guardlink 1.2.0 → 1.3.0

package/dist/review/index.js

@@ -0,0 +1,226 @@
+/**
+ * GuardLink — Review module.
+ *
+ * Interactive governance workflow for unmitigated exposures.
+ * Users walk through the GAL (Governance Acceptance List) and decide:
+ *   accept  — write @accepts + @audit (risk acknowledged, intentional)
+ *   remediate — write @audit with planned-fix note
+ *   skip    — leave open for now
+ *
+ * @exposes #cli to #arbitrary-write [medium] cwe:CWE-73 -- "Writes @accepts/@audit annotations into source files"
+ * @mitigates #cli against #arbitrary-write using #path-validation -- "Only modifies files already in the parsed project"
+ * @audit #cli -- "Review decisions require human justification; no empty accepts allowed"
+ * @flows ThreatModel -> #cli via getReviewableExposures -- "Exposure list input"
+ * @flows #cli -> SourceFiles via writeFile -- "Annotation insertion output"
+ * @handles internal on #cli -- "Processes exposure metadata and user justification text"
+ */
+import { readFile, writeFile } from 'node:fs/promises';
+import { resolve } from 'node:path';
+import { stripCommentPrefix } from '../parser/comment-strip.js';
+import { findUnmitigatedExposures } from '../parser/validate.js';
+// ─── Severity ordering ──────────────────────────────────────────────
+const SEVERITY_ORDER = {
+    critical: 0, high: 1, medium: 2, low: 3,
+};
+// ─── Core logic ─────────────────────────────────────────────────────
+/**
+ * Get all unmitigated exposures eligible for review, sorted by severity.
+ * Excludes test fixtures and files outside the src/ tree.
+ */
+export function getReviewableExposures(model) {
+    const unmitigated = findUnmitigatedExposures(model);
+    // Filter out test fixtures and non-source files
+    const filtered = unmitigated.filter(e => {
+        const f = e.location.file;
+        return !f.startsWith('tests/') && !f.startsWith('test/') && !f.includes('__tests__/') && !f.includes('fixtures/');
+    });
+    // Sort: critical → high → medium → low, then by file
+    filtered.sort((a, b) => {
+        const sa = SEVERITY_ORDER[a.severity || 'low'] ?? 3;
+        const sb = SEVERITY_ORDER[b.severity || 'low'] ?? 3;
+        if (sa !== sb)
+            return sa - sb;
+        return a.location.file.localeCompare(b.location.file);
+    });
+    return filtered.map((exposure, i) => ({
+        index: i + 1,
+        exposure,
+        id: `${exposure.location.file}:${exposure.location.line}`,
+    }));
+}
+/**
+ * Format a severity tag with color hint for display.
+ */
+export function severityLabel(s) {
+    if (!s)
+        return '[?]';
+    return `[${s}]`;
+}
+/**
+ * Detect the comment style and indentation from the @exposes source line.
+ * Supports JSDoc ( * @...), single-line (// @...), and hash (# @...) styles.
+ */
+function detectCommentStyle(rawLine) {
+    const indent = rawLine.match(/^(\s*)/)?.[1] || '';
+    const trimmed = rawLine.trimStart();
+    if (trimmed.startsWith('* @') || trimmed.startsWith('*  @')) {
+        return { prefix: '* ', indent };
+    }
+    if (trimmed.startsWith('// @')) {
+        return { prefix: '// ', indent };
+    }
+    if (trimmed.startsWith('# @')) {
+        return { prefix: '# ', indent };
+    }
+    if (trimmed.startsWith('-- @')) {
+        return { prefix: '-- ', indent };
+    }
+    // Fallback: single-line JS style
+    return { prefix: '// ', indent };
+}
+/**
+ * Check if a source line is a GuardLink annotation (used to walk past coupled blocks).
+ */
+function isAnnotationLine(line) {
+    const inner = stripCommentPrefix(line);
+    if (inner === null)
+        return false;
+    const trimmed = inner.trim();
+    // Annotation line: starts with @verb
+    if (trimmed.startsWith('@'))
+        return true;
+    // Continuation line: -- "..."
+    if (/^--\s*"/.test(trimmed))
+        return true;
+    return false;
+}
+/**
+ * Find the insertion point after the coupled annotation block that contains
+ * the @exposes line at `exposureLine` (1-indexed).
+ *
+ * Walks forward from the exposure line past consecutive annotation lines
+ * to find the end of the block, then returns the 0-indexed line to insert after.
