cipher-security 2.0.2 → 2.0.3

package/bin/cipher.js

@@ -9,15 +9,13 @@
  * Fast path: --version / -V / --help / -h use only node:fs + node:path
  * (zero dynamic imports, <200ms cold start).
  *
- * Command path: dynamically imports python-bridge.js, spawns the Python
- * gateway, routes JSON-RPC commands, prints results, and exits.
+ * Command path: dynamically imports gateway/commands.js handlers,
+ * dispatches to native Node.js functions, prints results.
  */
 
 import { readFileSync } from 'node:fs';
 import { resolve, dirname } from 'node:path';
 import { fileURLToPath } from 'node:url';
-import { spawn } from 'node:child_process';
-
 // ---------------------------------------------------------------------------
 // Fast path — no dynamic imports, must complete in <200ms
 // ---------------------------------------------------------------------------
@@ -123,7 +121,7 @@ if (args.length === 0) {
 }
 
 // ---------------------------------------------------------------------------
-// Node.js-native commands — handled before the Python bridge is loaded
+// Native commands — handled before dynamic imports
 // ---------------------------------------------------------------------------
 
 const nativeCommands = new Set(['setup']);
@@ -214,36 +212,30 @@ const knownCommands = new Set([
  * @returns {{ command: string, commandArgs: string[] }}
  */
 function parseCommand(argv) {
-  const flags = [];
-  const positional = [];
-
-  for (const arg of argv) {
-    if (arg.startsWith('-')) {
-      flags.push(arg);
-    } else {
-      positional.push(arg);
-    }
+  if (argv.length === 0) {
+    console.error('No command specified. Run `cipher --help` for usage.');
+    process.exit(1);
   }
 
-  if (positional.length === 0) {
-    // No positional args — show help
+  const first = argv[0];
+
+  if (first.startsWith('-')) {
+    // No command, just flags — treat as error
     console.error('No command specified. Run `cipher --help` for usage.');
     process.exit(1);
   }
 
-  const first = positional[0];
-
   if (knownCommands.has(first)) {
     return {
       command: first,
-      commandArgs: [...positional.slice(1), ...flags],
+      commandArgs: argv.slice(1),  // Pass all args as-is, preserve flag-value order
     };
   }
 
-  // Bare query — join all positional words as query text
+  // Bare query — join everything as query text
   return {
     command: 'query',
-    commandArgs: [...positional, ...flags],
+    commandArgs: argv,
   };
 }
 
@@ -254,7 +246,7 @@ function parseCommand(argv) {
 /**
  * Format and print a bridge command result, then exit if needed.
  *
- * Result shapes from bridge.py:
+ * Result shapes from gateway/commands.js:
  *   1. {output, exit_code, error: true} — command error: print output to stderr, exit with code
  *   2. {output, exit_code}              — text-mode result: print output directly
  *   3. Plain object (no output field)   — structured JSON: pretty-print as JSON
@@ -350,8 +342,6 @@ async function formatBridgeResult(result, commandName = '') {
 const { command, commandArgs } = parseCommand(cleanedArgs);
 
 const debug = process.env.CIPHER_DEBUG === '1';
-
-
 // ---------------------------------------------------------------------------
 // Autonomous mode dispatch — bypasses normal command routing entirely
 // ---------------------------------------------------------------------------
@@ -414,7 +404,7 @@ const { getCommandMode } = await import('../lib/commands.js');
 const mode = getCommandMode(command);
 
 if (mode === 'native') {
-  // ── Native dispatch — Node.js handler functions (no Python) ────────────
+  // ── Native dispatch — handler functions ────────────────────────────────
   if (debug) {
     process.stderr.write(`[bridge:node] Dispatching command=${command} mode=native\n`);
   }
@@ -435,7 +425,7 @@ if (mode === 'native') {
   }
 
   try {
-    // ── API server command: long-running HTTP server (no Python) ──────────
+    // ── API server command: long-running HTTP server ──────────────────────
     if (command === 'api') {
       const { createAPIServer, APIConfig } = await import('../lib/api/server.js');
       const apiPort = commandArgs.find((a, i) => commandArgs[i - 1] === '--port') || '8443';

package/lib/api/billing.js

@@ -1,6 +1,9 @@
 // Copyright (c) 2026 defconxt. All rights reserved.
 // Licensed under AGPL-3.0 — see LICENSE file for details.
 
