infernoflow 0.33.0 → 0.34.0

package/dist/lib/commands/ask.mjs

@@ -0,0 +1,299 @@
+/**
+ * infernoflow ask
+ *
+ * Query session memory by keyword, topic, or type.
+ * The killer use case: before an AI agent tries something, it asks
+ * "what have we already tried for this?" — avoiding repeated mistakes.
+ *
+ * Ranking:
+ *   1. gotcha   (highest — these are landmines, must surface first)
+ *   2. decision (architectural choices)
+ *   3. attempt  (things tried, especially failed ones)
+ *   4. preference
+ *   5. theme
+ *   6. note / error / handoff
+ *
+ * Usage:
+ *   infernoflow ask "auth"                  Search all entries containing "auth"
+ *   infernoflow ask "upload flow"           Multi-word fuzzy search
+ *   infernoflow ask --type gotcha           All gotchas, no filter
+ *   infernoflow ask "s3" --type attempt     Attempts mentioning S3
+ *   infernoflow ask --recent                Last 10 entries regardless of type
+ *   infernoflow ask "stripe" --json         Machine-readable results
+ *
+ * MCP use (agent-facing):
+ *   infernoflow_ask({ query: "what did we try for payments?" })
+ *   → Returns relevant entries so the agent avoids repeating failed work
+ */
+
+import * as fs   from "node:fs";
+import * as path from "node:path";
+import { bold, cyan, gray, green, yellow, red } from "../ui/output.mjs";
+
+const INFERNO_DIR   = "inferno";
+const SESSIONS_FILE = path.join(INFERNO_DIR, "sessions.jsonl");
+
+// ── Type priority (lower = shown first) ──────────────────────────────────────
+
+const TYPE_PRIORITY = {
+  gotcha:     0,
+  decision:   1,
+  attempt:    2,
+  preference: 3,
+  theme:      4,
+  note:       5,
+  error:      5,
+  handoff:    6,
+};
+
+const TYPE_ICONS = {
+  gotcha:     "⚠",
+  decision:   "✓",
+  attempt:    "↺",
+  preference: "♦",
+  theme:      "🎨",
+  note:       "·",
+  error:      "✗",
+  handoff:    "→",
+};
+
+const TYPE_COLORS = {
+  gotcha:     yellow,
+  decision:   green,
+  attempt:    cyan,
+  preference: cyan,
+  theme:      cyan,
+  note:       gray,
+  error:      red,
+  handoff:    gray,
+};
+
+// ── Tokeniser for fuzzy matching ──────────────────────────────────────────────
+
+function tokenise(str) {
+  return str.toLowerCase()
+    .replace(/[^a-z0-9\s]/g, " ")
+    .split(/\s+/)
+    .filter(t => t.length > 1);
+}
+
+/**
+ * Score an entry against a query.
+ * Returns 0 if no match, >0 otherwise.
+ * Higher score = more relevant.
+ */
+function scoreEntry(entry, queryTokens) {
+  const text = [entry.summary || "", entry.type || ""].join(" ").toLowerCase();
+  const entryTokens = tokenise(text);
+
+  let score = 0;
+  for (const qt of queryTokens) {
+    // Exact substring match in summary (strongest signal)
+    if ((entry.summary || "").toLowerCase().includes(qt)) {
+      score += 3;
+    }
+    // Token in entry text
+    if (entryTokens.includes(qt)) {
+      score += 1;
+    }
+    // Partial prefix match (e.g. "auth" matches "authentication")
+    if (entryTokens.some(et => et.startsWith(qt) || qt.startsWith(et))) {
+      score += 0.5;
+    }
+  }
+
+  return score;
+}
+
+// ── formatters ────────────────────────────────────────────────────────────────
+
+function fmtRelDate(iso) {
+  if (!iso) return "";
+  const d = new Date(iso);
+  const diff = Date.now() - d.getTime();
+  const days = Math.floor(diff / 86400000);
+  if (days === 0) return "today";
+  if (days === 1) return "yesterday";
+  if (days < 7)  return `${days}d ago`;
+  if (days < 30) return `${Math.floor(days / 7)}w ago`;
