lastgen 1.2.0 → 1.2.1

package/bin/lastgen

@@ -0,0 +1,17 @@
+#!/usr/bin/env -S node --disable-warning=ExperimentalWarning
+
+import { fileURLToPath } from 'url';
+import { dirname, join } from 'path';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+const { run } = await import(join(__dirname, '..', 'dist', 'cli.mjs'));
+
+try {
+  await run(process.argv.slice(2));
+} catch (err) {
+  const message = err instanceof Error ? err.message : String(err);
+  process.stderr.write(`Error: ${message}\n`);
+  process.exitCode = 1;
+}

package/dist/cli.mjs

@@ -0,0 +1,673 @@
+import { parseArgs, styleText } from "node:util";
+import { existsSync, readFileSync } from "node:fs";
+import { dirname, extname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { createHash } from "node:crypto";
+import { createServer } from "node:http";
+//#region src/core/types.ts
+/**
+* @fileoverview Shared interfaces, constants, and type definitions for lastgen.
+*/
+const CUTOFF_DATE = "2025-02-21T00:00:00Z";
+const ERAS = {
+	LAST_GEN: {
+		title: "Last Generation Coder",
+		description: "Wrote code before AI agents shipped"
+	},
+	AI_NATIVE: {
+		title: "AI Native Coder",
+		description: "First verifiable commit after AI agents shipped"
+	}
+};
+const CERTIFICATE_SALT = "lastgen_v1";
+const THIRTY_DAYS_MS = 720 * 60 * 60 * 1e3;
+//#endregion
+//#region src/core/github.ts
+const GITHUB_API = "https://api.github.com";
+const USER_AGENT = "lastgen";
+function buildHeaders(token) {
+	const headers = {
+		Accept: "application/vnd.github.v3+json",
+		"User-Agent": USER_AGENT
+	};
+	if (token) headers["Authorization"] = `token ${token}`;
+	return headers;
+}
+async function githubFetch(url, token, extraHeaders) {
+	const response = await fetch(url, { headers: {
+		...buildHeaders(token),
+		...extraHeaders
+	} });
+	if (response.status === 403) {
+		if (response.headers.get("x-ratelimit-remaining") === "0") {
+			const resetTimestamp = response.headers.get("x-ratelimit-reset");
+			const resetDate = resetTimestamp ? (/* @__PURE__ */ new Date(Number(resetTimestamp) * 1e3)).toLocaleTimeString() : "soon";
+			throw new Error(`GitHub API rate limit exceeded. Resets at ${resetDate}.`);
+		}
+	}
+	if (response.status === 404) {
+		const userMatch = url.match(/\/users\/([^/?]+)/);
+		if (userMatch?.[1]) throw new Error(`GitHub user '${decodeURIComponent(userMatch[1])}' not found. Check the spelling?`);
+		throw new Error(`Not found: ${url}`);
+	}
+	if (!response.ok) throw new Error(`GitHub API error: ${response.status} ${response.statusText}`);
+	return response;
+}
+async function fetchUser(username, token) {
+	const data = await (await githubFetch(`${GITHUB_API}/users/${encodeURIComponent(username)}`, token)).json();
+	return {
+		login: data.login,
+		id: data.id,
+		name: data.name ?? null,
+		createdAt: data.created_at
+	};
+}
+async function fetchFirstCommit(username, token) {
+	const commit = await searchFirstCommit(username, token);
+	if (commit?.repo) commit.repoCreatedAt = await fetchRepoCreatedAt(commit.repo, token);
+	return commit;
+}
+async function fetchRepoCreatedAt(repoFullName, token) {
+	try {
+		return (await (await githubFetch(`${GITHUB_API}/repos/${repoFullName}`, token)).json()).created_at ?? void 0;
+	} catch {
+		return;
+	}
+}
+async function searchFirstCommitByQuery(query, token, order = "asc") {
+	try {
+		const item = (await (await githubFetch(`${GITHUB_API}/search/commits?q=${encodeURIComponent(query)}&sort=committer-date&order=${order}&per_page=1`, token, { Accept: "application/vnd.github.cloak-preview+json" })).json()).items?.[0];
+		if (!item) return null;
+		const commit = item.commit;
+		const author = commit.author;
+		const commitCommitter = commit.committer;
+		const repo = item.repository;
+		return {
+			date: author.date,
+			repo: repo.full_name ?? "",
+			sha: item.sha,
+			message: (commit.message ?? "").split("\n")[0] ?? "",
