legacy-squad 1.0.0-beta.1

package/dist/cli.mjs

@@ -0,0 +1,1232 @@
+#!/usr/bin/env node
+
+// apps/cli/src/index.ts
+import { Command } from "commander";
+import path8 from "node:path";
+import { existsSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+
+// packages/agents/src/agent-definitions.ts
+var SECURITY_AGENT = {
+  id: "security-agent",
+  name: "Security Agent",
+  pillar: "security",
+  role: "Application security specialist for legacy mobile and web systems.",
+  expertise: [
+    "Authentication and session management",
+    "Secrets and credential handling",
+    "Data protection (PII, LGPD)",
+    "Insecure storage patterns",
+    "API security",
+    "Mobile-specific vulnerabilities"
+  ],
+  frameworks: ["OWASP MASVS V2", "OWASP ASVS", "CWE Top 25", "LGPD", "NIST SSDF"],
+  outputSections: [
+    "Authentication & Session Analysis",
+    "Secrets & Credential Management",
+    "Data Protection & Privacy",
+    "API Security Posture",
+    "Security Recommendations"
+  ],
+  instructions: `You are a Security Agent for the Legacy Squad Framework.
+
+## Your Role
+Analyze the provided codebase context and compliance findings to produce a deep security assessment. Go beyond pattern matching \u2014 understand authentication flows, data handling patterns, and architectural security decisions.
+
+## What You Receive
+1. **Repo Index** \u2014 project structure, stack, dependencies, integrations
+2. **Context Packs** \u2014 summarized source code from key modules
+3. **Compliance Findings** \u2014 deterministic findings already detected by the engine
+
+## What You Must Produce
+A structured security assessment with:
+- Confirmation or refinement of existing findings (add context the engine missed)
+- NEW findings that regex cannot detect (logic flaws, missing authorization, insecure flows)
+- Risk prioritization considering the production context
+- Specific, actionable remediation steps
+
+## Rules
+- Every claim must reference a specific file or pattern from the context
+- Never invent findings without evidence in the provided context
+- Severity must follow: critical > high > medium > low > info
+- Recommendations must be incremental (no "rewrite everything")
+- Consider LGPD compliance for any PII handling
+`
+};
+var ARCHITECTURE_AGENT = {
+  id: "architecture-agent",
+  name: "Architecture Agent",
+  pillar: "architecture",
+  role: "Software architecture specialist for legacy system evaluation.",
+  expertise: [
+    "Component and layer separation",
+    "Coupling and cohesion analysis",
+    "Integration patterns",
+    "State management architecture",
+    "Navigation and routing design",
+    "Dependency structure"
+  ],
+  frameworks: ["C4 Model", "Clean Architecture", "arc42", "ADR"],
+  outputSections: [
+    "Current Architecture Overview",
+    "Layer Separation Analysis",
+    "Coupling & Cohesion Assessment",
+    "Integration Points",
+    "Architecture Risks",
+    "Target Architecture Recommendations"
+  ],
+  instructions: `You are an Architecture Agent for the Legacy Squad Framework.
+
+## Your Role
+Analyze the codebase structure, dependencies, and integration points to map the current architecture and identify structural risks. Propose an incremental target architecture.
+
+## What You Must Produce
+- Current architecture description (layers, components, data flow)
+- Coupling analysis (which modules are tightly coupled and why)
+- Integration map (external services, APIs, databases)
+- Architecture risks (single points of failure, circular dependencies)
+- Target architecture proposal (incremental, not a rewrite)
+
+## Rules
+- Base all analysis on evidence from the Repo Index and Context Packs
+- Architecture proposals must be incremental \u2014 Production First principle
+- Identify the minimum viable decoupling steps
+- Use C4 terminology (Context, Container, Component) where applicable
+`
+};
+var LEGACY_CODE_AGENT = {
+  id: "legacy-code-agent",
+  name: "Legacy Code Agent",
+  pillar: "legacy_code",
+  role: "Code quality specialist for legacy codebase assessment.",
+  expertise: [
+    "Code complexity and cognitive load",
+    "Dead code and unused dependencies",
+    "Duplication patterns",
+    "Migration status (JS to TS)",
+    "Test coverage gaps",
+    "Error handling patterns"
+  ],
+  frameworks: ["Clean Code", "Sonar Rules", "Cognitive Complexity"],
+  outputSections: [
+    "Code Quality Overview",
+    "Complexity Hotspots",
+    "Migration Status",
+    "Duplication Analysis",
+    "Test Coverage Assessment",
+    "Refactoring Priorities"
+  ],
+  instructions: `You are a Legacy Code Agent for the Legacy Squad Framework.