+ */
+function findInsertionIndex(lines, exposureLine) {
+    // exposureLine is 1-indexed, convert to 0-indexed
+    let idx = exposureLine - 1;
+    // Walk forward past consecutive annotation lines
+    while (idx + 1 < lines.length && isAnnotationLine(lines[idx + 1])) {
+        idx++;
+    }
+    // Insert after the last annotation line in the block
+    return idx + 1;
+}
+// ─── Annotation builders ────────────────────────────────────────────
+function todayISO() {
+    return new Date().toISOString().slice(0, 10);
+}
+/**
+ * Build the annotation lines to insert for an "accept" decision.
+ * Returns lines WITHOUT trailing newline.
+ */
+function buildAcceptLines(style, exposure, justification) {
+    const { prefix, indent } = style;
+    const date = todayISO();
+    return [
+        `${indent}${prefix}@accepts ${exposure.threat} on ${exposure.asset} -- "${escapeDesc(justification)}"`,
+        `${indent}${prefix}@audit ${exposure.asset} -- "Accepted via guardlink review on ${date}"`,
+    ];
+}
+/**
+ * Build the annotation line to insert for a "remediate" decision.
+ */
+function buildRemediateLines(style, exposure, note) {
+    const { prefix, indent } = style;
+    const date = todayISO();
+    return [
+        `${indent}${prefix}@audit ${exposure.asset} -- "Planned remediation: ${escapeDesc(note)} — flagged via guardlink review on ${date}"`,
+    ];
+}
+/** Escape double quotes in description strings */
+function escapeDesc(s) {
+    return s.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
+}
+// ─── File modification ──────────────────────────────────────────────
+/**
+ * Insert annotation lines into a source file after the coupled block
+ * containing the given @exposes annotation.
+ *
+ * Returns the number of lines inserted.
+ */
+async function insertAnnotations(root, exposure, newLines) {
+    const filePath = resolve(root, exposure.location.file);
+    const content = await readFile(filePath, 'utf-8');
+    const lines = content.split('\n');
+    // Validate that the exposure line exists and looks right
+    const exposureIdx = exposure.location.line - 1; // 0-indexed
+    if (exposureIdx < 0 || exposureIdx >= lines.length) {
+        throw new Error(`Line ${exposure.location.line} out of range in ${exposure.location.file}`);
+    }
+    const insertIdx = findInsertionIndex(lines, exposure.location.line);
+    // Splice in the new lines
+    lines.splice(insertIdx, 0, ...newLines);
+    await writeFile(filePath, lines.join('\n'));
+    return newLines.length;
+}
+// ─── Public API ─────────────────────────────────────────────────────
+/**
+ * Apply a review decision to an exposure.
+ * For 'accept': inserts @accepts + @audit after the coupled block.
+ * For 'remediate': inserts @audit with planned-fix note.
+ * For 'skip': does nothing.
+ *
+ * Returns the result including lines inserted.
+ */
+export async function applyReviewAction(root, reviewable, action) {
+    if (action.decision === 'skip') {
+        return { exposure: reviewable, action, linesInserted: 0 };
+    }
+    const { exposure } = reviewable;
+    const filePath = resolve(root, exposure.location.file);
+    const content = await readFile(filePath, 'utf-8');
+    const lines = content.split('\n');
+    // Detect comment style from the @exposes line
+    const exposureIdx = exposure.location.line - 1;
+    const style = detectCommentStyle(lines[exposureIdx]);
+    let newLines;
+    if (action.decision === 'accept') {
+        newLines = buildAcceptLines(style, exposure, action.justification);
+    }
+    else {
+        newLines = buildRemediateLines(style, exposure, action.justification);
+    }
+    const linesInserted = await insertAnnotations(root, exposure, newLines);
+    return { exposure: reviewable, action, linesInserted };
+}
+/**
+ * Format an exposure for display in CLI/TUI review UI.
+ */
+export function formatExposureForReview(r, total) {
+    const e = r.exposure;
+    const sev = e.severity || 'unknown';
+    const desc = e.description || '(no description)';
+    return [
+        `[${r.index}/${total}] ${e.asset} → ${e.threat} [${sev}]`,
+        `  File: ${e.location.file}:${e.location.line}`,
+        `  Exposure: "${desc}"`,
+    ].join('\n');
+}
+/**
+ * Summarize review session results.