+  return d.toLocaleDateString("en-GB", { day: "2-digit", month: "short" });
+}
+
+function printEntry(entry, highlight) {
+  const type     = entry.type || "note";
+  const icon     = TYPE_ICONS[type]  || "·";
+  const colorFn  = TYPE_COLORS[type] || gray;
+  const result   = entry.result ? gray(` [${entry.result}]`) : "";
+  const agent    = entry.agent ? gray(` — ${entry.agent}`) : "";
+  const date     = gray(` (${fmtRelDate(entry.ts)})`);
+
+  let summary = entry.summary || "";
+
+  // Bold the matched keyword in the summary
+  if (highlight) {
+    for (const word of highlight) {
+      const re = new RegExp(`(${word})`, "gi");
+      summary = summary.replace(re, (m) => bold(m));
+    }
+  }
+
+  console.log(`  ${colorFn(icon + " " + type.padEnd(11))}${result}${agent}${date}`);
+  console.log(`    ${summary}`);
+}
+
+// ── load + search ─────────────────────────────────────────────────────────────
+
+function loadSessions(cwd) {
+  const p = path.join(cwd, SESSIONS_FILE);
+  if (!fs.existsSync(p)) return [];
+  return fs.readFileSync(p, "utf8")
+    .split("\n").filter(Boolean)
+    .map(l => { try { return JSON.parse(l); } catch { return null; } })
+    .filter(Boolean);
+}
+
+function search(entries, queryTokens, typeFilter, limit) {
+  let candidates = entries;
+
+  // Filter by type if specified
+  if (typeFilter) {
+    candidates = candidates.filter(e => (e.type || "note") === typeFilter);
+  }
+
+  // Score and filter
+  let scored;
+  if (queryTokens.length > 0) {
+    scored = candidates
+      .map(e => ({ entry: e, score: scoreEntry(e, queryTokens) }))
+      .filter(({ score }) => score > 0)
+      .sort((a, b) => {
+        // Primary: score descending
+        if (b.score !== a.score) return b.score - a.score;
+        // Secondary: type priority
+        const pa = TYPE_PRIORITY[a.entry.type] ?? 9;
+        const pb = TYPE_PRIORITY[b.entry.type] ?? 9;
+        if (pa !== pb) return pa - pb;
+        // Tertiary: newest first
+        return new Date(b.entry.ts || 0) - new Date(a.entry.ts || 0);
+      });
+  } else {
+    // No query — sort by type priority then newest
+    scored = candidates
+      .map(e => ({ entry: e, score: 1 }))
+      .sort((a, b) => {
+        const pa = TYPE_PRIORITY[a.entry.type] ?? 9;
+        const pb = TYPE_PRIORITY[b.entry.type] ?? 9;
+        if (pa !== pb) return pa - pb;
+        return new Date(b.entry.ts || 0) - new Date(a.entry.ts || 0);
+      });
+  }
+
+  return scored.slice(0, limit || 20);
+}
+
+// ── entry point ───────────────────────────────────────────────────────────────
+
+export async function askCommand(rawArgs = []) {
+  const args = rawArgs;
+
+  // Parse flags
+  const typeIdx   = args.indexOf("--type");
+  const typeFilter = typeIdx !== -1 ? args[typeIdx + 1] : null;
+  const limitIdx  = args.indexOf("--limit") !== -1 ? args.indexOf("--limit") : args.indexOf("-n");
+  const limit     = limitIdx !== -1 ? parseInt(args[limitIdx + 1] || "20", 10) : 15;
+  const jsonMode  = args.includes("--json");
+  const recentMode = args.includes("--recent") || args.includes("-r");
+
+  // Query = all non-flag args joined
+  const queryWords = args.filter((a, i) => {
+    if (a.startsWith("--")) return false;
+    if (i > 0 && args[i - 1].startsWith("--")) return false; // flag value
+    return true;
+  });
+  const queryStr    = queryWords.join(" ").trim();
+  const queryTokens = recentMode ? [] : tokenise(queryStr);
+
+  const cwd      = process.cwd();
+  const sessions = loadSessions(cwd);
+
+  if (sessions.length === 0) {