+			committerDate: commitCommitter?.date ?? void 0
+		};
+	} catch (err) {
+		if (err instanceof Error && err.message.includes("rate limit")) throw err;
+		return null;
+	}
+}
+async function searchFirstCommit(username, token) {
+	const cutoffDate = CUTOFF_DATE.slice(0, 10);
+	return await searchFirstCommitByQuery(`author:${username} user:${username} committer-date:<${cutoffDate}`, token, "desc") ?? await searchFirstCommitByQuery(`author:${username} committer-date:<${cutoffDate}`, token, "desc") ?? await searchFirstCommitByQuery(`author:${username}`, token);
+}
+async function fetchCommit(repoFullName, sha, token) {
+	const data = await (await githubFetch(`${GITHUB_API}/repos/${repoFullName}/commits/${sha}`, token)).json();
+	const commit = data.commit;
+	const commitAuthor = commit.author;
+	const commitCommitter = commit.committer;
+	const verification = commit.verification;
+	const author = data.author;
+	const committer = data.committer;
+	const parents = data.parents;
+	return {
+		sha: data.sha,
+		authorLogin: author?.login ?? null,
+		committerLogin: committer?.login ?? null,
+		authorEmail: commitAuthor.email ?? null,
+		authorDate: commitAuthor.date ?? null,
+		committerDate: commitCommitter?.date ?? null,
+		authorId: author?.id ?? null,
+		verificationReason: verification?.reason ?? null,
+		isRootCommit: Array.isArray(parents) && parents.length === 0,
+		message: (commit.message ?? "").split("\n")[0] ?? "",
+		verified: Boolean(verification?.verified)
+	};
+}
+//#endregion
+//#region src/core/proof.ts
+function classifyEra(proofDate) {
+	const cutoff = new Date(CUTOFF_DATE).getTime();
+	return new Date(proofDate).getTime() < cutoff ? "LAST_GEN" : "AI_NATIVE";
+}
+function resolveProofDate(user, firstCommit) {
+	if (!firstCommit) return (/* @__PURE__ */ new Date()).toISOString();
+	const effectiveDate = getEffectiveCommitDate(firstCommit);
+	const commitTime = new Date(effectiveDate).getTime();
+	const accountTime = new Date(user.createdAt).getTime();
+	if (commitTime < (firstCommit.repoCreatedAt ? new Date(firstCommit.repoCreatedAt).getTime() : Infinity)) return firstCommit.repoCreatedAt ?? user.createdAt;
+	return commitTime < accountTime ? effectiveDate : user.createdAt;
+}
+function getEffectiveCommitDate(commit) {
+	if (!commit.committerDate) return commit.date;
+	const authorTime = new Date(commit.date).getTime();
+	if (new Date(commit.committerDate).getTime() - authorTime > 2592e6) return commit.committerDate;
+	return commit.date;
+}
+async function generateCertificateHash(hashFn, username, githubId, proofDate, era) {
+	return hashFn(JSON.stringify({
+		username,
+		githubId,
+		proofDate,
+		era,
+		salt: CERTIFICATE_SALT
+	}));
+}
+function generateCertificateNumber(hash) {
+	const prefix = hash.slice(0, 4).toUpperCase();
+	const numericPart = parseInt(hash.slice(4, 12), 16) % 1e6;
+	return `LGC-${prefix}-${String(numericPart).padStart(6, "0")}`;
+}
+async function createCertificate(hashFn, user, firstCommit) {
+	const proofDate = resolveProofDate(user, firstCommit);
+	const era = classifyEra(proofDate);
+	const hash = await generateCertificateHash(hashFn, user.login, user.id, proofDate, era);
+	const certificateNumber = generateCertificateNumber(hash);
+	return {
+		version: "1.0",
+		type: "LASTGEN_CERTIFICATE",
+		identity: {
+			username: user.login,
+			githubId: user.id,
+			name: user.name
+		},
+		proof: {
+			accountCreated: user.createdAt,
+			firstCommit: firstCommit ?? {
+				date: user.createdAt,
+				repo: "",
+				sha: "",
+				message: "(no public commits found - using account creation date)"
+			},
+			proofDate
+		},
+		era,
+		verification: {
+			hash: `sha256:${hash}`,
+			salt: CERTIFICATE_SALT
+		},
+		certificateNumber,
+		issuedAt: (/* @__PURE__ */ new Date()).toISOString()
+	};
+}
+//#endregion
+//#region src/hash.ts
+/**
+* @fileoverview Node.js SHA-256 hash implementation using node:crypto.