+ */
+export function summarizeReview(results) {
+    const accepted = results.filter(r => r.action.decision === 'accept').length;
+    const remediated = results.filter(r => r.action.decision === 'remediate').length;
+    const skipped = results.filter(r => r.action.decision === 'skip').length;
+    const totalLines = results.reduce((sum, r) => sum + r.linesInserted, 0);
+    const parts = [];
+    if (accepted > 0)
+        parts.push(`${accepted} accepted`);
+    if (remediated > 0)
+        parts.push(`${remediated} marked for remediation`);
+    if (skipped > 0)
+        parts.push(`${skipped} skipped`);
+    return `Review complete: ${parts.join(', ')}. ${totalLines} annotation line(s) written.`;
+}
+//# sourceMappingURL=index.js.map

package/dist/review/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/review/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AA2BjE,uEAAuE;AAEvE,MAAM,cAAc,GAA2B;IAC7C,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC;CACxC,CAAC;AAEF,uEAAuE;AAGvE;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,KAAkB;IACvD,MAAM,WAAW,GAAG,wBAAwB,CAAC,KAAK,CAAC,CAAC;IAEpD,gDAAgD;IAChD,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;QACtC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAC1B,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACpH,CAAC,CAAC,CAAC;IAEH,qDAAqD;IACrD,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACrB,MAAM,EAAE,GAAG,cAAc,CAAC,CAAC,CAAC,QAAQ,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,EAAE,GAAG,cAAc,CAAC,CAAC,CAAC,QAAQ,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC;QACpD,IAAI,EAAE,KAAK,EAAE;YAAE,OAAO,EAAE,GAAG,EAAE,CAAC;QAC9B,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACpC,KAAK,EAAE,CAAC,GAAG,CAAC;QACZ,QAAQ;QACR,EAAE,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE;KAC1D,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,CAAY;IACxC,IAAI,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IACrB,OAAO,IAAI,CAAC,GAAG,CAAC;AAClB,CAAC;AAWD;;;GAGG;AACH,SAAS,kBAAkB,CAAC,OAAe;IACzC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAClD,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAEpC,IAAI,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC5D,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAClC,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IACnC,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAClC,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IACnC,CAAC;IACD,iCAAiC;IACjC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACjC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,qCAAqC;IACrC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACzC,8BAA8B;IAC9B,IAAI,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACzC,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;GAMG;AACH,SAAS,kBAAkB,CAAC,KAAe,EAAE,YAAoB;IAC/D,kDAAkD;IAClD,IAAI,GAAG,GAAG,YAAY,GAAG,CAAC,CAAC;IAE3B,iDAAiD;IACjD,OAAO,GAAG,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,gBAAgB,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAClE,GAAG,EAAE,CAAC;IACR,CAAC;IAED,qDAAqD;IACrD,OAAO,GAAG,GAAG,CAAC,CAAC;AACjB,CAAC;AAED,uEAAuE;AAEvE,SAAS,QAAQ;IACf,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,KAAmB,EAAE,QAA6B,EAAE,aAAqB;IACjG,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;IACjC,MAAM,IAAI,GAAG,QAAQ,EAAE,CAAC;IACxB,OAAO;QACL,GAAG,MAAM,GAAG,MAAM,YAAY,QAAQ,CAAC,MAAM,OAAO,QAAQ,CAAC,KAAK,QAAQ,UAAU,CAAC,aAAa,CAAC,GAAG;QACtG,GAAG,MAAM,GAAG,MAAM,UAAU,QAAQ,CAAC,KAAK,yCAAyC,IAAI,GAAG;KAC3F,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,KAAmB,EAAE,QAA6B,EAAE,IAAY;IAC3F,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;IACjC,MAAM,IAAI,GAAG,QAAQ,EAAE,CAAC;IACxB,OAAO;QACL,GAAG,MAAM,GAAG,MAAM,UAAU,QAAQ,CAAC,KAAK,6BAA6B,UAAU,CAAC,IAAI,CAAC,sCAAsC,IAAI,GAAG;KACrI,CAAC;AACJ,CAAC;AAED,kDAAkD;AAClD,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACvD,CAAC;AAED,uEAAuE;AAEvE;;;;;GAKG;AACH,KAAK,UAAU,iBAAiB,CAC9B,IAAY,EACZ,QAA6B,EAC7B,QAAkB;IAElB,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACvD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,yDAAyD;IACzD,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,YAAY;IAC5D,IAAI,WAAW,GAAG,CAAC,IAAI,WAAW,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,QAAQ,QAAQ,CAAC,QAAQ,CAAC,IAAI,oBAAoB,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9F,CAAC;IAED,MAAM,SAAS,GAAG,kBAAkB,CAAC,KAAK,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAEpE,0BAA0B;IAC1B,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,EAAE,GAAG,QAAQ,CAAC,CAAC;IAExC,MAAM,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5C