+
+## Your Role
+Evaluate code quality, identify hotspots, assess migration status, and propose refactoring priorities that reduce risk incrementally.
+
+## What You Must Produce
+- Hotspot analysis (files with highest complexity/size/coupling)
+- Migration status (JS\u2192TS, old patterns\u2192new patterns)
+- Duplication patterns worth extracting
+- Test coverage assessment and priority areas
+- Ranked refactoring backlog with effort estimates
+
+## Rules
+- Before proposing refactoring, understand what the code does
+- Prioritize refactoring that reduces risk, not just improves aesthetics
+- Consider test coverage before recommending changes
+- Estimates should be relative (S/M/L), not absolute hours
+`
+};
+var BUSINESS_RULES_AGENT = {
+  id: "business-rules-agent",
+  name: "Business Rules Agent",
+  pillar: "business_rules",
+  role: "Domain logic specialist for extracting implicit business rules from legacy code.",
+  expertise: [
+    "Domain logic extraction",
+    "Validation rules",
+    "Permission and access patterns",
+    "Workflow and state machines",
+    "Exception handling as business logic",
+    "Configuration-driven behavior"
+  ],
+  frameworks: ["DDD", "Event Storming", "User Story Mapping"],
+  outputSections: [
+    "Business Domain Overview",
+    "Extracted Business Rules",
+    "Validation Rules Catalog",
+    "Permission Model",
+    "Implicit Rules (hidden in code)",
+    "Rules Documentation Recommendations"
+  ],
+  instructions: `You are a Business Rules Agent for the Legacy Squad Framework.
+
+## Your Role
+Extract business rules hidden in the legacy code. Legacy systems often encode critical business logic in conditionals, validations, and error handling that is never documented.
+
+## What You Must Produce
+- Catalog of explicit business rules (validations, permissions, flows)
+- Catalog of IMPLICIT rules (hidden in conditionals, catch blocks, API responses)
+- Domain model overview (key entities and relationships)
+- Rules that must be preserved during modernization
+
+## Rules
+- Every extracted rule must cite the source file and line
+- Distinguish between business rules and technical implementation details
+- Flag rules that seem accidental vs intentional
+- Use domain language, not technical jargon
+`
+};
+var MODERNIZATION_AGENT = {
+  id: "modernization-agent",
+  name: "Modernization Agent",
+  pillar: "modernization",
+  role: "Modernization strategy specialist for incremental legacy evolution.",
+  expertise: [
+    "Strangler Fig pattern",
+    "Branch by Abstraction",
+    "Progressive Delivery",
+    "Stack upgrade planning",
+    "Risk-based prioritization",
+    "Deployability assessment"
+  ],
+  frameworks: ["Strangler Fig", "Branch by Abstraction", "Progressive Delivery", "Feature Flags"],
+  outputSections: [
+    "Modernization Strategy",
+    "Phase Roadmap",
+    "Stack Upgrade Plan",
+    "Risk Matrix",
+    "Rollback Strategy",
+    "Execution Readiness Score"
+  ],
+  instructions: `You are a Modernization Agent for the Legacy Squad Framework.
+
+## Your Role
+Synthesize findings from all other agents into a concrete, phased modernization plan. Every recommendation must be incremental, reversible, and deployable.
+
+## What You Must Produce
+- Recommended modernization strategy (Strangler Fig, Branch by Abstraction, etc.)
