guardlink 1.0.0 → 1.2.0

package/dist/tui/commands.js

@@ -5,18 +5,18 @@
  * Returns void. Throws on fatal errors.
  */
 import { resolve, basename } from 'node:path';
-import { writeFileSync } from 'node:fs';
-import { parseProject } from '../parser/index.js';
+import { existsSync, writeFileSync, mkdirSync } from 'node:fs';
+import { parseProject, findDanglingRefs, findUnmitigatedExposures, findAcceptedWithoutAudit, findAcceptedExposures } from '../parser/index.js';
 import { initProject, detectProject, promptAgentSelection } from '../init/index.js';
 import { generateReport } from '../report/index.js';
 import { generateDashboardHTML } from '../dashboard/index.js';
 import { computeStats, computeSeverity, computeExposures } from '../dashboard/data.js';
-import { generateThreatReport, serializeModel, listThreatReports, loadThreatReportsForDashboard, FRAMEWORK_LABELS, FRAMEWORK_PROMPTS, buildUserMessage } from '../analyze/index.js';
+import { generateThreatReport, serializeModel, listThreatReports, loadThreatReportsForDashboard, FRAMEWORK_LABELS, FRAMEWORK_PROMPTS, buildUserMessage, buildProjectContext, extractCodeSnippets } from '../analyze/index.js';
 import { diffModels, formatDiff, parseAtRef } from '../diff/index.js';
 import { generateSarif } from '../analyzer/index.js';
-import { C, severityBadge, severityText, severityTextPad, severityOrder, computeGrade, gradeColored, readCodeContext, trunc, bar, fileLink, fileLinkTrunc } from './format.js';
-import { resolveLLMConfig, saveTuiConfig } from './config.js';
-import { AGENTS, parseAgentFlag, launchAgent, copyToClipboard, buildAnnotatePrompt } from '../agents/index.js';
+import { C, severityBadge, severityText, severityTextPad, severityOrder, computeGrade, gradeColored, readCodeContext, trunc, bar, fileLink, fileLinkTrunc, cleanCliArtifacts } from './format.js';
+import { resolveLLMConfig, saveTuiConfig, loadTuiConfig } from './config.js';
+import { AGENTS, parseAgentFlag, launchAgent, launchAgentInline, copyToClipboard, buildAnnotatePrompt } from '../agents/index.js';
 import { describeConfigSource } from '../agents/config.js';
 // ─── Shared context ──────────────────────────────────────────────────
 /** Prompt user to pick an agent interactively (TUI only) */
@@ -61,19 +61,19 @@ export function cmdHelp() {
         ['/init [name]', 'Initialize GuardLink in this project'],
         ['/parse', 'Parse annotations, build threat model'],
         ['/status', 'Risk grade + summary stats'],
-        ['/scan', 'Find unannotated security-relevant functions'],
         ['/validate [--strict]', 'Check for syntax errors + dangling refs'],
         ['', ''],
-        ['/exposures [flags]', 'List exposures (--asset, --severity, --file, --threat)'],
-        ['/show <n>', 'Detail view of exposure #n with code context'],
+        ['/exposures [--all]', 'List open exposures by severity (filter: --asset --severity --threat --file)'],
+        ['/show <n>', 'Detail view + code context for an exposure (from /exposures list)'],
+        ['/scan', 'Annotation coverage scanner — find unannotated symbols'],
         ['/assets', 'Asset tree with threat/control counts'],
         ['/files', 'Annotated file tree with exposure counts'],
         ['/view <file>', 'Show all annotations in a file with code context'],
         ['', ''],
-        ['/threat-report <fw>', 'AI threat report (stride|dread|pasta|attacker|rapid|general)'],
+        ['/threat-report <fw>', 'AI threat report (stride|dread|pasta|attacker|rapid|general|custom)'],
         ['/threat-reports', 'List saved AI threat reports'],
         ['/annotate <prompt>', 'Launch coding agent to annotate codebase'],
-        ['/model', 'Set AI provider + API key'],
+        ['/model', 'Set AI provider (API or CLI agent: Claude Code, Codex, Gemini)'],
         ['(freeform text)', 'Chat about your threat model with AI'],
         ['', ''],
         ['/report', 'Generate markdown + JSON report'],
@@ -81,6 +81,7 @@ export function cmdHelp() {
         ['/diff [ref]', 'Compare model against a git ref (default: HEAD~1)'],
         ['/sarif [-o file]', 'Export SARIF 2.1.0 for GitHub / VS Code'],
         ['', ''],
+        ['/gal', 'GAL annotation language guide'],
         ['/help', 'This help'],
         ['/quit', 'Exit'],
     ];
@@ -326,9 +327,7 @@ export function cmdExposures(args, ctx) {
         return;
     }
     console.log('');
-    // Determine terminal width for adaptive layout
     const termWidth = process.stdout.columns || 100;
-    // Manual table (we need colored cells which formatTable can't do directly)