,OAAO,QAAQ,CAAC,MAAM,CAAC;AACzB,CAAC;AAED,uEAAuE;AAEvE;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,IAAY,EACZ,UAA8B,EAC9B,MAAoB;IAEpB,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC/B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE,CAAC;IAC5D,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;IAChC,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACvD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,8CAA8C;IAC9C,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC;IAC/C,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC;IAErD,IAAI,QAAkB,CAAC;IACvB,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,QAAQ,GAAG,gBAAgB,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IACrE,CAAC;SAAM,CAAC;QACN,QAAQ,GAAG,mBAAmB,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACxE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,CAAqB,EAAE,KAAa;IAC1E,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IACrB,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,IAAI,SAAS,CAAC;IACpC,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,IAAI,kBAAkB,CAAC;IACjD,OAAO;QACL,IAAI,CAAC,CAAC,KAAK,IAAI,KAAK,KAAK,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,MAAM,KAAK,GAAG,GAAG;QACzD,WAAW,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE;QAC/C,gBAAgB,IAAI,GAAG;KACxB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,OAAuB;IACrD,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAC5E,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,WAAW,CAAC,CAAC,MAAM,CAAC;IACjF,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACzE,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IAExE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,QAAQ,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,WAAW,CAAC,CAAC;IACrD,IAAI,UAAU,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,UAAU,yBAAyB,CAAC,CAAC;IACvE,IAAI,OAAO,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,UAAU,CAAC,CAAC;IAElD,OAAO,oBAAoB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,UAAU,8BAA8B,CAAC;AAC3F,CAAC"}

package/dist/tui/commands.d.ts

@@ -3,6 +3,22 @@
  *
  * Each command function takes (args, ctx) and prints output directly.
  * Returns void. Throws on fatal errors.
+ *
+ * @exposes #tui to #path-traversal [high] cwe:CWE-22 -- "File paths from user args in /view, /sarif -o"
+ * @mitigates #tui against #path-traversal using #path-validation -- "resolve() with ctx.root constrains file access"
+ * @exposes #tui to #arbitrary-write [high] cwe:CWE-73 -- "/report, /sarif, /dashboard write files"
+ * @mitigates #tui against #arbitrary-write using #path-validation -- "Output paths resolved relative to project root"
+ * @exposes #tui to #cmd-injection [high] cwe:CWE-78 -- "/annotate and /threat-report spawn child processes"
+ * @audit #tui -- "Child process spawning delegated to agents/launcher.ts"
+ * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "/model handles API key input and storage"
+ * @mitigates #tui against #api-key-exposure using #key-redaction -- "API keys masked in /model show output"
+ * @exposes #tui to #prompt-injection [medium] cwe:CWE-77 -- "Freeform chat sends user text to LLM"
+ * @audit #tui -- "User freeform text passed to LLM via cmdChat; model context is read-only"
+ * @flows UserArgs -> #tui via args -- "Command argument input"
+ * @flows #tui -> FileSystem via writeFile -- "Report/config output"
+ * @flows #tui -> #agent-launcher via launchAgent -- "Agent spawn path"
+ * @flows #tui -> #llm-client via chatCompletion -- "LLM API call path"
+ * @handles secrets on #tui -- "Processes and stores API keys via /model"
  */
 import type { ThreatModel, ThreatModelExposure } from '../types/index.js';
 export interface TuiContext {
@@ -37,6 +53,10 @@ export declare function cmdThreatReport(args: string, ctx: TuiContext): Promise<
 export declare function cmdThreatReports(ctx: TuiContext): void;
 export declare function cmdAnnotate(args: string, ctx: TuiContext): Promise<void>;
 export declare function cmdChat(text: string, ctx: TuiContext): Promise<void>;
+export declare function cmdClear(args: string, ctx: TuiContext): Promise<void>;
+export declare function cmdSync(ctx: TuiContext): Promise<void>;
+export declare function cmdUnannotated(ctx: TuiContext): void;
+export declare function cmdReview(args: string, ctx: TuiContext): Promise<void>;
 export declare function cmdReport(ctx: TuiContext): Promise<void>;
 export declare function cmdDashboard(ctx: TuiContext): Promise<void>;
 //# sourceMappingURL=commands.d.ts.map