+- Phased roadmap (Foundation \u2192 Core \u2192 Evolution)
+- Stack upgrade plan with risk assessment
+- Deployability Score per phase (1-10)
+- Execution Readiness Score (0-100)
+
+## Rules
+- No big-bang rewrites \u2014 every phase must be deployable independently
+- Consider production risk in every recommendation
+- Rollback strategy is mandatory for every phase
+- Human approval required for high-risk changes
+`
+};
+var ALL_AGENTS = [
+  SECURITY_AGENT,
+  ARCHITECTURE_AGENT,
+  LEGACY_CODE_AGENT,
+  BUSINESS_RULES_AGENT,
+  MODERNIZATION_AGENT
+];
+
+// packages/agents/src/installer.ts
+import { writeFile, mkdir, readFile as readFile2 } from "node:fs/promises";
+import path6 from "node:path";
+
+// packages/scanner/src/node-filesystem.ts
+import { readdir, readFile, stat } from "node:fs/promises";
+import path from "node:path";
+var IGNORED_DIRS = /* @__PURE__ */ new Set([
+  "node_modules",
+  ".git",
+  "dist",
+  "build",
+  ".next",
+  "vendor",
+  "__pycache__",
+  ".gradle",
+  "bin",
+  "obj",
+  "coverage",
+  ".legacy-squad"
+]);
+var NodeFileSystem = class {
+  async readDir(dirPath) {
+    const entries = await readdir(dirPath, { withFileTypes: true });
+    return entries.filter((e) => !IGNORED_DIRS.has(e.name)).map((e) => path.join(dirPath, e.name));
+  }
+  async readFile(filePath) {
+    return readFile(filePath, "utf-8");
+  }
+  async stat(filePath) {
+    const s = await stat(filePath);
+    return { size: s.size, isDirectory: s.isDirectory() };
+  }
+  async exists(filePath) {
+    try {
+      await stat(filePath);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async glob(rootPath, pattern) {
+    const results = [];
+    await this.walkForGlob(rootPath, pattern, results);
+    return results;
+  }
+  async walkForGlob(dir, pattern, results) {
+    const entries = await readdir(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (IGNORED_DIRS.has(entry.name)) continue;
+      const fullPath = path.join(dir, entry.name);
+      if (entry.isDirectory()) {
+        await this.walkForGlob(fullPath, pattern, results);
+      } else if (entry.name.match(pattern)) {
+        results.push(fullPath);
+      }
+    }
+  }
+};
+
+// packages/scanner/src/repo-scanner.ts
+import path3 from "node:path";
+
+// packages/scanner/src/stack-detector.ts
+import path2 from "node:path";
+var packageJsonDetector = {
+  filename: "package.json",
+  detect(content, filePath) {
+    const pkg = JSON.parse(content);
+    const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+    const stack = [];
+    const dependencies = [];
+    let projectType = "backend";
+    for (const [name, version] of Object.entries(pkg.dependencies ?? {})) {
+      dependencies.push({
+        name,
+        version: String(version),
+        manager: "npm",
+        scope: "runtime"
+      });
+    }
+    for (const [name, version] of Object.entries(pkg.devDependencies ?? {})) {
+      dependencies.push({
+        name,
+        version: String(version),
+        manager: "npm",
+        scope: "dev"
+      });
+    }
+    if (allDeps["react-native"]) {
+      stack.push({ name: "react-native", type: "framework", version: String(allDeps["react-native"]), source: filePath });
+      projectType = "mobile";
+    }
+    if (allDeps["expo"]) {
+      stack.push({ name: "expo", type: "framework", version: String(allDeps["expo"]), source: filePath });
+      projectType = "mobile";
+    }
+    if (allDeps["react"] && !allDeps["react-native"]) {
+      stack.push({ name: "react", type: "framework", version: String(allDeps["react"]), source: filePath });
+      projectType = "frontend";
+    }
+    if (allDeps["next"]) {
+      stack.push({ name: "next", type: "framework", version: String(allDeps["next"]), source: filePath });
+      projectType = "fullstack";
+    }
+    if (allDeps["express"]) {
+      stack.push({ name: "express", type: "framework", version: String(allDeps["express"]), source: filePath });
+      projectType = "backend";
+    }
+    if (allDeps["typescript"]) {
+      stack.push({ name: "typescript", type: "language", version: String(allDeps["typescript"]), source: filePath });
+    }
+    if (allDeps["mobx"]) {
+      stack.push({ name: "mobx", type: "library", version: String(allDeps["mobx"]), source: filePath });