+*/
+const nodeHash = async (data) => {
+	return createHash("sha256").update(data).digest("hex");
+};
+//#endregion
+//#region src/display.ts
+/**
+* @fileoverview Terminal output formatting with ASCII box-drawing for certificates and verification.
+*/
+function shouldUseColor() {
+	if (process.env["NO_COLOR"] !== void 0) return false;
+	if (process.env["TERM"] === "dumb") return false;
+	if (process.argv.includes("--no-color")) return false;
+	return process.stdout.isTTY === true;
+}
+function style(format, text) {
+	if (!shouldUseColor()) return text;
+	return styleText(format, text);
+}
+function boxRule() {
+	return style("dim", "+" + "-".repeat(52) + "+");
+}
+function boxLine(content, rawLength) {
+	const pad = 50 - rawLength;
+	return style("dim", "|") + " " + content + " ".repeat(Math.max(pad, 0)) + " " + style("dim", "|");
+}
+function boxEmpty() {
+	return boxLine("", 0);
+}
+const LABEL_WIDTH = 13;
+function labelLine(label, value, styledValue, lines) {
+	const max = 50 - LABEL_WIDTH;
+	if (value.length <= max) {
+		lines.push(boxLine(style("dim", label) + styledValue, LABEL_WIDTH + value.length));
+		return;
+	}
+	const indent = " ".repeat(LABEL_WIDTH);
+	let remaining = value;
+	let isFirst = true;
+	while (remaining.length > 0) {
+		const chunk = remaining.slice(0, max);
+		remaining = remaining.slice(max);
+		const prefix = isFirst ? style("dim", label) : indent;
+		lines.push(boxLine(prefix + chunk, LABEL_WIDTH + chunk.length));
+		isFirst = false;
+	}
+}
+function displayCertificate(cert) {
+	const out = process.stdout;
+	const isLastGen = cert.era === "LAST_GEN";
+	const eraInfo = ERAS[cert.era];
+	const lines = [];
+	lines.push(boxRule());
+	const title = style("bold", "LASTGEN CERTIFICATE");
+	const titlePadL = Math.floor(31 / 2);
+	const titlePadR = 31 - titlePadL;
+	lines.push(boxLine(" ".repeat(titlePadL) + title + " ".repeat(titlePadR), 50));
+	lines.push(boxRule());
+	labelLine("Certificate  ", cert.certificateNumber, cert.certificateNumber, lines);
+	const issuedDate = new Date(cert.issuedAt).toISOString().slice(0, 10);
+	labelLine("Issued       ", issuedDate, issuedDate, lines);
+	lines.push(boxEmpty());
+	const devValue = cert.identity.name ? `${cert.identity.username} (${cert.identity.name})` : cert.identity.username;
+	labelLine("Developer    ", devValue, devValue, lines);
+	const eraColor = isLastGen ? "green" : "cyan";
+	labelLine("Era          ", eraInfo.title, style(eraColor, eraInfo.title), lines);
+	labelLine("             ", eraInfo.description, style("dim", eraInfo.description), lines);
+	if (cert.proof.firstCommit.sha) {
+		lines.push(boxEmpty());
+		const commitDate = new Date(cert.proof.firstCommit.date).toISOString().slice(0, 10);
+		const repo = cert.proof.firstCommit.repo;
+		labelLine("Proof Commit ", repo, repo, lines);
+		const commitMsg = `${cert.proof.firstCommit.sha.slice(0, 7)} ${cert.proof.firstCommit.message.replace(/\n/g, " ")}`;
+		labelLine("             ", commitMsg, style("dim", commitMsg), lines);
+		labelLine("Commit Date  ", commitDate, commitDate, lines);
+	}
+	lines.push(boxEmpty());
+	const hash = cert.verification.hash;
+	labelLine("Hash         ", hash, style("dim", hash), lines);
+	lines.push(boxRule());
+	out.write("\n" + lines.join("\n") + "\n\n");
+}
+function displayBadgeMarkdown(cert) {
+	const out = process.stdout;
