: ${name}`));
+        }
+    }
+    catch {
+        // Non-fatal
+    }
+}
 //# sourceMappingURL=audit.js.map

package/dist/commands/audit.js.map

@@ -1 +1 @@
-{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAExE,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CACV,0DAA0D,CAC3D;SACA,MAAM,CACL,qBAAqB,EACrB,+BAA+B,EAC/B,GAAG,CACJ;SACA,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,IAA0B,EAAE,EAAE;QACzD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAG9B,CAAC;QAEF,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,QAAQ,GAAG,CAAC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;YACpD,OAAO,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;YACrE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAEjD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1B,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;gBAC5D,OAAO;YACT,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBAC1B,OAAO,CAAC,KAAK,CACX,iCAAiC,QAAQ,CAAC,MAAM,kEAAkE,CACnH,CAAC;gBACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;YAC1D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAEnD,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;YACtD,CAAC;YAED,sDAAsD;YACtD,+DAA+D;YAC/D,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAC1C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,UAAU,GAAG,QAAQ,CAC1C,CAAC;YACF,IAAI,cAAc,EAAE,CAAC;gBACnB,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IACE,GAAG,YAAY,KAAK;gBACpB,MAAM,IAAI,GAAG;gBACZ,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAChD,CAAC;gBACD,OAAO,CAAC,KAAK,CAAC,0BAA0B,IAAI,EAAE,CAAC,CAAC;YAClD,CAAC;iBAAM,CAAC;gBACN,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACjE,OAAO,CAAC,KAAK,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC;YACrC,CAAC;YACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EACL,kBAAkB,EAClB,UAAU,GACX,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElE,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,kBAAkB,GACnB,MAAM,uBAAuB,CAAC;AAQ/B,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CACV,0DAA0D,CAC3D;SACA,MAAM,CACL,qBAAqB,EACrB,+BAA+B,EAC/B,GAAG,CACJ;SACA,MAAM,CACL,gBAAgB,EAChB,+CAA+C,CAChD;SACA,MAAM,CACL,cAAc,EACd,+CAA+C,CAChD;SACA,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,IAAkB,EAAE,EAAE;QACjD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAG9B,CAAC;QAEF,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,QAAQ,GAAG,CAAC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;YACpD,OAAO,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;YACrE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAEjD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1B,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;gBAC5D,OAAO;YACT,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBAC1B,OAAO,CAAC,KAAK,CACX,iCAAiC,QAAQ,CAAC,MAAM,kEAAkE,CACnH,CAAC;gBACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;YAC1D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAEnD,qCAAqC;YACrC,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YAC1D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC5C,MAAM,mBAAmB,CACvB,QAAQ,EACR,QAAQ,CAAC,OAAO,EAChB,IAAI,EACJ,UAAU,CAAC,WAAW,CACvB,CAAC;YACJ,CAAC;iBAAM,IACL,QAAQ,CAAC,MAAM,GAAG,CAAC;gBACnB,CAAC,IAAI,CAAC,WAAW;gBACjB,OAAO,CAAC,KAAK,CAAC,KAAK,EACnB,CAAC;gBACD,6BAA6B;gBAC7B,MAAM,UAAU,GAAG,MAAM,OAAO,CAC9B,GAAG,QAAQ,CAAC,MAAM,4CAA4C,EAC9D,KAAK,CACN,CAAC;gBACF,IAAI,UAAU,EAAE,CAAC;oBACf,IAAI,CAAC,CAAC,MAAM,cAAc,EAAE,CAAC,EAAE,CAAC;wBAC9B,OAAO,CAAC,KAAK,CACX,8DAA8D,CAC/D,CAAC;wBACF,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;oBAChD,CAAC;yBAAM,CAAC;wBACN,MAAM,mBAAmB,CACvB,QAAQ,EACR,QAAQ,CAAC,OAAO,EAChB,IAAI,EACJ,UAAU,CAAC,WAAW,CACvB,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;YACtD,CAAC;YAED,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAC1C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,UAAU,GAAG,QAAQ,CAC1C,CAAC;YACF,IAAI,cAAc,EAAE,CAAC;gBACnB,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAI,OAAe,CAAC;YACpB,IACE,GAAG,YAAY,KAAK;gBACpB,MAAM,IAAI,GAAG;gBACZ,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAChD,CAAC;gBACD,OAAO,GAAG,mBAAmB,IAAI,EAAE,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACN,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,CAAC;YAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC;YACrC,CAAC;YACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB,CAChC,QAAuB,EACvB,UAAyB,EACzB,IAAkB,EAClB,WAAmB;IAEnB,MAAM,SAAS,GAAG,MAAM,cAAc,EAAE,CAAC;IACzC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CACX,8DAA8D,CAC/D,CAAC;QACF,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC9C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,IAAI,CAAC,YAAY,QAAQ,CAAC,MAAM,wBAAwB,CAAC,CAChE,CAAC;IAEF,MAAM,cAAc,GAA+C,EAAE,CAAC;IAEtE,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC;YACvD,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAE/C,6BAA6B;YAC7B,MAAM,GAAG,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC,CAAC;YAC7D,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;gBACf,UAAU,CAAC,GAAG,CAAC,GAAG;oBAChB,GAAG,UAAU,CAAC,GAAG,CAAC;oBAClB,KAAK,EAAE,IAAI;oBACX,UAAU,EAAE,UAAU,CAAC,UAAU;oBACjC,UAAU,EAAE,UAAU,CAAC,UAAU;oBACjC,OAAO,EAAE,UAAU,CAAC,OAAO;oBAC3B,UAAU,EAAE,OAAO;iBACpB,CAAC;YACJ,CAAC;YAED,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,MAAM,CAAC,oBAAoB,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC,CACzD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,uBAAuB,CAC3B,cAAc,EACd,IAAI,EACJ,WAAW,CACZ,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,uBAAuB,CACpC,cAA0D,EAC1D,IAAkB,EAClB,WAAmB;IAEnB,4CAA4C;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/C,kBAAkB,EAAE,CAAC;IACvB,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,cAAc,EAAE,CAAC;YAClD,MAAM,yBAAyB,CAAC,IAAI,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QACjE,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;IAE5C,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;QAC3B,yDAAyD;QACzD,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,cAAc,EAAE,CAAC;YAClD,MAAM,yBAAyB,CAAC,IAAI,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QACjE,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,aAAa,KAAK,KAAK,EAAE,CAAC;QAC5B,OAAO;IACT,CAAC;IAED,gDAAgD;IAChD,IAAI,sBAAsB,EAAE,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,cAAc,EAAE,CAAC;gBAClD,MAAM,yBAAyB,CAAC,IAAI,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,yBAAyB,CACtC,IAAY,EACZ,UAAsB,EACtB,WAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,wBAAwB,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzE,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAE9D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,KAAK,CAAC,kCAAkC,IAAI,EAAE,CAAC,CACtD,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,YAAY;IACd,CAAC;AACH,CAAC"}