+    if (jsonMode) { console.log(JSON.stringify({ results: [], total: 0 })); return; }
+    console.log(gray("\n  No session memory yet."));
+    console.log(gray("  Run: infernoflow log \"<what happened>\" --type gotcha\n"));
+    return;
+  }
+
+  // For --recent: just return last N entries without scoring
+  const results = recentMode
+    ? sessions.slice(-limit).reverse().map(e => ({ entry: e, score: 1 }))
+    : search(sessions, queryTokens, typeFilter, limit);
+
+  if (jsonMode) {
+    console.log(JSON.stringify({
+      query:   queryStr,
+      type:    typeFilter,
+      total:   sessions.length,
+      matched: results.length,
+      results: results.map(({ entry, score }) => ({ ...entry, relevanceScore: score })),
+    }, null, 2));
+    return;
+  }
+
+  // ── Header ──────────────────────────────────────────────────────────────
+  console.log();
+  if (queryStr) {
+    console.log(`  ${bold("🔥 infernoflow ask")} ${cyan(`"${queryStr}"`)}${typeFilter ? gray(` [${typeFilter}]`) : ""}`);
+  } else if (recentMode) {
+    console.log(`  ${bold("🔥 infernoflow ask")} ${gray("— recent entries")}`);
+  } else {
+    console.log(`  ${bold("🔥 infernoflow ask")} ${gray("— all entries")}${typeFilter ? gray(` [${typeFilter}]`) : ""}`);
+  }
+  console.log(gray(`  ${"─".repeat(52)}`));
+
+  if (results.length === 0) {
+    console.log();
+    if (queryStr) {
+      console.log(gray(`  No entries found for "${queryStr}"`));
+      if (typeFilter) console.log(gray(`  Try removing --type ${typeFilter} to widen the search`));
+    } else {
+      console.log(gray("  No entries found."));
+    }
+    console.log();
+    return;
+  }
+
+  // ── Group by type for display ────────────────────────────────────────────
+  const byType = new Map();
+  for (const { entry, score } of results) {
+    const t = entry.type || "note";
+    if (!byType.has(t)) byType.set(t, []);
+    byType.get(t).push({ entry, score });
+  }
+
+  // Print in priority order
+  const typeOrder = Object.keys(TYPE_PRIORITY).sort((a, b) => TYPE_PRIORITY[a] - TYPE_PRIORITY[b]);
+
+  let printed = 0;
+  for (const type of typeOrder) {
+    const group = byType.get(type);
+    if (!group?.length) continue;
+
+    console.log();
+    const colorFn = TYPE_COLORS[type] || gray;
+    console.log(colorFn(`  ${TYPE_ICONS[type]} ${type.toUpperCase()}S (${group.length})`));
+    console.log(gray("  " + "─".repeat(50)));
+
+    for (const { entry } of group) {
+      console.log();
+      printEntry(entry, queryTokens);
+      printed++;
+    }
+  }
+
+  console.log();
+  console.log(gray(`  ${printed} result${printed !== 1 ? "s" : ""} from ${sessions.length} total entries`));
+  if (results.length === limit && sessions.length > limit) {
+    console.log(gray(`  Use --limit N to see more`));
+  }
+  console.log();
+}

package/dist/lib/commands/audit.mjs

@@ -1,6 +1,204 @@
-import*as d from"node:fs";import*as u from"node:path";import{done as I,warn as N,bold as g,gray as m,green as T,yellow as C,red as b}from"../ui/output.mjs";const x="audit.json",A=[{tag:"auth",severity:"high",label:"Authentication / Authorization",keywords:["auth","login","logout","signin","signout","signup","password","credential","token","session","oauth","jwt","permission","role","access","privilege","2fa","mfa","sso","saml","openid","verify","authenticate"]},{tag:"payment",severity:"high",label:"Payment / Billing",keywords:["payment","billing","invoice","charge","subscription","checkout","stripe","card","credit","debit","price","plan","tier","coupon","refund","transaction","purchase","order","cart","paypal","wallet"]},{tag:"pii",severity:"high",label:"Personal / PII Data",keywords:["pii","personal","profile","email","phone","address","name","user","account","gdpr","privacy","data","export","download","delete account","identity","dob","birthday","ssn","passport","tax"]},{tag:"admin",severity:"medium",label:"Admin / Privileged",keywords:["admin","manage","config","setting","system","deploy","migration","seed","reset","purge","archive","batch","bulk","impersonate","override","feature flag"]},{tag:"public",severity:"low",label:"Public / Read-only",keywords:["list","search","view","read","fetch","get","show","display","browse","filter","sort","paginate"]}],p={high:3,medium:2,low:1,unknown:0};function R(o){const t=[typeof o=="string"?o:"",o?.id||"",o?.name||"",o?.description||"",(o?.tags||[]).join(" ")].join(" ").toLowerCase(),n=[];for(const e of A)e.keywords.some(l=>t.includes(l))&&n.push(e);const s=n.some(e=>e.tag!=="public"&&e.severity!=="low")?n.filter(e=>e.tag!=="public"):n;if(!s.length)return{tags:["unknown"],severity:"unknown",labels:["Unclassified"]};const r=s.reduce((e,l)=>p[l.severity]>p[e]?l.severity:e,"low");return{tags:s.map(e=>e.tag),severity:r,labels:s.map(e=>e.label)}}function _(o){const t=u.join(o,x);if(!d.existsSync(t))return{};try{return JSON.parse(d.readFileSync(t,"utf8"))}catch{return{}}}function H(o,t){d.writeFileSync(u.join(o,x),JSON.stringify(t,null,2)+`
-`)}function P(o){for(const t of["contract.json","capabilities.json"]){const n=u.join(o,t);if(d.existsSync(n))try{return JSON.parse(d.readFileSync(n,"utf8"))}catch{}}return null}function U(o){return o==="high"?b:o==="medium"?C:o==="low"?T:m}function F(o){return o==="high"?"\u{1F534}":o==="medium"?"\u{1F7E1}":o==="low"?"\u{1F7E2}":"\u26AA"}function J(o,t){const n={high:[],medium:[],low:[],unknown:[]};for(const c of o)(n[c.severity]||n.unknown).push(c);console.log(),console.log(`  ${g("\u{1F525} infernoflow audit \u2014 Security Surface Map")}`),console.log(),console.log(`  ${g(String(o.length))} capabilities scanned`),console.log(`  ${b(String(t.high))} high \xB7 ${C(String(t.medium))} medium \xB7 ${T(String(t.low))} low \xB7 ${m(String(t.unknown))} unclassified`),console.log();for(const[c,s]of Object.entries(n)){if(!s.length)continue;const r=U(c);console.log(`  ${r(g(`${c.toUpperCase()} (${s.length})`))}`);for(const e of s){const l=e.tags.join(", ");console.log(`  ${r("\u25B8")} ${g(e.id.padEnd(30))} ${m(l)}`),e.description&&console.log(`    ${m(e.description.slice(0,72))}`)}console.log()}t.unknown>0&&(console.log(`  ${m("Tip: Add descriptions to unclassified capabilities for better detection.")}`),console.log())}function z(o,t,n){const c=o.map(s=>{const r=s.severity,e=r==="high"?"high":r==="medium"?"med":r==="low"?"low":"unk",l=s.tags.join(", "),y=F(r);return`<tr class="${e}"><td>${y} ${r}</td><td><strong>${k(s.id)}</strong></td><td>${k(l)}</td><td>${k(s.description||"")}</td></tr>`}).join(`
-`);return`<!DOCTYPE html>
+/**
+ * infernoflow audit
+ *
+ * Classify capabilities by security sensitivity and generate a surface map.
+ * Tags each capability with one or more sensitivity labels:
+ *   auth      — authentication / authorization / sessions / tokens
+ *   payment   — billing, subscriptions, pricing, invoices
+ *   pii       — personal data, email, address, phone, GDPR scope
+ *   admin     — privileged operations, configuration, user management
+ *   public    — read-only, no auth required
+ *
+ * Stores results in inferno/audit.json (git-trackable).