     const header = `  ${C.dim('#'.padEnd(4))}${C.dim('SEVERITY'.padEnd(12))}${C.dim('ASSET'.padEnd(18))}${C.dim('THREAT'.padEnd(20))}${C.dim('FILE'.padEnd(30))}${C.dim('LINE')}`;
     console.log(header);
     console.log(C.dim('  ' + '─'.repeat(Math.min(termWidth - 4, 96))));
@@ -367,7 +366,6 @@ export function cmdShow(args, ctx) {
     }
     console.log(`  ${C.cyan('│')} ${C.dim(fileLink(exp.location.file, exp.location.line, ctx.root))}`);
     console.log(`  ${C.cyan('│')}`);
-    // Code context
     const { lines } = readCodeContext(exp.location.file, exp.location.line, ctx.root);
     for (const l of lines) {
         console.log(`  ${C.cyan('│')} ${l}`);
@@ -375,6 +373,33 @@ export function cmdShow(args, ctx) {
     console.log(`  ${C.cyan('└')}`);
     console.log('');
 }
+// ─── /scan ───────────────────────────────────────────────────────────
+export function cmdScan(ctx) {
+    if (!ctx.model) {
+        console.log(C.warn('  No threat model. Run /parse first.'));
+        return;
+    }
+    const cov = ctx.model.coverage;
+    const pct = cov.coverage_percent;
+    console.log('');
+    console.log(`  ${C.bold('Coverage:')} ${cov.annotated_symbols}/${cov.total_symbols} symbols (${pct}%)`);
+    const unannotated = cov.unannotated_critical || [];
+    if (unannotated.length === 0) {
+        console.log(C.green('  All security-relevant symbols are annotated!'));
+    }
+    else {
+        console.log(C.warn(`  ${unannotated.length} unannotated symbol(s):`));
+        console.log('');
+        const show = unannotated.slice(0, 25);
+        for (const u of show) {
+            console.log(`    ${C.dim(fileLink(u.file, u.line, ctx.root))}  ${u.kind} ${C.bold(u.name)}`);
+        }
+        if (unannotated.length > 25) {
+            console.log(C.dim(`    ... and ${unannotated.length - 25} more`));
+        }
+    }
+    console.log('');
+}
 // ─── /assets ─────────────────────────────────────────────────────────
 export function cmdAssets(ctx) {
     if (!ctx.model) {
@@ -671,33 +696,6 @@ export async function cmdParse(ctx) {
         console.log(C.error(`  ✗ Parse failed: ${err.message}`));
     }
 }
-// ─── /scan ───────────────────────────────────────────────────────────
-export function cmdScan(ctx) {
-    if (!ctx.model) {
-        console.log(C.warn('  No threat model. Run /parse first.'));
-        return;
-    }
-    const cov = ctx.model.coverage;
-    const pct = cov.coverage_percent;
-    console.log('');
-    console.log(`  ${C.bold('Coverage:')} ${cov.annotated_symbols}/${cov.total_symbols} symbols (${pct}%)`);
-    const unannotated = cov.unannotated_critical || [];
-    if (unannotated.length === 0) {
-        console.log(C.green('  All security-relevant symbols are annotated!'));
-    }
-    else {
-        console.log(C.warn(`  ${unannotated.length} unannotated symbol(s):`));
-        console.log('');
-        const show = unannotated.slice(0, 25);
-        for (const u of show) {
-            console.log(`    ${C.dim(fileLink(u.file, u.line, ctx.root))}  ${u.kind} ${C.bold(u.name)}`);
-        }
-        if (unannotated.length > 25) {
-            console.log(C.dim(`    ... and ${unannotated.length - 25} more`));
-        }
-    }
-    console.log('');
-}
 // ─── /validate ───────────────────────────────────────────────────────
 export async function cmdValidate(ctx) {
     console.log(C.dim('  Checking annotations...'));
@@ -706,9 +704,13 @@ export async function cmdValidate(ctx) {
         ctx.model = model;
         // Dangling refs
         const danglingDiags = findDanglingRefs(model);
-        const allDiags = [...diagnostics, ...danglingDiags];
+        // Check for @accepts without @audit (governance concern)
+        const acceptAuditDiags = findAcceptedWithoutAudit(model);
+        const allDiags = [...diagnostics, ...danglingDiags, ...acceptAuditDiags];
         // Unmitigated exposures
         const unmitigated = findUnmitigatedExposures(model);
+        // Accepted-but-unmitigated exposures
+        const acceptedOnly = findAcceptedExposures(model);
         // Print diagnostics
         const errors = allDiags.filter(d => d.level === 'error');
         const warnings = allDiags.filter(d => d.level === 'warning');
@@ -728,8 +730,16 @@ export async function cmdValidate(ctx) {
                 console.log(`    ${sev} ${u.asset} → ${u.threat}  ${C.dim(fileLink(u.location.file, u.location.line, ctx.root))}`);
             }
         }
+        if (acceptedOnly.length > 0) {
+            console.log('');
+            console.log(C.warn(`  ⚡ ${acceptedOnly.length} accepted-but-unmitigated exposure(s) (no control in code):`));
+            for (const a of acceptedOnly) {