package/dist/tui/commands.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"commands.d.ts","sourceRoot":"","sources":["../../src/tui/commands.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAYH,OAAO,KAAK,EAAE,WAAW,EAAmB,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAuB3F,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,WAAW,GAAG,IAAI,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,EAAE,EAAE,OAAO,eAAe,EAAE,SAAS,CAAC;IACtC,8DAA8D;IAC9D,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,qEAAqE;IACrE,aAAa,EAAE,mBAAmB,EAAE,CAAC;CACtC;AAED,8CAA8C;AAC9C,wBAAsB,YAAY,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAGjE;AAoBD,wBAAgB,OAAO,IAAI,IAAI,CA0C9B;AAID,wBAAgB,MAAM,IAAI,IAAI,CAoJ7B;AAID,wBAAgB,SAAS,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CA4D/C;AAID,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,IAAI,CA8DhE;AAID,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,IAAI,CAyB3D;AAID,wBAAgB,OAAO,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CA0B7C;AAID,wBAAgB,SAAS,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CA8C/C;AAID,wBAAgB,QAAQ,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CA6E9C;AAID,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,IAAI,CAuH3D;AAID,wBAAsB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAoC1E;AAID,wBAAsB,QAAQ,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA2B7D;AAID,wBAAsB,WAAW,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAkEhE;AAID,wBAAsB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA2B1E;AAID,wBAAsB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAwC3E;AA6GD,wBAAsB,QAAQ,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAkI7D;AAkFD,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAwIlF;AAID,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CAsBtD;AAID,wBAAsB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA8D9E;AAID,wBAAsB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA8E1E;AAID,wBAAsB,SAAS,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAiB9D;AAID,wBAAsB,YAAY,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAuBjE"}
+{"version":3,"file":"commands.d.ts","sourceRoot":"","sources":["../../src/tui/commands.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAYH,OAAO,KAAK,EAAE,WAAW,EAAmB,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAwB3F,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,WAAW,GAAG,IAAI,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,EAAE,EAAE,OAAO,eAAe,EAAE,SAAS,CAAC;IACtC,8DAA8D;IAC9D,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,qEAAqE;IACrE,aAAa,EAAE,mBAAmB,EAAE,CAAC;CACtC;AAED,8CAA8C;AAC9C,wBAAsB,YAAY,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAGjE;AAoBD,wBAAgB,OAAO,IAAI,IAAI,CA6C9B;AAID,wBAAgB,MAAM,IAAI,IAAI,CAoJ7B;AAID,wBAAgB,SAAS,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CA+D/C;AAID,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,IAAI,CA8DhE;AAID,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,IAAI,CAyB3D;AAID,wBAAgB,OAAO,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CA0B7C;AAID,wBAAgB,SAAS,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CA8C/C;AAID,wBAAgB,QAAQ,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CA6E9C;AAID,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,IAAI,CAuH3D;AAID,wBAAsB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAoC1E;AAID,wBAAsB,QAAQ,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAmC7D;AAID,wBAAsB,WAAW,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAkEhE;AAID,wBAAsB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA2B1E;AAID,wBAAsB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAwC3E;AA6GD,wBAAsB,QAAQ,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAkI7D;AAkFD,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAwIlF;AAID,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CAsBtD;AAID,wBAAsB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA8D9E;AAID,wBAAsB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA8E1E;AAID,wBAAsB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAoD3E;AAID,wBAAsB,OAAO,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA2B5D;AAID,wBAAgB,cAAc,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CAkBpD;AAID,wBAAsB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAiF5E;AAID,wBAAsB,SAAS,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAiB9D;AAID,wBAAsB,YAAY,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAuBjE"}

package/dist/tui/commands.js

@@ -3,11 +3,27 @@
  *
  * Each command function takes (args, ctx) and prints output directly.
  * Returns void. Throws on fatal errors.