+	const badgeUrl = `https://img.shields.io/badge/lastgen-${cert.era === "LAST_GEN" ? "Last%20Gen" : "AI%20Native"}-${cert.era === "LAST_GEN" ? "blue" : "brightgreen"}?style=for-the-badge`;
+	out.write("\n");
+	out.write(style("bold", "  Add to your GitHub README:") + "\n");
+	out.write("\n");
+	out.write(`  [![Last Gen Coder](${badgeUrl})](https://github.com/pgagnidze/lastgen)\n`);
+	out.write("\n");
+}
+function displayJson(cert) {
+	process.stdout.write(JSON.stringify(cert, null, 2) + "\n");
+}
+function info(message) {
+	process.stderr.write(style("dim", `  ${message}`) + "\n");
+}
+function error(message) {
+	process.stderr.write(style("red", `  ${message}`) + "\n");
+}
+//#endregion
+//#region src/core/verify.ts
+function isValidCertificate(data) {
+	if (typeof data !== "object" || data === null) return false;
+	const cert = data;
+	return cert.type === "LASTGEN_CERTIFICATE" && typeof cert.version === "string" && typeof cert.identity === "object" && typeof cert.proof === "object" && typeof cert.verification === "object" && typeof cert.certificateNumber === "string";
+}
+function matchesNoreplyEmail(email, username) {
+	const lower = email.toLowerCase();
+	const user = username.toLowerCase();
+	return new RegExp(`^(\\d+\\+)?${escapeRegex(user)}@users\\.noreply\\.github\\.com$`).test(lower);
+}
+function escapeRegex(str) {
+	return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+async function verifyCertificateData(cert, hashFn, token) {
+	const results = [];
+	const expectedHash = await generateCertificateHash(hashFn, cert.identity.username, cert.identity.githubId, cert.proof.proofDate, cert.era);
+	const actualHash = cert.verification.hash.replace("sha256:", "");
+	results.push({
+		check: "Hash integrity",
+		passed: expectedHash === actualHash,
+		detail: expectedHash === actualHash ? "Certificate hash is valid" : "Certificate hash does not match - data may have been tampered with"
+	});
+	const proofDate = new Date(cert.proof.proofDate);
+	const cutoff = new Date(CUTOFF_DATE);
+	const expectedEra = proofDate.getTime() < cutoff.getTime() ? "LAST_GEN" : "AI_NATIVE";
+	results.push({
+		check: "Era classification",
+		passed: cert.era === expectedEra,
+		detail: cert.era === expectedEra ? `Era ${cert.era} is correct for proof date ${cert.proof.proofDate}` : `Era should be ${expectedEra} but certificate claims ${cert.era}`
+	});
+	const expectedProofDate = resolveProofDate({
+		login: cert.identity.username,
+		id: cert.identity.githubId,
+		name: cert.identity.name,
+		createdAt: cert.proof.accountCreated
+	}, cert.proof.firstCommit.sha ? cert.proof.firstCommit : null);
+	const proofDateMatch = Math.abs(new Date(expectedProofDate).getTime() - proofDate.getTime()) < 6e4;
+	results.push({
+		check: "Proof date",
+		passed: proofDateMatch,
+		detail: proofDateMatch ? `Proof date ${cert.proof.proofDate} is consistent with commit and account data` : `Proof date should be ${expectedProofDate} but certificate claims ${cert.proof.proofDate}`
+	});
+	if (cert.proof.firstCommit.sha) try {
+		const commitDetail = await fetchCommit(cert.proof.firstCommit.repo, cert.proof.firstCommit.sha, token);
+		const username = cert.identity.username.toLowerCase();
+		const authorMatch = (commitDetail.authorLogin ?? "").toLowerCase() === username;
+		const committerMatch = (commitDetail.committerLogin ?? "").toLowerCase() === username;
+		const emailMatch = commitDetail.authorEmail ? matchesNoreplyEmail(commitDetail.authorEmail, cert.identity.username) : false;