+import { createRequire } from 'node:module';
+const require = createRequire(import.meta.url);
+
 /**
  * CIPHER Billing Engine — usage-based metering middleware.
  *

package/lib/api/marketplace.js

@@ -1,6 +1,9 @@
 // Copyright (c) 2026 defconxt. All rights reserved.
 // Licensed under AGPL-3.0 — see LICENSE file for details.
 
+import { createRequire } from 'node:module';
+const require = createRequire(import.meta.url);
+
 /**
  * CIPHER Skill Marketplace — publish, discover, and install CIPHER skills.
  *

package/lib/autonomous/feedback-loop.js

@@ -172,20 +172,20 @@ export class SkillQualityAnalyzer {
       scores.section_coverage = 0;
     }
 
-    // Check agent.py
-    const agentPy = join(fullPath, 'scripts', 'agent.py');
-    if (existsSync(agentPy)) {
-      const agentContent = readFileSync(agentPy, 'utf-8');
+    // Check agent.js
+    const agentJs = join(fullPath, 'scripts', 'agent.js');
+    if (existsSync(agentJs)) {
+      const agentContent = readFileSync(agentJs, 'utf-8');
       const agentLines = agentContent.trim().split('\n');
       if (agentLines.length < SkillQualityAnalyzer.MIN_AGENT_PY_LINES) {
-        issues.push(`agent.py too short (${agentLines.length} lines)`);
+        issues.push(`agent.js too short (${agentLines.length} lines)`);
       }
       scores.agent_quality = Math.min(agentLines.length / 50, 1.0);
-      if (!agentContent.includes('argparse')) issues.push('agent.py missing argparse');
-      if (!agentContent.includes('json')) issues.push('agent.py missing JSON output');
-      if (!agentContent.includes('__main__')) issues.push('agent.py missing __main__ guard');
+      if (!agentContent.includes('process.argv')) issues.push('agent.js missing CLI dispatch');
+      if (!agentContent.includes('json')) issues.push('agent.js missing JSON output');
+      if (!agentContent.includes('process.argv')) issues.push('agent.js missing CLI entry point');
     } else {
-      issues.push('scripts/agent.py missing');
+      issues.push('scripts/agent.js missing');
       scores.agent_quality = 0;
     }
 

package/lib/autonomous/leaderboard.js

@@ -2,6 +2,8 @@
 // Licensed under AGPL-3.0 — see LICENSE file for details.
 // CIPHER is a trademark of defconxt.
 
+import { createRequire } from "node:module";
+const require = createRequire(import.meta.url);
 /**
  * Skill effectiveness tracking and metrics system.
  *

package/lib/autonomous/researcher.js

@@ -306,8 +306,8 @@ ${description}
 ## Verification
 
 \`\`\`bash
-python3 scripts/agent.py analyze --target example
-python3 scripts/agent.py report --format json
+node scripts/agent.js analyze --target example
+node scripts/agent.js report --format json
 \`\`\`
 
 ## References
@@ -373,7 +373,7 @@ function _generateApiReference(domain, techniqueName) {
 
 | Command | Description |
 |---|---|
-| \`python3 agent.py analyze --target <t>\` | Analyze a target for ${techniqueName} indicators |
+| \`node agent.js analyze --target <t>\` | Analyze a target for ${techniqueName} indicators |
 