+                const sev = a.severity ? severityBadge(a.severity) : C.dim('unset');
+                console.log(`    ${sev} ${a.asset} → ${a.threat}  ${C.dim(fileLink(a.location.file, a.location.line, ctx.root))}`);
+            }
+        }
         console.log('');
-        if (errors.length === 0 && unmitigated.length === 0) {
+        if (errors.length === 0 && unmitigated.length === 0 && acceptedOnly.length === 0) {
             console.log(C.success('  ✓ All annotations valid, no unmitigated exposures.'));
         }
         else {
@@ -740,6 +750,8 @@ export async function cmdValidate(ctx) {
                 parts.push(`${warnings.length} warning(s)`);
             if (unmitigated.length > 0)
                 parts.push(`${unmitigated.length} unmitigated`);
+            if (acceptedOnly.length > 0)
+                parts.push(`${acceptedOnly.length} accepted without mitigation`);
             console.log(`  ${parts.join(', ')}`);
         }
     }
@@ -817,69 +829,110 @@ export async function cmdSarif(args, ctx) {
     }
     console.log('');
 }
-// ─── Helpers: validate ───────────────────────────────────────────────
-function findDanglingRefs(model) {
-    const diagnostics = [];
-    const definedIds = new Set();
-    for (const a of model.assets)
-        if (a.id)
-            definedIds.add(a.id);
-    for (const t of model.threats)
-        if (t.id)
-            definedIds.add(t.id);
-    for (const c of model.controls)
-        if (c.id)
-            definedIds.add(c.id);
-    for (const b of model.boundaries)
-        if (b.id)
-            definedIds.add(b.id);
-    const checkRef = (ref, loc) => {
-        if (ref.startsWith('#')) {
-            const id = ref.slice(1);
-            if (!definedIds.has(id)) {
-                diagnostics.push({
-                    level: 'warning',
-                    message: `Dangling reference: #${id} is never defined`,
-                    file: loc.file,
-                    line: loc.line,
-                });
-            }
-        }
-    };
-    for (const m of model.mitigations) {
-        checkRef(m.threat, m.location);
-        if (m.control)
-            checkRef(m.control, m.location);
-    }
-    for (const e of model.exposures)
-        checkRef(e.threat, e.location);
-    for (const a of model.acceptances)
-        checkRef(a.threat, a.location);
-    for (const t of model.transfers)
-        checkRef(t.threat, t.location);
-    if (model.validations) {
-        for (const v of model.validations)
-            checkRef(v.control, v.location);
-    }
-    return diagnostics;
-}
-function findUnmitigatedExposures(model) {
-    const mitigated = new Set();
-    for (const m of model.mitigations)
-        mitigated.add(`${m.asset}::${m.threat}`);
-    for (const a of model.acceptances)
-        mitigated.add(`${a.asset}::${a.threat}`);
-    return model.exposures.filter(e => !mitigated.has(`${e.asset}::${e.threat}`));
+const CLI_AGENT_OPTIONS = [
+    { id: 'claude-code', name: 'Claude Code', desc: 'Anthropic\'s coding agent (claude cli)' },
+    { id: 'codex', name: 'Codex CLI', desc: 'OpenAI\'s coding agent (codex cli)' },
+    { id: 'gemini', name: 'Gemini CLI', desc: 'Google\'s coding agent (gemini cli)' },
+];
+const CLI_AGENT_NAMES = {
+    'claude-code': 'Claude Code',
+    'codex': 'Codex CLI',
+    'gemini': 'Gemini CLI',
+};
+/** Provider model catalogs — popular models per provider, ordered by capability */
+const PROVIDER_MODELS = {
+    anthropic: [
+        { id: 'claude-sonnet-4-6', name: 'Claude Sonnet 4.6', desc: 'Latest, frontier coding & agents' },
+        { id: 'claude-opus-4-6', name: 'Claude Opus 4.6', desc: 'Most intelligent, complex reasoning' },
+        { id: 'claude-sonnet-4-5', name: 'Claude Sonnet 4.5', desc: 'Previous gen, strong all-rounder' },
+        { id: 'claude-opus-4-5', name: 'Claude Opus 4.5', desc: 'Previous gen, deep analysis' },
+        { id: 'claude-haiku-4-5', name: 'Claude Haiku 4.5', desc: 'Fastest, lowest cost' },
+    ],
+    openai: [
+        { id: 'gpt-5.2', name: 'GPT-5.2', desc: 'Latest flagship, smartest & most precise' },
+        { id: 'gpt-5.2-pro', name: 'GPT-5.2 Pro', desc: 'Enhanced GPT-5.2 for complex tasks' },
+        { id: 'gpt-5', name: 'GPT-5', desc: 'Frontier model with reasoning' },
+        { id: 'gpt-5-mini', name: 'GPT-5 Mini', desc: 'Fast and affordable' },
+        { id: 'gpt-5-nano', name: 'GPT-5 Nano', desc: 'Fastest, lowest cost' },
+        { id: 'gpt-5.1-codex', name: 'GPT-5.1 Codex', desc: 'Optimized for agentic coding' },
+        { id: 'o3', name: 'o3', desc: 'Reasoning model, complex analysis' },
+        { id: 'o4-mini', name: 'o4-mini', desc: 'Fast reasoning model' },