package/dist/commands/batch.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"batch.d.ts","sourceRoot":"","sources":["../../src/commands/batch.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAMzC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAoE3D"}
+{"version":3,"file":"batch.d.ts","sourceRoot":"","sources":["../../src/commands/batch.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAMzC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAqF3D"}

package/dist/commands/batch.js

@@ -30,6 +30,20 @@ export function registerBatchCommand(program) {
         const client = new RegistryClient(globalOpts.registryUrl);
         try {
             const response = await client.batchQuery(packages);
+            // When --type is set, filter out packages that don't match
+            if (opts.type) {
+                for (const r of response.results) {
+                    if (r.found &&
+                        r.packageType &&
+                        r.packageType !== opts.type) {
+                        r.found = false;
+                        r.verdict = "unknown";
+                        r.trustLevel = 0;
+                        response.meta.found--;
+                        response.meta.notFound++;
+                    }
+                }
+            }
             if (globalOpts.json) {
                 console.log(formatJson(response));
             }

package/dist/commands/batch.js.map

@@ -1 +1 @@
-{"version":3,"file":"batch.js","sourceRoot":"","sources":["../../src/commands/batch.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,kBAAkB,CAAC;SAC3B,WAAW,CAAC,0CAA0C,CAAC;SACvD,MAAM,CAAC,mBAAmB,EAAE,uCAAuC,CAAC;SACpE,MAAM,CACL,qBAAqB,EACrB,+BAA+B,EAC/B,GAAG,CACJ;SACA,MAAM,CACL,KAAK,EACH,KAAe,EACf,IAAyC,EACzC,EAAE;QACF,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAG9B,CAAC;QAEF,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,QAAQ,GAAG,CAAC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;YACpD,OAAO,CAAC,KAAK,CACX,qDAAqD,CACtD,CAAC;YACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACvB,OAAO,CAAC,KAAK,CACX,6BAA6B,KAAK,CAAC,MAAM,kEAAkE,CAC5G,CAAC;YACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAmB,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YACvD,IAAI,EAAE,aAAa,CAAC,OAAO,CAAC;YAC5B,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1C,CAAC,CAAC,CAAC;QAEJ,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QAE1D,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAEnD,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;YACtD,CAAC;YAED,sDAAsD;YACtD,+DAA+D;YAC/D,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAC1C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,UAAU,GAAG,QAAQ,CAC1C,CAAC;YACF,IAAI,cAAc,EAAE,CAAC;gBACnB,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,CAAC,KAAK,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC;YACnC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC,CACF,CAAC;AACN,CAAC"}
+{"version":3,"file":"batch.js","sourceRoot":"","sources":["../../src/commands/batch.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,kBAAkB,CAAC;SAC3B,WAAW,CAAC,0CAA0C,CAAC;SACvD,MAAM,CAAC,mBAAmB,EAAE,uCAAuC,CAAC;SACpE,MAAM,CACL,qBAAqB,EACrB,+BAA+B,EAC/B,GAAG,CACJ;SACA,MAAM,CACL,KAAK,EACH,KAAe,EACf,IAAyC,EACzC,EAAE;QACF,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAG9B,CAAC;QAEF,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,QAAQ,GAAG,CAAC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;YACpD,OAAO,CAAC,KAAK,CACX,qDAAqD,CACtD,CAAC;YACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACvB,OAAO,CAAC,KAAK,CACX,6BAA6B,KAAK,CAAC,MAAM,kEAAkE,CAC5G,CAAC;YACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAmB,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YACvD,IAAI,EAAE,aAAa,CAAC,OAAO,CAAC;YAC5B,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1C,CAAC,CAAC,CAAC;QAEJ,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QAE1D,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAEnD,2DAA2D;YAC3D,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;oBACjC,IACE,CAAC,CAAC,KAAK;wBACP,CAAC,CAAC,WAAW;wBACb,CAAC,CAAC,WAAW,KAAK,IAAI,CAAC,IAAI,EAC3B,CAAC;wBACD,CAAC,CAAC,KAAK,GAAG,KAAK,CAAC;wBAChB,CAAC,CAAC,OAAO,GAAG,SAAS,CAAC;wBACtB,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC;wBACjB,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;wBACtB,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAC3B,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;YACtD,CAAC;YAED,sDAAsD;YACtD,+DAA+D;YAC/D,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAC1C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,UAAU,GAAG,QAAQ,CAC1C,CAAC;YACF,IAAI,cAAc,EAAE,CAAC;gBACnB,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,CAAC,KAAK,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC;YACnC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC,CACF,CAAC;AACN,CAAC"}