 ## Options
 
@@ -406,7 +406,7 @@ export class AutonomousResearcher {
   }
 
   /**
-   * Create a complete hypothesis with SKILL.md, agent.py, and api-reference.md.
+   * Create a complete hypothesis with SKILL.md, agent.js, and api-reference.md.
    * @param {string} domain
    * @param {string} techniqueName
    * @returns {ResearchHypothesis}
@@ -507,7 +507,7 @@ export class AutonomousResearcher {
       mkdirSync(refsDir, { recursive: true });
 
       writeFileSync(join(base, 'SKILL.md'), hypothesis.skillContent, 'utf-8');
-      const agentPath = join(scriptsDir, 'agent.py');
+      const agentPath = join(scriptsDir, 'agent.js');
       writeFileSync(agentPath, hypothesis.agentScript, 'utf-8');
       try { chmodSync(agentPath, 0o755); } catch { /* ok */ }
       writeFileSync(join(refsDir, 'api-reference.md'), hypothesis.referenceContent, 'utf-8');

package/lib/commands.js

@@ -7,7 +7,7 @@
  *
  * Maps all 29 CLI commands to one of three dispatch modes:
  *   - native:       Dispatched directly through Node.js handler functions (no Python)
- *   - passthrough:  Spawned directly as `python -m gateway.app <cmd>` with stdio: 'inherit'
+ *   - passthrough:  Legacy mode — no commands use this as of v2.0
  *                   (full terminal access for Rich panels, Textual TUIs, long-running services)
  *   - bridge:       (Legacy) Dispatched via JSON-RPC through python-bridge.js — no commands
  *                   use this mode as of M007/S03, retained for backward compatibility

package/lib/config.js

@@ -7,7 +7,7 @@
  *
  * Mirrors the Python gateway/config.py load_config() format and precedence:
  *   1. Environment variables (LLM_BACKEND, ANTHROPIC_API_KEY)   — highest
- *   2. Project-root config.yaml (where pyproject.toml lives)
+ *   2. Project-root config.yaml (where cli/ directory lives)
  *   3. ~/.config/cipher/config.yaml                             — lowest
  *
  * Produces YAML that Python's yaml.safe_load() can parse identically.
@@ -25,8 +25,8 @@ import { parse, stringify } from 'yaml';
 // ---------------------------------------------------------------------------
 
 /**
- * Walk up from `startDir` looking for pyproject.toml — same logic as Python's
- * _find_project_root(). Returns the directory containing pyproject.toml, or null.
+ * Walk up from `startDir` looking for cli/ directory — same logic as Python's
+ * _find_project_root(). Returns the directory containing cli/ directory, or null.
  *
  * @param {string} [startDir=process.cwd()]
  * @returns {string | null}
@@ -34,7 +34,7 @@ import { parse, stringify } from 'yaml';
 function findProjectRoot(startDir = process.cwd()) {
   let current = resolve(startDir);
   for (let i = 0; i < 20; i++) {
-    if (existsSync(join(current, 'pyproject.toml'))) {
+    if (existsSync(join(current, 'cli'))) {
       return current;
     }
     const parent = dirname(current);

package/lib/gateway/commands.js

@@ -35,6 +35,39 @@ function defaultMemoryDir() {
   return join(homedir(), '.cipher', 'memory', 'default');
 }
 