+        { id: 'gpt-4.1', name: 'GPT-4.1', desc: 'Previous gen flagship' },
+        { id: 'gpt-4.1-mini', name: 'GPT-4.1 Mini', desc: 'Previous gen, fast' },
+    ],
+    google: [
+        { id: 'gemini-2.5-flash', name: 'Gemini 2.5 Flash', desc: 'Best price-performance, reasoning' },
+        { id: 'gemini-2.5-pro', name: 'Gemini 2.5 Pro', desc: 'Most advanced, deep reasoning & coding' },
+        { id: 'gemini-2.5-flash-lite', name: 'Gemini 2.5 Flash-Lite', desc: 'Fastest, most budget-friendly' },
+        { id: 'gemini-3-flash-preview', name: 'Gemini 3 Flash', desc: 'Preview: frontier-class at low cost' },
+        { id: 'gemini-3-pro-preview', name: 'Gemini 3 Pro', desc: 'Preview: state-of-the-art reasoning' },
+        { id: 'gemini-3.1-pro-preview', name: 'Gemini 3.1 Pro', desc: 'Preview: advanced agentic & coding' },
+    ],
+    deepseek: [
+        { id: 'deepseek-chat', name: 'DeepSeek V3.2', desc: 'General purpose, fast (128K context)' },
+        { id: 'deepseek-reasoner', name: 'DeepSeek R1', desc: 'Thinking mode, best for analysis' },
+    ],
+    openrouter: [
+        { id: 'anthropic/claude-sonnet-4-6', name: 'Claude Sonnet 4.6', desc: 'Anthropic via OpenRouter' },
+        { id: 'anthropic/claude-opus-4-6', name: 'Claude Opus 4.6', desc: 'Anthropic via OpenRouter' },
+        { id: 'openai/gpt-5.2', name: 'GPT-5.2', desc: 'OpenAI via OpenRouter' },
+        { id: 'openai/o3', name: 'o3', desc: 'OpenAI reasoning via OpenRouter' },
+        { id: 'google/gemini-2.5-pro', name: 'Gemini 2.5 Pro', desc: 'Google via OpenRouter' },
+        { id: 'google/gemini-2.5-flash', name: 'Gemini 2.5 Flash', desc: 'Google via OpenRouter' },
+        { id: 'deepseek/deepseek-r1', name: 'DeepSeek R1', desc: 'DeepSeek via OpenRouter' },
+    ],
+    ollama: [
+        { id: 'llama3.2', name: 'Llama 3.2', desc: 'Meta, good general purpose' },
+        { id: 'qwen2.5-coder:32b', name: 'Qwen 2.5 Coder 32B', desc: 'Best local coding model' },
+        { id: 'deepseek-r1:32b', name: 'DeepSeek R1 32B', desc: 'Local reasoning model' },
+        { id: 'gemma3:27b', name: 'Gemma 3 27B', desc: 'Google, strong local model' },
+        { id: 'mistral', name: 'Mistral 7B', desc: 'Lightweight, fast' },
+    ],
+};
+/** Helper to display a numbered model selection menu and return the chosen model ID */
+async function pickModel(ctx, provider) {
+    const models = PROVIDER_MODELS[provider];
+    if (!models || models.length === 0) {
+        // Fallback to free-text for unknown providers
+        const model = await ask(ctx, '  Model name: ');
+        return model || null;
+    }
+    console.log('');
+    console.log('  Select model:');
+    for (let i = 0; i < models.length; i++) {
+        const m = models[i];
+        console.log(`    ${C.bold(String(i + 1))} ${m.name.padEnd(24)} ${C.dim(m.desc)}`);
+    }
+    console.log(`    ${C.bold(String(models.length + 1))} ${C.dim('Custom (enter model ID manually)')}`);
+    console.log('');
+    const choice = await ask(ctx, `  Model [1-${models.length + 1}]: `);
+    const idx = parseInt(choice, 10) - 1;
+    if (idx < 0 || idx > models.length) {
+        console.log(C.warn('  Cancelled.'));
+        return null;
+    }
+    if (idx === models.length) {
+        // Custom model
+        const custom = await ask(ctx, '  Model ID: ');
+        return custom || null;
+    }
+    return models[idx].id;
 }
-// ─── /model ──────────────────────────────────────────────────────────
 export async function cmdModel(ctx) {
     const current = resolveLLMConfig(ctx.root);
+    const tuiCfg = loadTuiConfig(ctx.root);
     const source = describeConfigSource(ctx.root);
-    if (current) {
+    // Show current configuration
+    if (tuiCfg?.aiMode === 'cli-agent' && tuiCfg?.cliAgent) {
+        const agentName = CLI_AGENT_NAMES[tuiCfg.cliAgent] || tuiCfg.cliAgent;
+        console.log(`  ${C.dim('Current:')} ${agentName} ${C.dim('(CLI Agent)')}`);
+        console.log(`  ${C.dim('Source:')}  ${source}`);
+        console.log('');
+    }
+    else if (current) {
         console.log(`  ${C.dim('Current:')} ${current.provider} / ${current.model}`);
         console.log(`  ${C.dim('Source:')}  ${source}`);
         console.log('');
-        // If config comes from env vars, offer to keep it
         if (source.includes('env var')) {
             const override = await ask(ctx, '  Override with project config? (y/N): ');
             if (override.toLowerCase() !== 'y') {
@@ -892,88 +945,120 @@ export async function cmdModel(ctx) {
         console.log(C.dim('  No AI provider configured.'));
         console.log('');
     }
-    // Provider selection