+    }
+    if (allDeps["axios"]) {
+      stack.push({ name: "axios", type: "library", version: String(allDeps["axios"]), source: filePath });
+    }
+    if (allDeps["styled-components"]) {
+      stack.push({ name: "styled-components", type: "library", version: String(allDeps["styled-components"]), source: filePath });
+    }
+    const nodeVersion = pkg.engines?.node ?? "unknown";
+    stack.push({ name: "node", type: "runtime", version: nodeVersion, source: filePath });
+    return {
+      stack,
+      dependencies,
+      projectType,
+      projectName: pkg.name ?? path2.basename(path2.dirname(filePath))
+    };
+  }
+};
+var composerJsonDetector = {
+  filename: "composer.json",
+  detect(content, filePath) {
+    const composer = JSON.parse(content);
+    const stack = [
+      { name: "php", type: "language", version: composer.require?.php ?? "unknown", source: filePath }
+    ];
+    const dependencies = [];
+    for (const [name, version] of Object.entries(composer.require ?? {})) {
+      if (name === "php") continue;
+      dependencies.push({ name, version: String(version), manager: "composer", scope: "runtime" });
+      if (name === "laravel/framework") {
+        stack.push({ name: "laravel", type: "framework", version: String(version), source: filePath });
+      }
+    }
+    return { stack, dependencies, projectType: "backend", projectName: composer.name ?? "php-project" };
+  }
+};
+var csprojDetector = {
+  filename: ".csproj",
+  detect(content, filePath) {
+    const stack = [];
+    const dependencies = [];
+    const tfmMatch = content.match(/<TargetFramework>(.*?)<\/TargetFramework>/);
+    if (tfmMatch) {
+      stack.push({ name: "dotnet", type: "runtime", version: tfmMatch[1], source: filePath });
+    }
+    const pkgRefRegex = /<PackageReference\s+Include="([^"]+)"\s+Version="([^"]+)"/g;
+    let match;
+    while ((match = pkgRefRegex.exec(content)) !== null) {
+      dependencies.push({ name: match[1], version: match[2], manager: "nuget", scope: "runtime" });
+    }
+    return { stack, dependencies, projectType: "backend", projectName: path2.basename(filePath, ".csproj") };
+  }
+};
+var pomXmlDetector = {
+  filename: "pom.xml",
+  detect(content, filePath) {
+    const stack = [
+      { name: "java", type: "language", version: "unknown", source: filePath }
+    ];
+    const dependencies = [];
+    if (content.includes("spring-boot")) {
+      stack.push({ name: "spring-boot", type: "framework", version: "detected", source: filePath });
+    }
+    return { stack, dependencies, projectType: "backend", projectName: "java-project" };
+  }
+};
+var ALL_DETECTORS = [
+  packageJsonDetector,
+  composerJsonDetector,
+  csprojDetector,
+  pomXmlDetector
+];
+var MANIFEST_FILES = ALL_DETECTORS.map((d) => d.filename);
+async function detectFromManifests(rootPath, fs) {
+  for (const detector of ALL_DETECTORS) {
+    if (detector.filename === ".csproj") {
+      const files = await fs.glob(rootPath, /\.csproj$/.source);
+      if (files.length > 0) {
+        const content = await fs.readFile(files[0]);
+        return detector.detect(content, files[0]);
+      }
+      continue;
+    }
+    const manifestPath = path2.join(rootPath, detector.filename);
+    if (await fs.exists(manifestPath)) {
+      const content = await fs.readFile(manifestPath);
+      return detector.detect(content, manifestPath);
+    }
+  }
+  return null;
+}
+async function detectFromExtensions(rootPath, fs) {
+  const extensionMap = {
+    "\\.tsx?$": { name: "typescript", type: "language", version: "detected", source: "file-extensions" },
+    "\\.jsx?$": { name: "javascript", type: "language", version: "detected", source: "file-extensions" },
+    "\\.php$": { name: "php", type: "language", version: "detected", source: "file-extensions" },
+    "\\.cs$": { name: "csharp", type: "language", version: "detected", source: "file-extensions" },
+    "\\.java$": { name: "java", type: "language", version: "detected", source: "file-extensions" },
+    "\\.py$": { name: "python", type: "language", version: "detected", source: "file-extensions" },
+    "\\.dart$": { name: "dart", type: "language", version: "detected", source: "file-extensions" }
+  };
+  const detected = [];