+/**
+ * Extract a value from CLI args array or object.
+ * Handles both `cipher search lateral movement` (array) and `{query: "..."}` (object).
+ * @param {string[]|object} args
+ * @param {string} key - object key (e.g. 'query')
+ * @param {string} [flagName] - CLI flag (e.g. '--query'). If null, uses positional args.
+ * @returns {string}
+ */
+function getArg(args, key, flagName) {
+  if (!Array.isArray(args)) return args[key] || '';
+  if (flagName) {
+    const idx = args.indexOf(flagName);
+    if (idx !== -1 && idx + 1 < args.length) return args[idx + 1];
+  }
+  // Positional: join all non-flag args
+  return args.filter(a => !a.startsWith('-')).join(' ');
+}
+
+/**
+ * Extract a flag value from CLI args.
+ * @param {string[]|object} args
+ * @param {string} key - object key
+ * @param {string} flag - CLI flag (e.g. '--limit')
+ * @param {*} defaultVal
+ * @returns {*}
+ */
+function getFlagArg(args, key, flag, defaultVal) {
+  if (!Array.isArray(args)) return args[key] ?? defaultVal;
+  const idx = args.indexOf(flag);
+  if (idx !== -1 && idx + 1 < args.length) return args[idx + 1];
+  return defaultVal;
+}
+
 /**
  * Resolve the repository root by walking up from this file.
  * @returns {string}
@@ -93,13 +126,13 @@ export async function handleSearch(args = {}) {
   try {
     const retriever = new AdaptiveRetriever(memory);
     const results = retriever.retrieve(
-      args.query || '',
-      args.engagement || '',
-      args.limit || 10,
+      getArg(args, "query"),
+      getFlagArg(args, "engagement", "--engagement", ""),
+      getFlagArg(args, "limit", "--limit", 10),
     );
     debug(`search: ${results.length} results for "${args.query}"`);
     return {
-      query: args.query || '',
+      query: getArg(args, "query"),
       count: results.length,
       results: results.map(r => ({
         content: r.content,
@@ -126,18 +159,20 @@ export async function handleSearch(args = {}) {
  * @returns {Promise<object>}
  */
 export async function handleStore(args = {}) {
+  const content = getArg(args, 'content', '--content');
+  if (!content) {
+    return { error: true, message: 'Usage: cipher store --content "finding text" [--type finding|ioc|ttp|note]' };
+  }
   const { CipherMemory, MemoryEntry, MemoryType } = await import('../memory/index.js');
   const memory = new CipherMemory(defaultMemoryDir());
   try {
-    const typeStr = args.type || 'note';
+    const typeStr = getFlagArg(args, 'type', '--type', 'note');
     const entry = new MemoryEntry({
-      content: args.content || '',
+      content,
       memoryType: Object.values(MemoryType).includes(typeStr) ? typeStr : MemoryType.NOTE,
-      severity: args.severity || '',
-      engagementId: args.engagement || '',
-      tags: Array.isArray(args.tags)
-        ? args.tags
-        : (typeof args.tags === 'string' && args.tags ? args.tags.split(',') : []),
+      severity: getFlagArg(args, 'severity', '--severity', ''),
+      engagementId: getFlagArg(args, 'engagement', '--engagement', ''),
+      tags: [],
     });
     const entryId = memory.store(entry);
     debug(`store: id=${entryId} type=${typeStr}`);
@@ -173,7 +208,7 @@ export async function handleStats(args = {}) {
           } catch { return false; }
         }).length;
         // Count script files recursively
-        scriptCount = countFiles(sDir, '*.py', 'scripts');
+        scriptCount = countFiles(sDir, '*.js', 'scripts');
       } catch {
         // Skills dir unreadable
       }
@@ -199,13 +234,14 @@ export async function handleStats(args = {}) {
  * @returns {Promise<object>}
  */
 export async function handleScore(args = {}) {
+  const query = getFlagArg(args, 'query', '--query', '');
+  const response = getFlagArg(args, 'response', '--response', '');
+  if (!query || !response) {
+    return { error: true, message: 'Usage: cipher score --query "question" --response "answer"' };
+  }
   const { ResponseScorer } = await import('../memory/index.js');
   const scorer = new ResponseScorer();
-  const scored = scorer.score(
-    args.query || '',
-    args.response || '',
-    args.mode || '',
-  );
+  const scored = scorer.score(query, response, getFlagArg(args, 'mode', '--mode', ''));
   debug(`score: ${scored.score}`);
   return {
     score: scored.score,
@@ -249,9 +285,12 @@ export async function handleMemoryExport(args = {}) {
  * @returns {Promise<object>}
  */
 export async function handleMemoryImport(args = {}) {
-  const file = args.file;
-  if (!file || !existsSync(file)) {
-    return { error: true, message: `File not found: ${file || '(none)'}` };
+  const file = getArg(args, 'file');
+  if (!file) {
+    return { error: true, message: 'Usage: cipher memory-import <file.json>\n\nImport findings, IOCs, and notes from a previously exported JSON file.' };
+  }
+  if (!existsSync(file)) {
+    return { error: true, message: `File not found: ${file}` };
   }
   const { CipherMemory, MemoryEntry } = await import('../memory/index.js');
   const memory = new CipherMemory(defaultMemoryDir());
@@ -283,9 +322,11 @@ export async function handleIngest(args = {}) {
   const { CipherMemory } = await import('../memory/index.js');
   const memory = new CipherMemory(defaultMemoryDir());
   try {
+    // Rebuild FTS5 index to fix stale/corrupt indexes
+    memory.symbolic.db.exec("INSERT INTO entries_fts(entries_fts) VALUES('rebuild')");
     const stats = memory.consolidate();
-    debug('ingest: consolidation complete');
-    return { ingested: true, ...stats };
+    debug('ingest: FTS rebuild + consolidation complete');
+    return { ingested: true, fts_rebuilt: true, ...stats };
   } finally {
     memory.close();
   }
@@ -346,10 +387,13 @@ export async function handleStatus(args = {}) {
  * @returns {Promise<object>}
  */
 export async function handleDiff(args = {}) {
+  let diffText = getArg(args, 'file');
+  if (!diffText) {
+    return { error: true, message: 'Usage: cipher diff <file.patch>\n       cat changes.diff | cipher diff -' };
+  }
   const { SecurityDiffAnalyzer } = await import('../pipeline/index.js');
   const analyzer = new SecurityDiffAnalyzer();
 