-    const providers = ['anthropic', 'openai', 'openrouter', 'deepseek', 'ollama'];
-    console.log('  Select provider:');
-    providers.forEach((p, i) => console.log(`    ${C.bold(String(i + 1))} ${p}`));
+    // Step 1: Choose mode — CLI Agents or API
+    console.log('  How would you like to use AI?');
+    console.log(`    ${C.bold('1')} CLI Agents  ${C.dim('(terminal-based coding agents)')}`);
+    console.log(`    ${C.bold('2')} API         ${C.dim('(direct LLM API calls)')}`);
     console.log('');
-    const choice = await ask(ctx, `  Provider [1-${providers.length}]: `);
-    const idx = parseInt(choice, 10) - 1;
-    if (idx < 0 || idx >= providers.length) {
+    const modeChoice = await ask(ctx, '  Choice [1-2]: ');
+    const modeIdx = parseInt(modeChoice, 10);
+    if (modeIdx < 1 || modeIdx > 2) {
         console.log(C.warn('  Cancelled.'));
         return;
     }
-    const provider = providers[idx];
-    // API key
-    let apiKey = '';
-    if (provider !== 'ollama') {
-        apiKey = await ask(ctx, '  API Key: ');
-        if (!apiKey) {
-            console.log(C.warn('  Cancelled — no API key provided.'));
+    if (modeIdx === 1) {
+        // ── CLI Agent selection ──
+        console.log('');
+        console.log('  Select CLI Agent:');
+        for (let i = 0; i < CLI_AGENT_OPTIONS.length; i++) {
+            const a = CLI_AGENT_OPTIONS[i];
+            console.log(`    ${C.bold(String(i + 1))} ${a.name.padEnd(16)} ${C.dim(a.desc)}`);
+        }
+        console.log('');
+        const agentChoice = await ask(ctx, `  Agent [1-${CLI_AGENT_OPTIONS.length}]: `);
+        const agentIdx = parseInt(agentChoice, 10) - 1;
+        if (agentIdx < 0 || agentIdx >= CLI_AGENT_OPTIONS.length) {
+            console.log(C.warn('  Cancelled.'));
             return;
         }
+        const selectedAgent = CLI_AGENT_OPTIONS[agentIdx];
+        saveTuiConfig(ctx.root, {
+            aiMode: 'cli-agent',
+            cliAgent: selectedAgent.id,
+        });
+        console.log('');
+        console.log(`  ${C.success('✓')} Configured: ${C.bold(selectedAgent.name)} ${C.dim('(CLI Agent)')}`);
+        console.log(C.dim('    Saved to .guardlink/config.json'));
+        console.log(C.dim(`    Use /threat-report or /annotate — they will launch ${selectedAgent.name} automatically.`));
+        console.log('');
     }
     else {
-        apiKey = 'ollama-local';
-    }
-    // Model selection
-    const defaults = {
-        anthropic: 'claude-sonnet-4-5-20250929',
-        openai: 'gpt-4o',
-        openrouter: 'anthropic/claude-sonnet-4-5-20250929',
-        deepseek: 'deepseek-chat',
-        ollama: 'llama3.2',
-    };
-    const model = await ask(ctx, `  Model [${defaults[provider]}]: `);
-    saveTuiConfig(ctx.root, {
-        provider,
-        model: model || defaults[provider],
-        apiKey,
-    });
-    const displayKey = apiKey.length > 8 ? apiKey.slice(0, 6) + '•'.repeat(8) : '•'.repeat(8);
-    console.log('');
-    console.log(`  ${C.success('✓')} Configured: ${C.bold(model || defaults[provider])} (${provider})`);
-    console.log(`    Key: ${displayKey}`);
-    console.log(C.dim('    Saved to .guardlink/config.json'));
-    console.log('');
-}
-// ─── /threat-report ──────────────────────────────────────────────────
-export async function cmdThreatReport(args, ctx) {
-    if (!ctx.model) {
-        console.log(C.warn('  No threat model. Run /parse first.'));
-        return;
-    }
-    const { agent, cleanArgs } = parseAgentFlag(args);
-    const framework = cleanArgs.trim().toLowerCase() || '';
-    const validFrameworks = ['stride', 'dread', 'pasta', 'attacker', 'rapid', 'general'];
-    if (!framework) {
+        // ── API provider selection ──
+        const providers = [
+            { id: 'anthropic', name: 'Anthropic', desc: 'Claude Sonnet 4.6, Opus 4.6, Haiku 4.5' },
+            { id: 'openai', name: 'OpenAI', desc: 'GPT-5.2, o3, o4-mini, GPT-5.1 Codex' },
+            { id: 'google', name: 'Google', desc: 'Gemini 2.5 Flash/Pro, Gemini 3 Pro' },
+            { id: 'deepseek', name: 'DeepSeek', desc: 'DeepSeek V3.2, R1 reasoning' },
+            { id: 'openrouter', name: 'OpenRouter', desc: 'Multi-provider gateway' },
+            { id: 'ollama', name: 'Ollama', desc: 'Local models (Llama, Qwen, Gemma)' },
+        ];
         console.log('');
-        console.log(`  ${C.bold('Threat report frameworks:')}`);
-        for (const fw of validFrameworks) {
-            console.log(`    ${C.bold('/threat-report ' + fw.padEnd(12))} ${C.dim(FRAMEWORK_LABELS[fw])}`);
+        console.log('  Select provider:');
+        for (let i = 0; i < providers.length; i++) {