+ *
+ * Usage:
+ *   infernoflow audit                   Run audit, print summary
+ *   infernoflow audit --format json     Machine-readable JSON to stdout
+ *   infernoflow audit --format html     Write HTML report
+ *   infernoflow audit --out audit.html  Custom output path
+ *   infernoflow audit --fail-on high    Exit 1 if any HIGH caps are unreviewed
+ *   infernoflow audit --json            Alias for --format json
+ */
+
+import * as fs   from "node:fs";
+import * as path from "node:path";
+import { done, warn, info, bold, cyan, gray, green, yellow, red } from "../ui/output.mjs";
+
+const AUDIT_FILE = "audit.json";
+
+// ── Sensitivity keyword maps ──────────────────────────────────────────────────
+
+const SENSITIVITY_RULES = [
+  {
+    tag:      "auth",
+    severity: "high",
+    label:    "Authentication / Authorization",
+    keywords: [
+      "auth", "login", "logout", "signin", "signout", "signup",
+      "password", "credential", "token", "session", "oauth",
+      "jwt", "permission", "role", "access", "privilege", "2fa",
+      "mfa", "sso", "saml", "openid", "verify", "authenticate",
+    ],
+  },
+  {
+    tag:      "payment",
+    severity: "high",
+    label:    "Payment / Billing",
+    keywords: [
+      "payment", "billing", "invoice", "charge", "subscription",
+      "checkout", "stripe", "card", "credit", "debit", "price",
+      "plan", "tier", "coupon", "refund", "transaction", "purchase",
+      "order", "cart", "paypal", "wallet",
+    ],
+  },
+  {
+    tag:      "pii",
+    severity: "high",
+    label:    "Personal / PII Data",
+    keywords: [
+      "pii", "personal", "profile", "email", "phone", "address",
+      "name", "user", "account", "gdpr", "privacy", "data",
+      "export", "download", "delete account", "identity", "dob",
+      "birthday", "ssn", "passport", "tax",
+    ],
+  },
+  {
+    tag:      "admin",
+    severity: "medium",
+    label:    "Admin / Privileged",
+    keywords: [
+      "admin", "manage", "config", "setting", "system", "deploy",
+      "migration", "seed", "reset", "purge", "archive", "batch",
+      "bulk", "impersonate", "override", "feature flag",
+    ],
+  },
+  {
+    tag:      "public",
+    severity: "low",
+    label:    "Public / Read-only",
+    keywords: [
+      "list", "search", "view", "read", "fetch", "get", "show",
+      "display", "browse", "filter", "sort", "paginate",
+    ],
+  },
+];
+
+const SEVERITY_ORDER = { high: 3, medium: 2, low: 1, unknown: 0 };
+
+// ── Classification ────────────────────────────────────────────────────────────
+
+function classifyCapability(cap) {
+  const text = [
+    typeof cap === "string" ? cap : "",
+    cap?.id     || "",
+    cap?.name   || "",
+    cap?.description || "",
+    (cap?.tags  || []).join(" "),
+  ].join(" ").toLowerCase();
+
+  const matched = [];
+  for (const rule of SENSITIVITY_RULES) {
+    if (rule.keywords.some(kw => text.includes(kw))) {
+      matched.push(rule);
+    }
+  }
+
+  // Remove "public" if any higher-severity tag also matched
+  const hasHigher = matched.some(r => r.tag !== "public" && r.severity !== "low");
+  const filtered  = hasHigher ? matched.filter(r => r.tag !== "public") : matched;
+
+  if (!filtered.length) {
+    return { tags: ["unknown"], severity: "unknown", labels: ["Unclassified"] };
+  }
+
+  const severity = filtered.reduce((best, r) => {
+    return SEVERITY_ORDER[r.severity] > SEVERITY_ORDER[best] ? r.severity : best;
+  }, "low");
+
+  return {
+    tags:     filtered.map(r => r.tag),
+    severity,
+    labels:   filtered.map(r => r.label),
+  };
+}
+
+// ── Storage ───────────────────────────────────────────────────────────────────
+
+function readAudit(infernoDir) {
+  const p = path.join(infernoDir, AUDIT_FILE);
+  if (!fs.existsSync(p)) return {};
+  try { return JSON.parse(fs.readFileSync(p, "utf8")); } catch { return {}; }
+}
+
+function writeAudit(infernoDir, data) {
+  fs.writeFileSync(path.join(infernoDir, AUDIT_FILE), JSON.stringify(data, null, 2) + "\n");
+}
+
+function readContract(infernoDir) {
+  for (const f of ["contract.json", "capabilities.json"]) {
+    const p = path.join(infernoDir, f);
+    if (fs.existsSync(p)) {
+      try { return JSON.parse(fs.readFileSync(p, "utf8")); } catch {}
+    }
+  }
+  return null;
+}
+
+// ── Formatters ────────────────────────────────────────────────────────────────
+
+function severityColor(sev) {
+  if (sev === "high")    return red;
+  if (sev === "medium")  return yellow;
+  if (sev === "low")     return green;
+  return gray;
+}
+
+function severityIcon(sev) {
+  if (sev === "high")   return "🔴";