-  let diffText = args.file || '';
   // If it looks like a file path (no newlines, exists on disk), read it
   if (diffText && !diffText.includes('\n') && existsSync(diffText)) {
     diffText = readFileSync(diffText, 'utf-8');
@@ -393,11 +437,14 @@ export async function handleWorkflow(args = {}) {
  * @returns {Promise<object>}
  */
 export async function handleSarif(args = {}) {
-  const { SarifReport } = await import('../pipeline/index.js');
-  const input = args.input;
-  if (!input || !existsSync(input)) {
-    return { error: true, message: `Input file not found: ${input || '(none)'}` };
+  const input = getArg(args, 'input');
+  if (!input) {
+    return { error: true, message: 'Usage: cipher sarif <scan-results.json> [--output results.sarif]\n\nConvert scan findings to SARIF v2.1.0 for GitHub Advanced Security / CI pipelines.' };
+  }
+  if (!existsSync(input)) {
+    return { error: true, message: `File not found: ${input}` };
   }
+  const { SarifReport } = await import('../pipeline/index.js');
 
   const data = JSON.parse(readFileSync(input, 'utf-8'));
   const report = new SarifReport();
@@ -423,10 +470,13 @@ export async function handleSarif(args = {}) {
  * @returns {Promise<object>}
  */
 export async function handleOsint(args = {}) {
+  const target = getArg(args, 'target');
+  if (!target) {
+    return { error: true, message: 'Usage: cipher osint <domain|ip> [--type domain|ip]' };
+  }
   const { OSINTPipeline } = await import('../pipeline/index.js');
   const pipeline = new OSINTPipeline();
-  const target = args.target || '';
-  const type = args.type || 'domain';
+  const type = getFlagArg(args, 'type', '--type', 'domain');
 
   const results = type === 'ip'
     ? pipeline.investigateIp(target)
@@ -493,12 +543,12 @@ export async function handleDomains(args = {}) {
  */
 export async function handleSkills(args = {}) {
   const sDir = skillsDir();
-  const query = (args.query || '').toLowerCase();
-  const limit = args.limit || 10;
+  const query = getArg(args, 'query').toLowerCase();
+  const limit = parseInt(getFlagArg(args, 'limit', '--limit', 10), 10);
   const results = [];
 
   if (!existsSync(sDir)) {
-    return { query: args.query || '', count: 0, results: [] };
+    return { query, count: 0, results: [] };
   }
 