+            const p = providers[i];
+            console.log(`    ${C.bold(String(i + 1))} ${p.name.padEnd(14)} ${C.dim(p.desc)}`);
+        }
+        console.log('');
+        const choice = await ask(ctx, `  Provider [1-${providers.length}]: `);
+        const idx = parseInt(choice, 10) - 1;
+        if (idx < 0 || idx >= providers.length) {
+            console.log(C.warn('  Cancelled.'));
+            return;
+        }
+        const provider = providers[idx].id;
+        // Model selection — numbered menu
+        const modelId = await pickModel(ctx, provider);
+        if (!modelId)
+            return;
+        // API key
+        let apiKey = '';
+        if (provider !== 'ollama') {
+            console.log('');
+            apiKey = await ask(ctx, '  API Key: ');
+            if (!apiKey) {
+                console.log(C.warn('  Cancelled — no API key provided.'));
+                return;
+            }
         }
+        else {
+            apiKey = 'ollama-local';
+        }
+        saveTuiConfig(ctx.root, {
+            aiMode: 'api',
+            provider,
+            model: modelId,
+            apiKey,
+        });
+        const displayKey = apiKey.length > 8 ? apiKey.slice(0, 6) + '•'.repeat(8) : '•'.repeat(8);
+        // Find display name for the model
+        const modelEntry = PROVIDER_MODELS[provider]?.find(m => m.id === modelId);
+        const modelDisplay = modelEntry ? `${modelEntry.name} (${modelId})` : modelId;
         console.log('');
-        console.log(C.dim('  Flags: --claude-code  --codex  --gemini  --cursor  --windsurf  --clipboard'));
-        console.log(C.dim('  Without flag: uses configured API provider (see /model)'));
-        console.log(C.dim('  Example: /threat-report stride --claude-code'));
+        console.log(`  ${C.success('✓')} Configured: ${C.bold(modelDisplay)}`);
+        console.log(`    Provider: ${providers[idx].name}  Key: ${displayKey}`);
+        console.log(C.dim('    Saved to .guardlink/config.json'));
         console.log('');
-        return;
     }
-    const isStandard = validFrameworks.includes(framework);
-    const fw = (isStandard ? framework : 'general');
-    const customPrompt = isStandard ? undefined : cleanArgs.trim();
-    // ── Agent path: spawn CLI agent or copy to clipboard ──
-    if (agent) {
-        const modelJson = serializeModel(ctx.model);
-        const systemPrompt = FRAMEWORK_PROMPTS[fw];
-        const userMessage = buildUserMessage(modelJson, fw, customPrompt);
-        const analysisPrompt = `You are analyzing a codebase with GuardLink security annotations.
+}
+// ─── /threat-report ──────────────────────────────────────────────────
+/**
+ * Build the full analysis prompt for CLI agents.
+ * Includes system prompt, serialized model, project context, code snippets,
+ * and instructions to read source code.
+ */
+function buildAgentAnalysisPrompt(root, model, fw, customPrompt, reportLabel) {
+    const modelJson = serializeModel(model);
+    const projectContext = buildProjectContext(root);
+    const codeSnippets = extractCodeSnippets(root, model);
+    const systemPrompt = FRAMEWORK_PROMPTS[fw];
+    const userMessage = buildUserMessage(modelJson, fw, customPrompt, projectContext || undefined, codeSnippets || undefined);
+    return `You are analyzing a codebase with GuardLink security annotations.
 You have access to the full source code in the current directory.
 
 ${systemPrompt}
 
 ## Task
-Read the source code and GuardLink annotations, then produce a thorough ${FRAMEWORK_LABELS[fw]}.
+Read the source code and GuardLink annotations, then produce a thorough ${reportLabel}.
 
 ## Threat Model (serialized from annotations)
 ${userMessage}
@@ -982,51 +1067,128 @@ ${userMessage}
 1. Read the actual source files to understand the code — don't just rely on the serialized model above
 2. Cross-reference the annotations with the real code to validate findings
 3. Produce the full report as markdown
-4. Save the output to .guardlink/threat-reports/ with a timestamped filename
-5. Be specific — reference actual files, functions, and line numbers from the codebase`;
-        console.log(`  ${C.dim('Sending')} ${FRAMEWORK_LABELS[fw]} ${C.dim('to')} ${agent.name}${C.dim('...')}`);
+4. Be specific — reference actual files, functions, and line numbers from the codebase
+5. Output ONLY the markdown report content — do NOT add any metadata comments, save confirmations, or file path messages
+6. Do NOT include lines like "Generated by...", "Agent:", "Project:", or "The report file write was blocked..."`;
+}
+/**
+ * Save inline agent output as a threat report markdown file.