+ *
+ * @exposes #tui to #path-traversal [high] cwe:CWE-22 -- "File paths from user args in /view, /sarif -o"
+ * @mitigates #tui against #path-traversal using #path-validation -- "resolve() with ctx.root constrains file access"
+ * @exposes #tui to #arbitrary-write [high] cwe:CWE-73 -- "/report, /sarif, /dashboard write files"
+ * @mitigates #tui against #arbitrary-write using #path-validation -- "Output paths resolved relative to project root"
+ * @exposes #tui to #cmd-injection [high] cwe:CWE-78 -- "/annotate and /threat-report spawn child processes"
+ * @audit #tui -- "Child process spawning delegated to agents/launcher.ts"
+ * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "/model handles API key input and storage"
+ * @mitigates #tui against #api-key-exposure using #key-redaction -- "API keys masked in /model show output"
+ * @exposes #tui to #prompt-injection [medium] cwe:CWE-77 -- "Freeform chat sends user text to LLM"
+ * @audit #tui -- "User freeform text passed to LLM via cmdChat; model context is read-only"
+ * @flows UserArgs -> #tui via args -- "Command argument input"
+ * @flows #tui -> FileSystem via writeFile -- "Report/config output"
+ * @flows #tui -> #agent-launcher via launchAgent -- "Agent spawn path"
+ * @flows #tui -> #llm-client via chatCompletion -- "LLM API call path"
+ * @handles secrets on #tui -- "Processes and stores API keys via /model"
  */
 import { resolve, basename } from 'node:path';
 import { existsSync, writeFileSync, mkdirSync } from 'node:fs';
-import { parseProject, findDanglingRefs, findUnmitigatedExposures, findAcceptedWithoutAudit, findAcceptedExposures } from '../parser/index.js';
-import { initProject, detectProject, promptAgentSelection } from '../init/index.js';
+import { parseProject, findDanglingRefs, findUnmitigatedExposures, findAcceptedWithoutAudit, findAcceptedExposures, clearAnnotations } from '../parser/index.js';
+import { initProject, detectProject, promptAgentSelection, syncAgentFiles } from '../init/index.js';
 import { generateReport } from '../report/index.js';
 import { generateDashboardHTML } from '../dashboard/index.js';
 import { computeStats, computeSeverity, computeExposures } from '../dashboard/data.js';
@@ -18,6 +34,7 @@ import { C, severityBadge, severityText, severityTextPad, severityOrder, compute
 import { resolveLLMConfig, saveTuiConfig, loadTuiConfig } from './config.js';
 import { AGENTS, parseAgentFlag, launchAgent, launchAgentInline, copyToClipboard, buildAnnotatePrompt } from '../agents/index.js';
 import { describeConfigSource } from '../agents/config.js';
+import { getReviewableExposures, applyReviewAction, summarizeReview } from '../review/index.js';
 // ─── Shared context ──────────────────────────────────────────────────
 /** Prompt user to pick an agent interactively (TUI only) */
 async function pickAgent(ctx) {
@@ -74,6 +91,9 @@ export function cmdHelp() {
         ['/threat-reports', 'List saved AI threat reports'],
         ['/annotate <prompt>', 'Launch coding agent to annotate codebase'],
         ['/model', 'Set AI provider (API or CLI agent: Claude Code, Codex, Gemini)'],
+        ['/clear', 'Remove all annotations from source files (start fresh)'],
+        ['/sync', 'Sync agent instruction files with current threat model'],
+        ['/review [severity]', 'Interactive governance review of unmitigated exposures'],
         ['(freeform text)', 'Chat about your threat model with AI'],
         ['', ''],
         ['/report', 'Generate markdown + JSON report'],
@@ -253,6 +273,10 @@ export function cmdStatus(ctx) {
     console.log(`  ${C.dim('Assets:')} ${stats.assets}  ${C.dim('Threats:')} ${stats.threats}  ${C.dim('Controls:')} ${stats.controls}`);
     console.log(`  ${C.dim('Flows:')} ${stats.flows}  ${C.dim('Boundaries:')} ${stats.boundaries}  ${C.dim('Annotations:')} ${stats.annotations}`);
     console.log(`  ${C.dim('Coverage:')} ${stats.coverageAnnotated}/${stats.coverageTotal} symbols (${stats.coveragePercent}%)`);
+    console.log(`  ${C.dim('Files:')} ${m.annotated_files.length} annotated, ${m.unannotated_files.length} not annotated of ${m.source_files} scanned`);
+    if (m.unannotated_files.length > 0) {
+        console.log(`  ${C.dim('Run')} /unannotated ${C.dim('to list files without annotations')}`);
+    }
     // Top threats
     if (m.exposures.length > 0) {
         const threatCounts = new Map();