+		const identityMatch = authorMatch || committerMatch || emailMatch;
+		const matchMethods = [];
+		if (authorMatch) matchMethods.push("author login");
+		if (committerMatch) matchMethods.push("committer login");
+		if (emailMatch) matchMethods.push("noreply email");
+		results.push({
+			check: "Identity",
+			passed: identityMatch,
+			detail: identityMatch ? `Matched via: ${matchMethods.join(", ")}` : `Commit author (${commitDetail.authorLogin}) does not match ${cert.identity.username}`
+		});
+		const isSelfOwned = (cert.proof.firstCommit.repo.split("/")[0] ?? "").toLowerCase() === cert.identity.username.toLowerCase();
+		results.push({
+			check: "Repo ownership",
+			passed: true,
+			detail: isSelfOwned ? `Commit is in a repo owned by ${cert.identity.username}` : `Commit is in a third-party repo (${cert.proof.firstCommit.repo})`
+		});
+		if (commitDetail.authorId !== null) {
+			const idMatch = commitDetail.authorId === cert.identity.githubId;
+			results.push({
+				check: "GitHub ID",
+				passed: idMatch,
+				detail: idMatch ? `GitHub ID ${commitDetail.authorId} matches certificate` : `Commit author ID ${commitDetail.authorId} does not match certificate ID ${cert.identity.githubId}`
+			});
+		}
+		const commitDate = new Date(commitDetail.authorDate ?? "");
+		const certDate = new Date(cert.proof.firstCommit.date);
+		const datesClose = Math.abs(commitDate.getTime() - certDate.getTime()) < 6e4;
+		results.push({
+			check: "Commit date",
+			passed: datesClose,
+			detail: datesClose ? `Commit date matches certificate (${commitDetail.authorDate})` : `Commit date ${commitDetail.authorDate} differs from certificate ${cert.proof.firstCommit.date}`
+		});
+		if (commitDetail.authorDate && commitDetail.committerDate) {
+			const authorTime = new Date(commitDetail.authorDate).getTime();
+			const committerTime = new Date(commitDetail.committerDate).getTime();
+			const driftMs = Math.abs(committerTime - authorTime);
+			const driftDays = Math.round(driftMs / (1440 * 60 * 1e3));
+			const consistent = driftMs <= THIRTY_DAYS_MS;
+			results.push({
+				check: "Date consistency",
+				passed: consistent,
+				detail: consistent ? `Author/committer date drift: ${driftDays}d (within 30d threshold)` : `Author/committer date drift: ${driftDays}d exceeds 30d - author date may be forged`
+			});
+		}
+		if (commitDetail.isRootCommit) results.push({
+			check: "Root commit",
+			passed: true,
+			detail: "Commit has no parents (first commit in repo - higher trust)"
+		});
+		if (commitDetail.verified) {
+			const reason = commitDetail.verificationReason;
+			const reasonDetail = reason && reason !== "valid" ? ` (${reason})` : "";
+			results.push({
+				check: "GPG signature",
+				passed: true,
+				detail: `Commit is GPG-signed${reasonDetail}`
+			});
+		}
+	} catch (fetchError) {
+		const message = fetchError instanceof Error ? fetchError.message : String(fetchError);
+		results.push({
+			check: "Commit verification",
+			passed: false,
+			detail: `Could not fetch commit from GitHub: ${message}`
+		});
+	}
+	return {
+		valid: results.every((r) => r.passed),
+		results,
+		certificateNumber: cert.certificateNumber,
+		username: cert.identity.username
+	};
+}
+//#endregion
+//#region src/verify-cli.ts
+/**
+* @fileoverview CLI wrapper for certificate verification. Handles file I/O and display.