+  for (const [pattern, item] of Object.entries(extensionMap)) {
+    const files = await fs.glob(rootPath, pattern);
+    if (files.length > 0) {
+      detected.push(item);
+    }
+  }
+  return detected;
+}
+
+// packages/scanner/src/repo-scanner.ts
+function toPosix(p) {
+  return p.replace(/\\/g, "/");
+}
+var SOURCE_EXTENSIONS = /\.(tsx?|jsx?|php|cs|java|py|dart|vue|svelte)$/;
+var LARGE_FILE_THRESHOLD = 1e4;
+var RepoScanner = class {
+  constructor(fs) {
+    this.fs = fs;
+  }
+  fs;
+  async scan(rootPath) {
+    const manifestResult = await detectFromManifests(rootPath, this.fs);
+    let stack = manifestResult?.stack ?? [];
+    if (stack.length === 0) {
+      stack = await detectFromExtensions(rootPath, this.fs);
+    }
+    const projectName = manifestResult?.projectName ?? path3.basename(rootPath);
+    const projectType = manifestResult?.projectType ?? "backend";
+    const dependencies = manifestResult?.dependencies ?? [];
+    const sourceFiles = await this.collectSourceFiles(rootPath);
+    const modules = this.detectModules(rootPath, sourceFiles);
+    const entrypoints = this.detectEntrypoints(rootPath, sourceFiles, projectType);
+    const integrations = await this.detectIntegrations(rootPath, sourceFiles);
+    const hotspots = await this.detectHotspots(rootPath, sourceFiles);
+    return {
+      project: {
+        name: projectName,
+        type: projectType,
+        rootPath,
+        detectedAt: (/* @__PURE__ */ new Date()).toISOString()
+      },
+      stack,
+      modules,
+      entrypoints,
+      dependencies,
+      integrations,
+      hotspots
+    };
+  }
+  async collectSourceFiles(rootPath) {
+    return this.fs.glob(rootPath, SOURCE_EXTENSIONS.source);
+  }
+  detectModules(rootPath, files) {
+    const moduleMap = /* @__PURE__ */ new Map();
+    for (const file of files) {
+      const relative = toPosix(path3.relative(rootPath, file));
+      const parts = relative.split("/");
+      if (parts.length >= 2) {
+        const moduleKey = parts.slice(0, 2).join("/");
+        const existing = moduleMap.get(moduleKey) ?? [];
+        existing.push(file);
+        moduleMap.set(moduleKey, existing);
+      }
+    }
+    return Array.from(moduleMap.entries()).map(([modulePath, moduleFiles]) => ({
+      name: path3.basename(modulePath),
+      path: modulePath,
+      type: "module",
+      filesCount: moduleFiles.length,
+      summary: `Module with ${moduleFiles.length} source files`
+    }));
+  }
+  detectEntrypoints(rootPath, files, projectType) {
+    const entrypoints = [];
+    if (projectType === "mobile") {
+      for (const file of files) {
+        const relative = toPosix(path3.relative(rootPath, file));
+        if (relative.match(/src\/screens\/[^/]+\/index\.(tsx?|jsx?)$/)) {
+          const screenName = relative.split("/").slice(-2, -1)[0];
+          entrypoints.push({
+            type: "screen",
+            name: screenName,
+            path: relative,
+            method: "render"
+          });
+        }
+      }
+    }
+    for (const file of files) {
+      const relative = toPosix(path3.relative(rootPath, file));
+      if (relative.match(/^(index|main|App)\.(tsx?|jsx?|js)$/)) {
+        entrypoints.push({
+          type: "component",
+          name: path3.basename(relative),
+          path: relative,
+          method: "main"
+        });
+      }
+    }
+    return entrypoints;
+  }
+  async detectIntegrations(rootPath, files) {
+    const integrations = [];
+    const seen = /* @__PURE__ */ new Set();
+    for (const file of files) {
+      try {
+        const content = await this.fs.readFile(file);
+        const relative = toPosix(path3.relative(rootPath, file));
+        const urlMatches = content.matchAll(/https?:\/\/[^\s'"`,)]+/g);
+        for (const match of urlMatches) {
+          const url = match[0];
+          try {
+            const hostname = new URL(url).hostname;
+            if (!seen.has(hostname) && !hostname.includes("google.com/viewer")) {
+              seen.add(hostname);
+              integrations.push({
+                type: "api",
+                name: hostname,
+                evidence: url.substring(0, 100),
+                path: relative
+              });
+            }
+          } catch {
+          }
+        }