package/dist/commands/check.d.ts

@@ -1,5 +1,8 @@
 /**
- * oa2a check - Single package trust lookup.
+ * ai-trust check - Single package trust lookup with scan-on-demand.
+ *
+ * When a package isn't in the registry, offers to scan it locally with HMA
+ * and optionally contribute results to the community registry.
  */
 import type { Command } from "commander";
 export declare function registerCheckCommand(program: Command): void;

package/dist/commands/check.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAKzC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAiC3D"}
+{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA6BzC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA2E3D"}

package/dist/commands/check.js

@@ -1,36 +1,182 @@
 /**
- * oa2a check - Single package trust lookup.
+ * ai-trust check - Single package trust lookup with scan-on-demand.
+ *
+ * When a package isn't in the registry, offers to scan it locally with HMA
+ * and optionally contribute results to the community registry.
  */
-import { RegistryClient } from "../api/client.js";
-import { formatCheckResult, formatJson } from "../output/formatter.js";
+import chalk from "chalk";
+import { RegistryClient, PackageNotFoundError } from "../api/client.js";
+import { formatCheckResult, formatScanResult, formatJson, } from "../output/formatter.js";
 import { resolveAndLog } from "../utils/resolve.js";
+import { isHmaAvailable, scanPackage } from "../scanner/index.js";
+import { confirm } from "../utils/prompt.js";
+import { isContributeEnabled, shouldPromptContribute, showContributePrompt, incrementScanCount, buildContributionPayload, submitContribution, } from "../telemetry/index.js";
 export function registerCheckCommand(program) {
     program
         .command("check <name>")
         .description("Look up trust information for a single package")
-        .option("-t, --type <type>", "package type filter (mcp_server, a2a_agent, ai_tool, etc.). Note: the registry returns the canonical type; this flag filters but does not override the stored type.")
+        .option("-t, --type <type>", "package type filter (mcp_server, a2a_agent, ai_tool, etc.)")
+        .option("--scan-if-missing", "auto-scan packages not in registry (non-interactive)")
+        .option("--contribute", "auto-contribute scan results to community registry")
+        .option("--no-scan", "never scan, only query registry")
+        .option("--rescan", "force re-scan even if data exists")
+        .option("--stale-days <n>", "consider data stale after N days", "90")
         .action(async (rawName, opts) => {
         const globalOpts = program.opts();
         const name = resolveAndLog(rawName);
         const client = new RegistryClient(globalOpts.registryUrl);
         try {
             const result = await client.checkTrust(name, opts.type);
+            // Check for stale data
+            if (result.found && opts.rescan) {
+                await handleScanFlow(name, client, globalOpts, opts, "Re-scanning...");
+                return;
+            }
             if (globalOpts.json) {
                 console.log(formatJson(result));
             }
             else {
                 console.log(formatCheckResult(result));
             }
-            // Exit code 1 if blocked or warning
-            if (result.found && (result.verdict === "blocked" || result.verdict === "warning")) {
-                process.exitCode = 1;
+            if (result.found &&
+                (result.verdict === "blocked" || result.verdict === "warning")) {
+                process.exitCode = 2;
             }
         }
         catch (err) {
-            const message = err instanceof Error ? err.message : String(err);
-            console.error(`Error: ${message}`);
-            process.exitCode = 1;
+            if (err instanceof PackageNotFoundError && opts.scan !== false) {
+                await handleNotFound(name, client, globalOpts, opts);
+            }
+            else {
+                const message = err instanceof Error ? err.message : String(err);
+                if (globalOpts.json) {
+                    console.log(formatJson({ name, found: false, error: message }));
+                }
+                else {
+                    console.error(`Error: ${message}`);
+                }
+                process.exitCode = 1;
+            }
         }
     });
 }