   // Walk skills dir looking for SKILL.md files
@@ -526,7 +576,7 @@ export async function handleSkills(args = {}) {
 
   walk(sDir, '');
   debug(`skills: "${query}" → ${results.length} results`);
-  return { query: args.query || '', count: results.length, results };
+  return { query, count: results.length, results };
 }
 
 // ---------------------------------------------------------------------------
@@ -684,40 +734,128 @@ export async function handleQuery(args = {}) {
  * @returns {Promise<object>}
  */
 export async function handleLeaderboard(args = {}) {
-  return {
-    error: true,
-    message: 'Leaderboard requires autonomous framework (available after S04). Use Python bridge: cipher leaderboard --bridge',
-  };
+  try {
+    const { SkillLeaderboard } = await import('../autonomous/leaderboard.js');
+    const lb = new SkillLeaderboard();
+    const action = Array.isArray(args) ? args[0] : args.action;
+
+    if (action === 'dashboard') {
+      const dashboard = lb.getDashboard();
+      lb.close();
+      return dashboard;
+    }
+
+    const top = lb.getTopSkills(20);
+    lb.close();
+    return {
+      top_skills: top.map((e, i) => ({
+        rank: i + 1,
+        skill: e.skillPath,
+        score: e.avgScore,
+        invocations: e.invocationCount,
+      })),
+      total: top.length,
+    };
+  } catch (err) {
+    return { error: true, message: `Leaderboard error: ${err.message}` };
+  }
 }
 
 /**
  * @returns {Promise<object>}
  */
 export async function handleFeedback(args = {}) {
-  return {
-    error: true,
-    message: 'Feedback loop requires autonomous framework (available after S04). Use Python bridge: cipher feedback --bridge',
-  };
+  try {
+    const { SkillQualityAnalyzer } = await import('../autonomous/feedback-loop.js');
+    const analyzer = new SkillQualityAnalyzer(skillsDir());
+    const dryRun = Array.isArray(args) ? args.includes('--dry-run') : args.dryRun;
+    const maxSkills = Array.isArray(args)
+      ? parseInt(args.find((a, i) => args[i - 1] === '--max') || '10', 10)
+      : args.max || 10;
+
+    // Analyze skills quality
+    const results = [];
+    const { readdirSync } = await import('node:fs');
+    const sDir = skillsDir();
+    for (const domain of readdirSync(sDir).slice(0, maxSkills)) {
+      try {
+        const analysis = analyzer.analyzeSkill(domain);
+        if (analysis.needsImprovement) {
+          results.push({ skill: domain, quality: analysis.overallQuality, issues: analysis.issues.length });
+        }
+      } catch { /* skip */ }
+    }
+
+    return {
+      analyzed: maxSkills,
+      needs_improvement: results.length,
+      dry_run: !!dryRun,
+      candidates: results,
+    };
+  } catch (err) {
+    return { error: true, message: `Feedback error: ${err.message}` };
+  }
 }
 
 /**
  * @returns {Promise<object>}
  */
 export async function handleMarketplace(args = {}) {
-  return {
-    error: true,
-    message: 'Marketplace requires api/marketplace module (available after S05). Use Python bridge: cipher marketplace --bridge',
-  };
+  try {
+    const { SkillMarketplace } = await import('../api/marketplace.js');
+    const mp = new SkillMarketplace();
+    const action = Array.isArray(args) ? args[0] : args.action;
+
+    if (action === 'search') {
+      const query = Array.isArray(args) ? args.find((a, i) => args[i - 1] === '--query') || args[1] || '' : args.query || '';
+      const results = mp.search(query);
+      mp.close();
+      return { query, results: results.map(p => ({ name: p.name, domain: p.domain, rating: p.rating, downloads: p.downloads })), total: results.length };
+    }
+
+    const index = mp.getIndex();
+    mp.close();
+    return index;
+  } catch (err) {
+    return { error: true, message: `Marketplace error: ${err.message}` };
+  }
 }
 