+  if (sev === "medium") return "🟡";
+  if (sev === "low")    return "🟢";
+  return "⚪";
+}
+
+function printTextReport(results, stats) {
+  const bySeverity = { high: [], medium: [], low: [], unknown: [] };
+  for (const r of results) (bySeverity[r.severity] || bySeverity.unknown).push(r);
+
+  console.log();
+  console.log(`  ${bold("🔥 infernoflow audit — Security Surface Map")}`);
+  console.log();
+  console.log(`  ${bold(String(results.length))} capabilities scanned`);
+  console.log(`  ${red(String(stats.high))} high · ${yellow(String(stats.medium))} medium · ${green(String(stats.low))} low · ${gray(String(stats.unknown))} unclassified`);
+  console.log();
+
+  for (const [sev, items] of Object.entries(bySeverity)) {
+    if (!items.length) continue;
+    const col = severityColor(sev);
+    console.log(`  ${col(bold(`${sev.toUpperCase()} (${items.length})`))}`);
+    for (const item of items) {
+      const tagStr = item.tags.join(", ");
+      console.log(`  ${col("▸")} ${bold(item.id.padEnd(30))} ${gray(tagStr)}`);
+      if (item.description) console.log(`    ${gray(item.description.slice(0, 72))}`);
+    }
+    console.log();
+  }
+
+  if (stats.unknown > 0) {
+    console.log(`  ${gray("Tip: Add descriptions to unclassified capabilities for better detection.")}`);
+    console.log();
+  }
+}
+
+function buildHtmlReport(results, stats, runAt) {
+  const rows = results.map(r => {
+    const sev  = r.severity;
+    const cls  = sev === "high" ? "high" : sev === "medium" ? "med" : sev === "low" ? "low" : "unk";
+    const tags = r.tags.join(", ");
+    const icon = severityIcon(sev);
+    return `<tr class="${cls}"><td>${icon} ${sev}</td><td><strong>${escHtml(r.id)}</strong></td><td>${escHtml(tags)}</td><td>${escHtml(r.description || "")}</td></tr>`;
+  }).join("\n");
+
+  return `<!DOCTYPE html>
 <html lang="en">
 <head>
 <meta charset="UTF-8">
@@ -28,21 +226,110 @@ import*as d from"node:fs";import*as u from"node:path";import{done as I,warn as N
 </style>
 </head>
 <body>
-<h1>\u{1F525} infernoflow audit</h1>
-<p class="meta">Generated ${n}</p>
+<h1>🔥 infernoflow audit</h1>
+<p class="meta">Generated ${runAt}</p>
 <div class="stats">
-  <div class="stat high"><div class="n">${t.high}</div><div class="l">HIGH</div></div>
-  <div class="stat med"><div class="n">${t.medium}</div><div class="l">MEDIUM</div></div>
-  <div class="stat low"><div class="n">${t.low}</div><div class="l">LOW</div></div>
-  <div class="stat unk"><div class="n">${t.unknown}</div><div class="l">UNKNOWN</div></div>
+  <div class="stat high"><div class="n">${stats.high}</div><div class="l">HIGH</div></div>
+  <div class="stat med"><div class="n">${stats.medium}</div><div class="l">MEDIUM</div></div>
+  <div class="stat low"><div class="n">${stats.low}</div><div class="l">LOW</div></div>
+  <div class="stat unk"><div class="n">${stats.unknown}</div><div class="l">UNKNOWN</div></div>
 </div>
 <table>
 <thead><tr><th>Severity</th><th>Capability</th><th>Tags</th><th>Description</th></tr></thead>
 <tbody>
-${c}
+${rows}
 </tbody>
 </table>
 </body>
-</html>`}function k(o){return String(o).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;")}async function G(o){const t=o.slice(1),n=t.includes("--json")||t.includes("--format")&&t[t.indexOf("--format")+1]==="json",c=process.cwd(),s=u.join(c,"inferno");if(!d.existsSync(s)){const i="inferno/ not found. Run: infernoflow init";n?console.log(JSON.stringify({ok:!1,error:i})):N(i),process.exit(1)}const r=t.indexOf("--format"),e=r!==-1?t[r+1]:n?"json":"text",l=t.indexOf("--out"),y=l!==-1?t[l+1]:null,S=t.indexOf("--fail-on"),v=S!==-1?t[S+1]:null,$=P(s);if(!$){const i="No contract.json or capabilities.json found.";n?console.log(JSON.stringify({ok:!1,error:i})):N(i),process.exit(1)}const D=$.capabilities||[],j=new Date().toISOString(),f=D.map(i=>{const a=typeof i=="string"?i:i.id||i.name||"unknown",w=typeof i=="string"?"":i.description||"",E=R(i);return{id:a,description:w,...E}});f.sort((i,a)=>(p[a.severity]||0)-(p[i.severity]||0));const h={high:0,medium:0,low:0,unknown:0};for(const i of f){const a=i.severity in h?i.severity:"unknown";h[a]++}const O={runAt:j,stats:h,capabilities:f};if(H(s,O),e==="json"||n)console.log(JSON.stringify({ok:!0,...O}));else if(e==="html"){const i=z(f,h,j),a=y||u.join(s,"audit.html");d.writeFileSync(a,i),n||I(`HTML audit report written to ${g(a)}`)}else J(f,h),n||I(`Saved to ${g(u.join(s,x))}`);if(v){const i=p[v]||0,a=f.filter(w=>(p[w.severity]||0)>=i);a.length>0&&(n||console.error(b(`
-  \u2717  ${a.length} capability/capabilities at or above "${v}" severity \u2014 review required.