+async function handleNotFound(name, client, globalOpts, opts) {
+    // Non-interactive mode with --scan-if-missing
+    if (opts.scanIfMissing) {
+        await handleScanFlow(name, client, globalOpts, opts, `Package "${name}" not found in registry. Scanning...`);
+        return;
+    }
+    // Non-TTY: just report not found (scan must be opt-in via --scan-if-missing)
+    if (!process.stdin.isTTY) {
+        const msg = `Package "${name}" not found in the OpenA2A Registry. Use --scan-if-missing to scan locally.`;
+        if (globalOpts.json) {
+            console.log(formatJson({ name, found: false, error: msg }));
+        }
+        else {
+            console.error(msg);
+        }
+        process.exitCode = 1;
+        return;
+    }
+    // Interactive mode: ask the user
+    console.error(chalk.gray(`Package "${name}" not found in the OpenA2A Registry.`));
+    if (!(await checkHmaReady()))
+        return;
+    const shouldScan = await confirm("No trust data yet. Scan it now?", false);
+    if (!shouldScan) {
+        process.exitCode = 1;
+        return;
+    }
+    await handleScanFlow(name, client, globalOpts, opts, "Scanning...");
+}
+async function handleScanFlow(name, client, globalOpts, opts, statusMessage) {
+    if (!(await checkHmaReady()))
+        return;
+    console.error(chalk.gray(statusMessage));
+    let scanResult;
+    try {
+        scanResult = await scanPackage(name);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        if (globalOpts.json) {
+            console.log(formatJson({ name, found: false, error: message }));
+        }
+        else {
+            console.error(`Error: ${message}`);
+        }
+        process.exitCode = 1;
+        return;
+    }
+    // Output scan results
+    if (globalOpts.json) {
+        console.log(formatJson(scanResult));
+    }
+    else {
+        console.log(formatScanResult(scanResult));
+    }
+    // Set exit code based on verdict (2 = policy signal, matching audit/batch)
+    if (scanResult.verdict === "blocked" || scanResult.verdict === "warning") {
+        process.exitCode = 2;
+    }
+    // Community contribution flow
+    await handleContribute(name, scanResult, globalOpts, opts);
+}
+async function handleContribute(name, scanResult, globalOpts, opts) {
+    // Track scan count regardless of contribution setting
+    incrementScanCount();
+    // Determine contribution mode:
+    // 1. --contribute flag: always contribute anonymized telemetry
+    // 2. Config enabled: auto-contribute anonymized telemetry
+    // 3. Not configured: maybe prompt
+    // 4. Config disabled: skip
+    if (opts.contribute) {
+        await submitAnonymizedTelemetry(name, scanResult, globalOpts.registryUrl);
+        return;
+    }
+    const configEnabled = isContributeEnabled();
+    if (configEnabled === true) {
+        // Already opted in: auto-contribute anonymized telemetry
+        await submitAnonymizedTelemetry(name, scanResult, globalOpts.registryUrl);
+        return;
+    }
+    if (configEnabled === false) {
+        // Explicitly opted out: skip
+        return;
+    }
+    // Not yet configured: check if we should prompt
+    if (shouldPromptContribute()) {
+        const enabled = await showContributePrompt();
+        if (enabled) {
+            await submitAnonymizedTelemetry(name, scanResult, globalOpts.registryUrl);
+        }
+    }
+}
+/**
+ * Submit anonymized telemetry to the registry (opt-in contribution).
+ * Only sends checkId, pass/fail, and severity. No file paths, descriptions, or code.
+ */
+async function submitAnonymizedTelemetry(name, scanResult, registryUrl) {
+    try {
+        const payload = buildContributionPayload(name, scanResult.scan.findings);
+        const result = await submitContribution(payload, registryUrl);
+        if (result.success) {
+            console.error(chalk.green("Anonymized scan data shared with the community."));
+        }
+        // Silent on failure -- non-blocking
+    }
+    catch {
+        // Non-fatal: telemetry submission should never crash the scan
+    }
+}
+async function checkHmaReady() {
+    const available = await isHmaAvailable();
+    if (!available) {
+        console.error("HMA (HackMyAgent) is required for scanning. Install it with:");
+        console.error("  npm install -g hackmyagent");
+        process.exitCode = 1;
+        return false;
+    }
+    return true;
+}
 //# sourceMappingURL=check.js.map