 /**
  * @returns {Promise<object>}
  */
 export async function handleCompliance(args = {}) {
-  return {
-    error: true,
-    message: 'Compliance requires api/compliance module (available after S05). Use Python bridge: cipher compliance --bridge',
-  };
+  try {
+    const { ComplianceEngine, ComplianceFramework } = await import('../api/compliance.js');
+    const engine = new ComplianceEngine();
+    const framework = Array.isArray(args) ? args[0] : args.framework;
+
+    if (!framework) {
+      return {
+        available_frameworks: Object.keys(ComplianceFramework),
+        total: Object.keys(ComplianceFramework).length,
+        usage: 'cipher compliance <FRAMEWORK> [--format json|markdown|csv]',
+      };
+    }
+
+    const fw = framework.toUpperCase();
+    if (!ComplianceFramework[fw]) {
+      return { error: true, message: `Unknown framework: ${framework}. Available: ${Object.keys(ComplianceFramework).join(', ')}` };
+    }
+
+    const format = Array.isArray(args) ? (args.find((a, i) => args[i - 1] === '--format') || 'json') : (args.format || 'json');
+    const report = engine.assessFromFindings([], fw);
+
+    if (format === 'markdown') {
+      return { output: report.toMarkdown() };
+    } else if (format === 'csv') {
+      return { output: engine.exportCsv(report) };
+    }
+
+    return report.toDict();
+  } catch (err) {
+    return { error: true, message: `Compliance error: ${err.message}` };
+  }
 }
 
 // ---------------------------------------------------------------------------
@@ -795,12 +933,15 @@ export async function handleScan(args = {}) {
 // ---------------------------------------------------------------------------
 
 export async function handleDashboard() {
-  return {
-    output: JSON.stringify({
-      status: 'info',
-      message: 'Dashboard TUI is not yet available in Node.js mode. Use `cipher status` for system status or `cipher api` for the REST API.',
-    }, null, 2),
-  };
+  const brand = await import('../brand.js');
+  brand.header('Dashboard');
+  brand.divider();
+  brand.info('Dashboard TUI is not yet available.');
+  brand.info('Use: cipher status    \u2014 system status');
+  brand.info('Use: cipher doctor    \u2014 health check');
+  brand.info('Use: cipher api       \u2014 REST API server');
+  brand.divider();
+  return {};
 }
 
 // ---------------------------------------------------------------------------
@@ -808,12 +949,13 @@ export async function handleDashboard() {
 // ---------------------------------------------------------------------------
 
 export async function handleWeb(args = {}) {
-  return {
-    output: JSON.stringify({
-      status: 'info',
-      message: 'The web interface has been consolidated into `cipher api`. Use `cipher api --no-auth --port 8443` to start the REST API server.',
-    }, null, 2),
-  };
+  const brand = await import('../brand.js');
+  brand.header('Web Interface');
+  brand.divider();
+  brand.info('The web interface has been consolidated into the API server.');
+  brand.info('Use: cipher api --no-auth --port 8443');
+  brand.divider();
+  return {};
 }
 
 // ---------------------------------------------------------------------------

package/lib/gateway/prompt.js

@@ -25,7 +25,7 @@ const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 
 /**
- * Walk up from startDir looking for pyproject.toml or package.json.
+ * Walk up from startDir looking for cli/ directory or package.json.
  * Returns the directory or null.
  *
  * @param {string} startDir
@@ -35,15 +35,15 @@ function findRepoRoot(startDir) {
   let current = resolve(startDir);
   for (let i = 0; i < 20; i++) {
     if (
-      existsSync(join(current, 'pyproject.toml')) ||
+      existsSync(join(current, 'cli')) ||
       existsSync(join(current, 'package.json'))
     ) {
       // Check for knowledge/ dir to distinguish from cli/package.json
       if (existsSync(join(current, 'knowledge')) || existsSync(join(current, 'skills'))) {
         return current;
       }
-      // If it has pyproject.toml, it's the repo root
-      if (existsSync(join(current, 'pyproject.toml'))) {
+      // If it has cli/, it is the repo root
+      if (existsSync(join(current, 'cli'))) {
         return current;
       }
     }

package/lib/memory/compressor.js

@@ -305,7 +305,7 @@ class SemanticCompressor {
    * @private
    */
   async _llmCompress(window, entities) {
-    // TODO: S03 LLM integration — call this.llmClient with extraction prompt
+    // LLM-based extraction not implemented — returns heuristic results
     // For now, fall back to heuristic compression
     return this._heuristicCompress(window, entities);
   }

package/lib/memory/engine.js

@@ -481,22 +481,26 @@ class CipherMemory {
   search(query, filters = {}, limit = DEFAULT_TOP_K) {
     const resultLists = [];
 