+        if (content.includes("firebase") || content.includes("Firebase")) {
+          if (!seen.has("firebase")) {
+            seen.add("firebase");
+            integrations.push({
+              type: "external_service",
+              name: "Firebase",
+              evidence: "Firebase SDK usage detected",
+              path: relative
+            });
+          }
+        }
+      } catch {
+      }
+    }
+    return integrations;
+  }
+  async detectHotspots(rootPath, files) {
+    const hotspots = [];
+    for (const file of files) {
+      try {
+        const s = await this.fs.stat(file);
+        const relative = toPosix(path3.relative(rootPath, file));
+        if (s.size > LARGE_FILE_THRESHOLD) {
+          hotspots.push({
+            path: relative,
+            reason: "large_file",
+            score: Math.min(Math.round(s.size / 1e3), 100)
+          });
+        }
+      } catch {
+      }
+    }
+    return hotspots.sort((a, b) => b.score - a.score).slice(0, 20);
+  }
+};
+
+// packages/context/src/context-builder.ts
+import path4 from "node:path";
+function toPosix2(p) {
+  return p.replace(/\\/g, "/");
+}
+var TOKENS_PER_CHAR = 0.25;
+var ContextBuilder = class {
+  constructor(fs) {
+    this.fs = fs;
+  }
+  fs;
+  async buildPacks(rootPath, repoIndex) {
+    const packs = [];
+    for (const mod of repoIndex.modules) {
+      const pack = await this.buildModulePack(rootPath, mod.name, mod.path, repoIndex);
+      packs.push(pack);
+    }
+    return packs;
+  }
+  async buildModulePack(rootPath, moduleName, modulePath, repoIndex) {
+    const fullModulePath = path4.join(rootPath, modulePath);
+    let keyFiles = [];
+    let totalSize = 0;
+    try {
+      const files = await this.fs.glob(fullModulePath, "\\.(tsx?|jsx?|php|cs|java)$");
+      keyFiles = files.map((f) => toPosix2(path4.relative(rootPath, f))).slice(0, 10);
+      for (const file of files.slice(0, 10)) {
+        try {
+          const stat3 = await this.fs.stat(file);
+          totalSize += stat3.size;
+        } catch {
+        }
+      }
+    } catch {
+    }
+    const moduleEntrypoints = repoIndex.entrypoints.filter((e) => e.path.startsWith(modulePath)).map((e) => `${e.type}: ${e.name}`);
+    const moduleDeps = repoIndex.dependencies.slice(0, 5).map((d) => d.name);
+    return {
+      id: `${moduleName}.context`,
+      module: moduleName,
+      summary: `Module ${moduleName} with ${keyFiles.length} key files.`,
+      keyFiles,
+      entrypoints: moduleEntrypoints,
+      dependencies: moduleDeps,
+      risks: [],
+      tokenEstimate: Math.round(totalSize * TOKENS_PER_CHAR)
+    };
+  }
+};
+
+// packages/rules/src/compliance-engine.ts
+import path5 from "node:path";
+
+// packages/rules/src/rule-catalog.ts
+var SECURITY_RULES = [
+  {
+    id: "SEC-CRED-001",
+    title: "Hardcoded credentials in source code",
+    category: "security",
+    severity: "critical",
+    appliesTo: ["react-native", "node", "mobile", "backend", "frontend"],
+    frameworks: ["OWASP MASVS V2", "CWE-798"],
+    detection: {
+      type: "pattern",
+      patterns: [
+        `password\\s*[:=]\\s*['"][^\\s'"]{4,}['"]`,
+        `senha\\s*[:=]\\s*['"][^\\s'"]{4,}['"]`,
+        `secret\\s*[:=]\\s*['"][^\\s'"]{4,}['"]`,
+        `api_?key\\s*[:=]\\s*['"][^\\s'"]{4,}['"]`
+      ]
+    },
+    impact: "Credentials can be extracted from app binary or source repository, enabling unauthorized access.",
+    recommendation: "Move all credentials to environment variables, secure vault (Azure Key Vault, AWS Secrets Manager), or expo-secure-store for mobile."
+  },
+  {
+    id: "SEC-CRED-002",
+    title: "Keystore or signing certificate committed to repository",
+    category: "security",
+    severity: "high",
+    appliesTo: ["react-native", "mobile", "android"],
+    frameworks: ["OWASP MASVS V2", "CWE-312"],
+    detection: {
+      type: "filename",
+      patterns: [
+        "\\.keystore$",
+        "\\.jks$",
+        "google-services\\.json$",
+        "GoogleService-Info\\.plist$"
+      ]
+    },
+    impact: "Signing keys or service credentials exposed in version control may allow app impersonation or unauthorized API access.",
+    recommendation: "Remove from repository, add to .gitignore, and distribute via secure CI/CD secrets."