@@ -690,6 +714,13 @@ export async function cmdParse(ctx) {
         console.log(`  ${C.success('✓')} Parsed ${C.bold(String(model.annotations_parsed))} annotations from ${model.source_files} files`);
         console.log(`    ${model.assets.length} assets · ${model.threats.length} threats · ${model.controls.length} controls`);
         console.log(`    ${model.exposures.length} exposures · ${model.mitigations.length} mitigations · Grade: ${gradeColored(grade)}`);
+        // Auto-sync agent instruction files with updated model
+        if (model.annotations_parsed > 0) {
+            const syncResult = syncAgentFiles({ root: ctx.root, model });
+            if (syncResult.updated.length > 0) {
+                console.log(C.dim(`    ↻ Synced ${syncResult.updated.length} agent instruction file(s)`));
+            }
+        }
         console.log('');
     }
     catch (err) {
@@ -1356,6 +1387,173 @@ Keep responses under 500 words unless the user asks for detail.`;
         }
     }
 }
+// ─── /clear ──────────────────────────────────────────────────────
+export async function cmdClear(args, ctx) {
+    const includeDefinitions = args.includes('--include-definitions');
+    const isDryRun = args.includes('--dry-run');
+    console.log(C.dim('  Scanning for annotations...'));
+    const preview = await clearAnnotations({
+        root: ctx.root,
+        dryRun: true,
+        includeDefinitions,
+    });
+    if (preview.totalRemoved === 0) {
+        console.log('');
+        console.log(C.dim('  No GuardLink annotations found in source files.'));
+        console.log('');
+        return;
+    }
+    console.log('');
+    console.log(`  Found ${C.bold(String(preview.totalRemoved))} annotation line(s) across ${C.bold(String(preview.modifiedFiles.length))} file(s):`);
+    console.log('');
+    for (const [file, count] of preview.perFile) {
+        console.log(`    ${file}  ${C.dim(`(${count} line${count > 1 ? 's' : ''})`)}`);
+    }
+    console.log('');
+    if (isDryRun) {
+        console.log(C.dim('  (dry run) No files were modified.'));
+        console.log('');
+        return;
+    }
+    const answer = await ask(ctx, `  ${C.warn('⚠')}  Remove all annotations? This cannot be undone. (y/N): `);
+    if (answer.trim().toLowerCase() !== 'y') {
+        console.log(C.dim('  Cancelled.'));
+        console.log('');
+        return;
+    }
+    const result = await clearAnnotations({
+        root: ctx.root,
+        dryRun: false,
+        includeDefinitions,
+    });
+    console.log('');
+    console.log(`  ${C.success('✓')} Removed ${C.bold(String(result.totalRemoved))} annotation line(s) from ${result.modifiedFiles.length} file(s).`);
+    console.log(C.dim('    Run /annotate to re-annotate from scratch, or /parse to update the model.'));
+    ctx.model = null;
+    ctx.lastExposures = [];
+    console.log('');
+}
+// ─── /sync ───────────────────────────────────────────────────────
+export async function cmdSync(ctx) {
+    if (!ctx.model) {
+        console.log(C.warn('  No threat model. Run /parse first.'));
+        return;
+    }
+    console.log(C.dim('  Syncing agent instruction files with current threat model...'));
+    console.log('');
+    const result = syncAgentFiles({ root: ctx.root, model: ctx.model });
+    if (result.updated.length > 0) {
+        console.log(`  ${C.success('✓')} Updated ${C.bold(String(result.updated.length))} agent instruction file(s):`);
+        console.log('');
+        for (const f of result.updated) {
+            console.log(`    ${f}`);
+        }
+    }
+    if (result.skipped.length > 0) {
+        console.log('');
+        console.log(C.dim(`  Skipped: ${result.skipped.join(', ')}`));
+    }
+    console.log('');
+    console.log(`  ${C.dim(`${ctx.model.assets.length} assets, ${ctx.model.threats.length} threats, ${ctx.model.controls.length} controls, ${ctx.model.exposures.length} exposures synced.`)}`);
+    console.log(C.dim('  Any coding agent (Cursor, Claude, Copilot, Windsurf, etc.) will see these IDs.'));
+    console.log('');
+}
+// ─── /unannotated ────────────────────────────────────────────────────
+export function cmdUnannotated(ctx) {
+    if (!ctx.model) {
+        console.log(C.warn('  No threat model. Run /parse first.'));
+        return;
+    }
+    const files = ctx.model.unannotated_files;
+    if (files.length === 0) {
+        console.log(`\n  ${C.success('✓')} All source files have GuardLink annotations.\n`);