-`)),process.exit(1))}}export{G as auditCommand};
+</html>`;
+}
+
+function escHtml(str) {
+  return String(str).replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+}
+
+// ── Entry ─────────────────────────────────────────────────────────────────────
+
+export async function auditCommand(rawArgs) {
+  const args      = rawArgs.slice(1);
+  const jsonMode  = args.includes("--json") || args.includes("--format") && args[args.indexOf("--format") + 1] === "json";
+  const cwd       = process.cwd();
+  const infernoDir = path.join(cwd, "inferno");
+
+  if (!fs.existsSync(infernoDir)) {
+    const msg = "inferno/ not found. Run: infernoflow init";
+    if (jsonMode) { console.log(JSON.stringify({ ok: false, error: msg })); }
+    else { warn(msg); }
+    process.exit(1);
+  }
+
+  // Parse flags
+  const fmtIdx    = args.indexOf("--format");
+  const format    = fmtIdx !== -1 ? args[fmtIdx + 1] : (jsonMode ? "json" : "text");
+  const outIdx    = args.indexOf("--out");
+  const outPath   = outIdx !== -1 ? args[outIdx + 1] : null;
+  const failOnIdx = args.indexOf("--fail-on");
+  const failOn    = failOnIdx !== -1 ? args[failOnIdx + 1] : null;
+
+  const contract = readContract(infernoDir);
+  if (!contract) {
+    const msg = "No contract.json or capabilities.json found.";
+    if (jsonMode) { console.log(JSON.stringify({ ok: false, error: msg })); }
+    else { warn(msg); }
+    process.exit(1);
+  }
+
+  const rawCaps = contract.capabilities || [];
+  const runAt   = new Date().toISOString();
+
+  // Classify every capability
+  const results = rawCaps.map(cap => {
+    const id          = typeof cap === "string" ? cap : (cap.id || cap.name || "unknown");
+    const description = typeof cap === "string" ? "" : (cap.description || "");
+    const cls         = classifyCapability(cap);
+    return { id, description, ...cls };
+  });
+
+  // Sort by severity descending
+  results.sort((a, b) => (SEVERITY_ORDER[b.severity] || 0) - (SEVERITY_ORDER[a.severity] || 0));
+
+  // Stats
+  const stats = { high: 0, medium: 0, low: 0, unknown: 0 };
+  for (const r of results) {
+    const key = r.severity in stats ? r.severity : "unknown";
+    stats[key]++;
+  }
+
+  // Persist to audit.json
+  const auditData = {
+    runAt,
+    stats,
+    capabilities: results,
+  };
+  writeAudit(infernoDir, auditData);
+
+  // Output
+  if (format === "json" || jsonMode) {
+    console.log(JSON.stringify({ ok: true, ...auditData }));
+  } else if (format === "html") {
+    const html = buildHtmlReport(results, stats, runAt);
+    const dest = outPath || path.join(infernoDir, "audit.html");
+    fs.writeFileSync(dest, html);
+    if (!jsonMode) done(`HTML audit report written to ${bold(dest)}`);
+  } else {
+    printTextReport(results, stats);
+    if (!jsonMode) done(`Saved to ${bold(path.join(infernoDir, AUDIT_FILE))}`);
+  }
+
+  // Exit code enforcement
+  if (failOn) {
+    const threshold = SEVERITY_ORDER[failOn] || 0;
+    const violations = results.filter(r => (SEVERITY_ORDER[r.severity] || 0) >= threshold);
+    if (violations.length > 0) {
+      if (!jsonMode) {
+        console.error(red(`\n  ✗  ${violations.length} capability/capabilities at or above "${failOn}" severity — review required.\n`));
+      }
+      process.exit(1);
+    }
+  }
+}