+*/
+async function verifyCertificate(filePath, hashFn, token) {
+	let raw;
+	try {
+		raw = readFileSync(filePath, "utf-8");
+	} catch {
+		error(`Cannot read file: ${filePath}`);
+		return false;
+	}
+	let cert;
+	try {
+		cert = JSON.parse(raw);
+	} catch {
+		error("Invalid JSON in certificate file.");
+		return false;
+	}
+	if (!isValidCertificate(cert)) {
+		error("File is not a valid lastgen certificate.");
+		return false;
+	}
+	info(`Verifying certificate ${cert.certificateNumber}...`);
+	info(`Developer: ${cert.identity.username}`);
+	info("");
+	if (cert.proof.firstCommit.sha) info(`Fetching commit ${cert.proof.firstCommit.sha.slice(0, 7)} from GitHub...`);
+	const { valid, results } = await verifyCertificateData(cert, hashFn, token);
+	const out = process.stdout;
+	const lines = [];
+	lines.push(boxRule());
+	const title = style("bold", "VERIFICATION");
+	const titlePadL = Math.floor(38 / 2);
+	const titlePadR = 38 - titlePadL;
+	lines.push(boxLine(" ".repeat(titlePadL) + title + " ".repeat(titlePadR), 50));
+	lines.push(boxRule());
+	for (const result of results) {
+		const checkLine = `${result.passed ? style("green", "PASS") : style("red", "FAIL")}  ${style("bold", result.check)}`;
+		lines.push(boxLine(checkLine, 6 + result.check.length));
+		const indent = 6;
+		const maxLen = 50 - indent;
+		let remaining = result.detail;
+		while (remaining.length > 0) {
+			const chunk = remaining.slice(0, maxLen);
+			remaining = remaining.slice(maxLen);
+			const line = " ".repeat(indent) + style("dim", chunk);
+			lines.push(boxLine(line, indent + chunk.length));
+		}
+	}
+	lines.push(boxRule());
+	if (valid) {
+		const msg = style("green", "Certificate is valid.");
+		lines.push(boxLine(msg, 21));
+	} else {
+		const msg = style("red", "Certificate verification failed.");
+		lines.push(boxLine(msg, 32));
+	}
+	lines.push(boxRule());
+	out.write("\n" + lines.join("\n") + "\n\n");
+	return valid;
+}
+//#endregion
+//#region src/serve.ts
+/**
+* @fileoverview Static HTTP server for the pre-built web frontend.
+* Zero dependencies — uses node:http and node:fs.
+*/
+const MIME_TYPES = {
+	".html": "text/html; charset=utf-8",
+	".css": "text/css; charset=utf-8",
+	".js": "application/javascript; charset=utf-8",
+	".json": "application/json; charset=utf-8",
+	".svg": "image/svg+xml",
+	".png": "image/png",
+	".ico": "image/x-icon"
+};
+function serve(port = 3e3) {
+	const distDir = join(dirname(fileURLToPath(import.meta.url)), "..", "web", "dist");
+	if (!existsSync(distDir)) {
+		process.stderr.write(`  Web assets not found at ${distDir}\n  Run "cd web && npm install && npm run build" first.
+`);
+		process.exitCode = 1;
+		return;
+	}
+	createServer((req, res) => {
+		let urlPath = req.url ?? "/";
+		const qIndex = urlPath.indexOf("?");
+		if (qIndex !== -1) urlPath = urlPath.slice(0, qIndex);
+		if (urlPath.startsWith("/lastgen/")) urlPath = urlPath.slice(8);
+		if (urlPath === "/" || urlPath === "") urlPath = "/index.html";
+		const filePath = join(distDir, urlPath);
+		if (!filePath.startsWith(distDir)) {
+			res.writeHead(403);
+			res.end("Forbidden");
+			return;
+		}
+		try {
+			const content = readFileSync(filePath);
+			const contentType = MIME_TYPES[extname(filePath)] ?? "application/octet-stream";
+			res.writeHead(200, { "Content-Type": contentType });
+			res.end(content);
+		} catch {
+			try {
+				const indexContent = readFileSync(join(distDir, "index.html"));
+				res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+				res.end(indexContent);
+			} catch {
+				res.writeHead(404);
+				res.end("Not found");
+			}
+		}
+	}).listen(port, "127.0.0.1", () => {
+		process.stderr.write(`\n  lastgen web UI running at http://localhost:${port}/\n\n`);
+	});
+}
+//#endregion
+//#region src/cli.ts
+/**
+* @fileoverview CLI argument parsing and command routing using built-in parseArgs.