+ */
+function saveInlineReport(root, content, fw, agentName, project, annotationCount) {
+    const timestamp = new Date().toISOString().replace(/[:.]/g, '-').slice(0, 19);
+    const reportsDir = resolve(root, '.guardlink', 'threat-reports');
+    if (!existsSync(reportsDir))
+        mkdirSync(reportsDir, { recursive: true });
+    const filename = `${timestamp}-${fw}.md`;
+    const filepath = resolve(reportsDir, filename);
+    const cleanedContent = cleanCliArtifacts(content);
+    const header = `---
+framework: ${fw}
+label: ${FRAMEWORK_LABELS[fw]}
+model: ${agentName}
+timestamp: ${new Date().toISOString()}
+project: ${project}
+annotations: ${annotationCount}
+---
+
+# ${FRAMEWORK_LABELS[fw]}
+
+> Generated by \`guardlink threat-report ${fw}\` on ${new Date().toISOString().slice(0, 10)}
+> Agent: ${agentName} | Project: ${project} | Annotations: ${annotationCount}
+
+`;
+    writeFileSync(filepath, header + cleanedContent + '\n');
+    return `.guardlink/threat-reports/${filename}`;
+}
+export async function cmdThreatReport(args, ctx) {
+    if (!ctx.model) {
+        console.log(C.warn('  No threat model. Run /parse first.'));
+        return;
+    }
+    // Parse any explicit --agent flag override
+    const { agent: flagAgent, cleanArgs } = parseAgentFlag(args);
+    const input = cleanArgs.trim();
+    const validFrameworks = ['stride', 'dread', 'pasta', 'attacker', 'rapid', 'general'];
+    // Show help when no arguments given
+    if (!input) {
         console.log('');
-        // Use shared launcher — foreground for terminal agents, IDE open for others
-        if (agent.cmd) {
-            const copied = copyToClipboard(analysisPrompt);
-            if (copied) {
-                console.log(C.success(`  ✓ Prompt copied to clipboard (${analysisPrompt.length.toLocaleString()} chars)`));
-            }
-            console.log(`  ${C.dim('Launching')} ${agent.name} ${C.dim('in foreground...')}`);
+        console.log(`  ${C.bold('Threat report frameworks:')}`);
+        for (const fw of validFrameworks) {
+            console.log(`    ${C.bold('/threat-report ' + fw.padEnd(12))} ${C.dim(FRAMEWORK_LABELS[fw])}`);
+        }
+        console.log('');
+        console.log(`  ${C.bold('Custom prompt:')}`);
+        console.log(C.dim('    /threat-report <any text>   Uses your text as the analysis prompt'));
+        console.log(C.dim('    Example: /threat-report Create a comprehensive report mixing STRIDE and DREAD'));
+        console.log('');
+        console.log(C.dim('  Uses the AI provider configured via /model (API or CLI agent).'));
+        console.log(C.dim('  Override with: --claude-code  --codex  --gemini  --clipboard'));
+        console.log('');
+        return;
+    }
+    // Determine framework vs custom prompt
+    const inputLower = input.toLowerCase();
+    const isStandard = validFrameworks.includes(inputLower);
+    const fw = (isStandard ? inputLower : 'general');
+    const customPrompt = isStandard ? undefined : input;
+    const reportLabel = customPrompt ? 'Custom Threat Analysis' : FRAMEWORK_LABELS[fw];
+    // ── Resolve execution method ──
+    // Priority: explicit --flag > /model config > env-var API
+    const tuiCfg = loadTuiConfig(ctx.root);
+    // Resolve the agent to use (flag override or configured CLI agent)
+    let agent = flagAgent;
+    if (!agent && tuiCfg?.aiMode === 'cli-agent' && tuiCfg?.cliAgent) {
+        agent = AGENTS.find(a => a.id === tuiCfg.cliAgent) || null;
+    }
+    // ── Path 1: CLI Agent (inline, non-interactive) ──
+    if (agent && agent.cmd) {
+        const analysisPrompt = buildAgentAnalysisPrompt(ctx.root, ctx.model, fw, customPrompt, reportLabel);
+        console.log(`  ${C.dim('Generating')} ${reportLabel} ${C.dim('via')} ${agent.name} ${C.dim('(inline)...')}`);
+        console.log(C.dim(`    Annotations: ${ctx.model.annotations_parsed} | Exposures: ${ctx.model.exposures.length}`));
+        console.log('');
+        const result = await launchAgentInline(agent, analysisPrompt, ctx.root, (text) => process.stdout.write(text), { autoYes: true });
+        if (result.error) {
+            console.log(C.error(`\n  ✗ ${result.error}`));
             console.log('');
-            const result = launchAgent(agent, analysisPrompt, ctx.root);
-            if (result.error) {
-                console.log(C.error(`  ✗ ${result.error}`));
-            }
-            else {
-                console.log(`\n  ${C.success('✓')} ${agent.name} session ended.`);
-                console.log(`  Run ${C.bold('/threat-reports')} to see saved results.`);
-            }
+            return;
         }
-        else {
-            const result = launchAgent(agent, analysisPrompt, ctx.root);
-            if (result.clipboardCopied) {
-                console.log(C.success(`  ✓ Prompt copied to clipboard (${analysisPrompt.length.toLocaleString()} chars)`));
-            }
-            if (result.launched && agent.app) {
-                console.log(`  ${C.success('✓')} ${agent.name} launched with project: ${ctx.projectName}`);