+        return;
+    }
+    console.log(`\n  ${C.warn('⚠')} ${C.bold(String(files.length))} source file(s) with no annotations:\n`);
+    for (const f of files) {
+        console.log(`    ${f}`);
+    }
+    console.log(`\n  ${C.dim('Not all files need annotations — only those that touch security boundaries.')}`);
+    console.log('');
+}
+// ─── /review ─────────────────────────────────────────────────────────
+export async function cmdReview(args, ctx) {
+    if (!ctx.model) {
+        console.log(C.warn('  No threat model. Run /parse first.'));
+        return;
+    }
+    let exposures = getReviewableExposures(ctx.model);
+    // Parse severity filter from args (e.g., "/review critical,high")
+    if (args) {
+        const allowed = new Set(args.split(',').map(s => s.trim().toLowerCase()));
+        exposures = exposures.filter(e => allowed.has(e.exposure.severity || 'low'));
+        exposures = exposures.map((e, i) => ({ ...e, index: i + 1 }));
+    }
+    if (exposures.length === 0) {
+        console.log(`\n  ${C.success('✓')} No unmitigated exposures to review.\n`);
+        return;
+    }
+    console.log(`\n  ${C.bold('guardlink review')} — ${exposures.length} unmitigated exposure(s)\n`);
+    const results = [];
+    for (const reviewable of exposures) {
+        const e = reviewable.exposure;
+        const sev = severityText(e.severity || 'low');
+        console.log(`  ${C.bold(`[${reviewable.index}/${exposures.length}]`)} ${e.asset} → ${e.threat} ${sev}`);
+        console.log(`    File: ${fileLink(e.location.file, e.location.line)}`);
+        console.log(`    Exposure: ${C.dim('"' + (e.description || 'no description') + '"')}`);
+        console.log('');
+        console.log(`    ${C.bold('a')} Accept    ${C.dim('— risk acknowledged and intentional')}`);
+        console.log(`    ${C.bold('r')} Remediate ${C.dim('— mark as planned fix')}`);
+        console.log(`    ${C.bold('s')} Skip      ${C.dim('— leave open for now')}`);
+        console.log(`    ${C.bold('q')} Quit`);
+        console.log('');
+        const choice = (await ask(ctx, '    Choice [a/r/s/q]: ')).toLowerCase();
+        if (choice === 'q') {
+            console.log(`\n  ${C.dim('Review ended.')}\n`);
+            break;
+        }
+        if (choice === 'a') {
+            let justification = '';
+            while (!justification) {
+                justification = await ask(ctx, '    Justification (required): ');
+                if (!justification)
+                    console.log(C.warn('    ⚠  Justification is mandatory for acceptance.'));
+            }
+            const result = await applyReviewAction(ctx.root, reviewable, { decision: 'accept', justification });
+            results.push(result);
+            console.log(`    ${C.success('✓')} Accepted — ${result.linesInserted} line(s) written\n`);
+        }
+        else if (choice === 'r') {
+            let note = '';
+            while (!note) {
+                note = await ask(ctx, '    Remediation note (required): ');
+                if (!note)
+                    console.log(C.warn('    ⚠  Remediation note is mandatory.'));
+            }
+            const result = await applyReviewAction(ctx.root, reviewable, { decision: 'remediate', justification: note });
+            results.push(result);
+            console.log(`    ${C.success('✓')} Marked for remediation — ${result.linesInserted} line(s) written\n`);
+        }
+        else {
+            results.push({ exposure: reviewable, action: { decision: 'skip', justification: '' }, linesInserted: 0 });
+            console.log(`    ${C.dim('— Skipped')}\n`);
+        }
+    }
+    if (results.length > 0) {
+        console.log(`\n  ${summarizeReview(results)}`);
+        // Re-parse and sync if annotations were written
+        if (results.some(r => r.linesInserted > 0)) {
+            await refreshModel(ctx);
+            try {
+                const syncResult = syncAgentFiles({ root: ctx.root, model: ctx.model });
+                if (syncResult.updated.length > 0)
+                    console.log(`  ${C.dim('↻ Synced')} ${syncResult.updated.length} agent instruction file(s)`);
+            }
+            catch { }
+        }
+    }
+    console.log('');
+}
 // ─── /report ─────────────────────────────────────────────────────────
 export async function cmdReport(ctx) {
     if (!ctx.model) {