+*/
+function getVersion() {
+	try {
+		const packagePath = join(dirname(fileURLToPath(import.meta.url)), "..", "package.json");
+		return JSON.parse(readFileSync(packagePath, "utf-8")).version ?? "unknown";
+	} catch {
+		return "unknown";
+	}
+}
+const HELP_BRIEF = `
+    _            _
+   | | __ _ ___ | |_  __ _  ___ _ __
+   | |/ _\` / __|| __/ _\` |/ _ \\ '_ \\
+   | | (_| \\__ \\| || (_| |  __/ | | |
+   |_|\\__,_|___/ \\__\\__, |\\___|_| |_|
+                     |___/
+  Check if you started coding before or after AI agents.
+
+  Usage:
+    lastgen <username>                Classify a GitHub user
+    lastgen verify <file.json>        Verify a saved certificate
+    lastgen serve [--port <port>]     Launch web UI
+
+  Options:
+    --token <token>       GitHub personal access token
+    --json                Output as JSON
+    --badge               Output as README badge markdown
+    --port <port>         Port for web UI (default: 3000)
+    --no-color            Disable colors
+    -h, --help            Show this help
+    -v, --version         Show version
+
+  Environment:
+    GITHUB_TOKEN          GitHub token (alternative to --token)
+    NO_COLOR              Disable colors (any value)
+
+  Examples:
+    npx lastgen torvalds
+    npx lastgen --json torvalds > proof.json
+    npx lastgen verify proof.json
+    npx lastgen --badge torvalds
+    npx lastgen serve
+`;
+function parseCli(argv) {
+	const { values, positionals } = parseArgs({
+		args: argv,
+		options: {
+			token: { type: "string" },
+			json: {
+				type: "boolean",
+				default: false
+			},
+			badge: {
+				type: "boolean",
+				default: false
+			},
+			port: { type: "string" },
+			help: {
+				type: "boolean",
+				short: "h",
+				default: false
+			},
+			version: {
+				type: "boolean",
+				short: "v",
+				default: false
+			},
+			"no-color": {
+				type: "boolean",
+				default: false
+			}
+		},
+		allowPositionals: true,
+		strict: false
+	});
+	const first = positionals[0] ?? "";
+	const isVerify = first === "verify";
+	return {
+		command: isVerify ? "verify" : first === "serve" ? "serve" : first ? "lookup" : "",
+		target: isVerify ? positionals[1] ?? "" : first,
+		token: values.token ?? process.env["GITHUB_TOKEN"],
+		port: Number(values.port) || 3e3,
+		json: Boolean(values.json),
+		badge: Boolean(values.badge),
+		help: Boolean(values.help),
+		version: Boolean(values.version)
+	};
+}
+async function run(argv) {
+	const opts = parseCli(argv);
+	if (opts.version) {
+		process.stdout.write(`lastgen ${getVersion()}\n`);
+		return;
+	}
+	if (opts.help || !opts.command) {
+		process.stdout.write(HELP_BRIEF);
+		return;
+	}
+	switch (opts.command) {
+		case "lookup":
+			await handleLookup(opts);
+			break;
+		case "verify":
+			await handleVerify(opts);
+			break;
+		case "serve":
+			serve(opts.port);
+			break;
+		default:
+			error(`Unknown command: ${opts.command}`);
+			process.stdout.write(HELP_BRIEF);
+			process.exitCode = 2;
+	}
+}
+async function handleLookup(opts) {
+	if (!opts.target) {
+		error("Username required. Usage: lastgen <username>");
+		process.exitCode = 2;
+		return;
+	}
+	if (!opts.json && !opts.badge) info(`Looking up ${opts.target} on GitHub...`);
+	const [user, firstCommit] = await Promise.all([fetchUser(opts.target, opts.token), fetchFirstCommit(opts.target, opts.token)]);
+	const cert = await createCertificate(nodeHash, user, firstCommit);
+	if (opts.badge) displayBadgeMarkdown(cert);
+	else if (opts.json) displayJson(cert);
+	else displayCertificate(cert);
+}
+async function handleVerify(opts) {
+	if (!opts.target) {
+		error("Certificate file required. Usage: lastgen verify <file.json>");
+		process.exitCode = 2;
+		return;
+	}
+	if (!await verifyCertificate(opts.target, nodeHash, opts.token)) process.exitCode = 1;
+}
+//#endregion
+export { parseCli, run };