-                console.log(`\n  Paste (Cmd+V) the prompt in ${agent.name}.`);
-            }
-            else if (result.error) {
-                console.log(C.error(`  ✗ ${result.error}`));
-            }
+        process.stdout.write('\n');
+        // Save the agent's output as a report
+        if (result.content.trim()) {
+            const savedTo = saveInlineReport(ctx.root, result.content, fw, agent.name, ctx.model.project, ctx.model.annotations_parsed);
+            console.log('');
+            console.log(`  ${C.success('✓')} Report saved to ${savedTo}`);
         }
         console.log('');
         return;
     }
-    // ── API path: direct LLM call ──
+    // ── Path 2: Clipboard / IDE agent (copy prompt, open app) ──
+    if (agent && !agent.cmd) {
+        const analysisPrompt = buildAgentAnalysisPrompt(ctx.root, ctx.model, fw, customPrompt, reportLabel);
+        const result = launchAgent(agent, analysisPrompt, ctx.root);
+        if (result.clipboardCopied) {
+            console.log(C.success(`  ✓ Prompt copied to clipboard (${analysisPrompt.length.toLocaleString()} chars)`));
+        }
+        if (result.launched && agent.app) {
+            console.log(`  ${C.success('✓')} ${agent.name} launched with project: ${ctx.projectName}`);
+            console.log(`\n  Paste (Cmd+V) the prompt in ${agent.name}.`);
+        }
+        else if (result.error) {
+            console.log(C.error(`  ✗ ${result.error}`));
+        }
+        console.log('');
+        return;
+    }
+    // ── Path 3: Direct API call ──
     const llmConfig = resolveLLMConfig(ctx.root);
     if (!llmConfig) {
-        console.log(C.warn('  No AI provider configured. Run /model first, or use --claude-code / --codex.'));
+        console.log(C.warn('  No AI provider configured. Run /model first.'));
         console.log(C.dim('  Or set ANTHROPIC_API_KEY / OPENAI_API_KEY in environment.'));
+        console.log(C.dim('  Or use: /threat-report <prompt> --claude-code'));
         return;
     }
-    console.log(`  ${C.dim('Generating report with')} ${llmConfig.model}${C.dim('...')}`);
+    console.log(`  ${C.dim('Generating')} ${reportLabel} ${C.dim('with')} ${llmConfig.model}${C.dim('...')}`);
+    console.log(C.dim(`    Annotations: ${ctx.model.annotations_parsed} | Exposures: ${ctx.model.exposures.length}`));
     console.log('');
     try {
         const result = await generateThreatReport({
@@ -1135,8 +1297,10 @@ export async function cmdAnnotate(args, ctx) {
 }
 // ─── Freeform AI Chat ────────────────────────────────────────────────
 export async function cmdChat(text, ctx) {
+    const tuiCfg = loadTuiConfig(ctx.root);
     const llmConfig = resolveLLMConfig(ctx.root);
-    if (!llmConfig) {
+    const useAgent = tuiCfg?.aiMode === 'cli-agent' && !!tuiCfg?.cliAgent;
+    if (!useAgent && !llmConfig) {
         console.log(C.warn('  No AI provider configured. Run /model first, or set an API key in environment.'));
         return;
     }
@@ -1159,17 +1323,37 @@ Keep responses under 500 words unless the user asks for detail.`;
         };
         userMessage = `Threat model context:\n${JSON.stringify(compact, null, 2)}\n\nUser question: ${text}`;
     }
-    console.log('');
-    console.log(C.dim(`  Thinking via ${llmConfig.model}...`));
-    console.log('');
-    try {
-        const { chatCompletion } = await import('../analyze/llm.js');
-        const response = await chatCompletion(llmConfig, systemPrompt, userMessage, (chunk) => process.stdout.write(chunk));
-        process.stdout.write('\n\n');
+    if (useAgent) {
+        const agent = AGENTS.find(a => a.id === tuiCfg.cliAgent);
+        if (!agent) {
+            console.log(C.error(`  ✗ Configured agent ${tuiCfg.cliAgent} not found.`));
+            return;
+        }
+        console.log('');
+        console.log(C.dim(`  Thinking via ${agent.name}...`));
+        console.log('');
+        const prompt = `${systemPrompt}\n\n${userMessage}`;
+        const result = await launchAgentInline(agent, prompt, ctx.root, (chunk) => process.stdout.write(chunk), { autoYes: true });
+        if (result.error) {
+            console.log(C.error(`\n  ✗ AI request failed: ${result.error}`));
+        }
+        else {
+            console.log('\n');
+        }
     }
-    catch (err) {
-        console.log(C.error(`  ✗ AI request failed: ${err.message}`));
+    else {
+        console.log('');
+        console.log(C.dim(`  Thinking via ${llmConfig.model}...`));
         console.log('');
+        try {
+            const { chatCompletion } = await import('../analyze/llm.js');
+            await chatCompletion(llmConfig, systemPrompt, userMessage, (chunk) => process.stdout.write(chunk));
+            process.stdout.write('\n\n');
+        }
+        catch (err) {
+            console.log(C.error(`  ✗ AI request failed: ${err.message}`));
+            console.log('');
+        }
     }
 }
 // ─── /report ─────────────────────────────────────────────────────────