-    // Layer 1: Lexical search (BM25)
+    // Layer 1: Lexical search (BM25) — always run when query is provided
     const lexicalResults = this.symbolic.searchLexical(query, limit * 2);
     if (lexicalResults.length > 0) {
       resultLists.push(lexicalResults.map((r) => r.entry_id));
     }
 
-    // Layer 2: Symbolic search (structured)
-    const symbolicResults = this.symbolic.searchSymbolic({
-      engagementId: filters.engagementId ?? '',
-      memoryType: filters.memoryType ?? '',
-      severity: filters.severity ?? '',
-      mitreTechnique: filters.mitreTechnique ?? '',
-      limit: limit * 2,
-    });
-    if (symbolicResults.length > 0) {
-      resultLists.push(symbolicResults.map((r) => r.entry_id));
+    // Layer 2: Symbolic search (structured) — only when filters are provided
+    // Without filters, symbolic returns ALL entries which drowns out lexical ranking
+    const hasFilters = !!(filters.engagementId || filters.memoryType || filters.severity || filters.mitreTechnique);
+    if (hasFilters) {
+      const symbolicResults = this.symbolic.searchSymbolic({
+        engagementId: filters.engagementId ?? '',
+        memoryType: filters.memoryType ?? '',
+        severity: filters.severity ?? '',
+        mitreTechnique: filters.mitreTechnique ?? '',
+        limit: limit * 2,
+      });
+      if (symbolicResults.length > 0) {
+        resultLists.push(symbolicResults.map((r) => r.entry_id));
+      }
     }
 
     // Fuse with RRF

package/lib/pipeline/github-actions.js

@@ -678,9 +678,9 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with: { fetch-depth: 0 }
-      - uses: actions/setup-python@v5
-        with: { python-version: "3.12" }
-      - run: pip install cipher-security
+      - uses: actions/setup-node@v5
+        with: { node-version: "22" }
+      - run: npm install -g cipher-security
       - name: Run PR Security Review
         env:
           GITHUB_TOKEN: \${{ secrets.GITHUB_TOKEN }}
@@ -722,9 +722,9 @@ outputs:
 runs:
   using: "composite"
   steps:
-    - uses: actions/setup-python@v5
-      with: { python-version: "3.12" }
-    - { shell: bash, run: "pip install cipher-security" }
+    - uses: actions/setup-node@v5
+      with: { node-version: "22" }
+    - { shell: bash, run: "npm install -g cipher-security" }
     - name: Run Security Review
       shell: bash
       env:

package/lib/setup-wizard.js

@@ -251,16 +251,7 @@ export async function runSetupWizard() {
     // ── Write config ──────────────────────────────────────────────────
     const configPath = writeConfig(config);
 
-    // Also write to project root if pyproject.toml exists (dual-write like Python)
-    const { projectConfig } = getConfigPaths();
-    const projectRoot = join(projectConfig, '..');
-    if (existsSync(join(projectRoot, 'pyproject.toml')) && projectConfig !== configPath) {
-      try {
-        writeConfig(config, projectConfig);
-      } catch {
-        // Non-fatal — user config was already written
-      }
-    }
+
 
     // ── Completion summary ────────────────────────────────────────────
     const summaryLines = [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cipher-security",
-  "version": "2.0.2",
+  "version": "2.0.3",
   "description": "CIPHER — AI Security Engineering Platform CLI",
   "type": "module",
   "engines": {