+  },
+  {
+    id: "SEC-LOG-001",
+    title: "Console.log active in production code",
+    category: "security",
+    severity: "medium",
+    appliesTo: ["react-native", "node", "mobile", "frontend"],
+    frameworks: ["OWASP MASVS V2", "CWE-532"],
+    detection: {
+      type: "pattern",
+      patterns: ["console\\.log\\("]
+    },
+    impact: "Sensitive data (tokens, user info, API responses) may leak to device logs accessible by other apps or debugging tools.",
+    recommendation: "Replace console.log with a logger that strips output in production builds, or use crashlytics().recordError() for error tracking."
+  },
+  {
+    id: "SEC-LOG-002",
+    title: "Sensitive data (CPF/PII) logged or sent to external service",
+    category: "security",
+    severity: "high",
+    appliesTo: ["react-native", "node", "mobile", "backend"],
+    frameworks: ["OWASP MASVS V2", "CWE-532", "LGPD"],
+    detection: {
+      type: "pattern",
+      patterns: [
+        "cpf[^a-zA-Z].*(?:log|set|ref|database|send)",
+        "_CPF.*(?:log|set|ref|database|send)",
+        "generateRawCPF"
+      ]
+    },
+    impact: "PII (CPF) transmitted or logged without masking violates data protection regulations (LGPD) and may expose user identity.",
+    recommendation: "Mask PII before logging. Never send raw CPF to external services. Use anonymized identifiers for analytics."
+  },
+  {
+    id: "SEC-ERR-001",
+    title: "Empty catch block swallowing errors silently",
+    category: "security",
+    severity: "medium",
+    appliesTo: ["react-native", "node", "mobile", "frontend", "backend"],
+    frameworks: ["CWE-390", "Clean Code"],
+    detection: {
+      type: "pattern",
+      patterns: [
+        "catch\\s*\\([^)]*\\)\\s*\\{\\s*\\}",
+        "catch\\s*\\{\\s*\\}"
+      ]
+    },
+    impact: "Errors are silently discarded, masking bugs and security issues in production.",
+    recommendation: "Log errors to a monitoring service (Sentry, Crashlytics). Never leave catch blocks empty."
+  },
+  {
+    id: "SEC-STORE-001",
+    title: "Token stored in insecure storage (AsyncStorage)",
+    category: "security",
+    severity: "high",
+    appliesTo: ["react-native", "mobile"],
+    frameworks: ["OWASP MASVS V2"],
+    detection: {
+      type: "pattern",
+      patterns: [
+        `AsyncStorage\\.setItem\\s*\\(\\s*['"](?:token|access_token|refresh_token|api_key)`
+      ]
+    },
+    impact: "Authentication tokens in AsyncStorage are accessible to other apps on rooted devices.",
+    recommendation: "Use expo-secure-store, react-native-keychain, or native Keychain/Keystore APIs."
+  }
+];
+var CODE_QUALITY_RULES = [
+  {
+    id: "CQ-MIX-001",
+    title: "Mixed JavaScript and TypeScript files in same module",
+    category: "legacy_code",
+    severity: "low",
+    appliesTo: ["react-native", "node", "frontend"],
+    frameworks: ["Clean Code"],
+    detection: {
+      type: "structure",
+      patterns: ["mixed-js-ts"]
+    },
+    impact: "Inconsistent typing reduces IDE support and increases risk of runtime errors.",
+    recommendation: "Complete TypeScript migration module by module. Prioritize modules with business logic."
+  },
+  {
+    id: "CQ-DEP-001",
+    title: "Transitive dependency used without explicit declaration",
+    category: "legacy_code",
+    severity: "medium",
+    appliesTo: ["react-native", "node", "frontend"],
+    frameworks: ["Clean Code"],
+    detection: {
+      type: "pattern",
+      patterns: [
+        `require\\(['"](?:prop-types|lodash|sprintf-js|payment|react-native-flip-card|react-native-animatable)['"]\\)`,
+        `from\\s+['"](?:prop-types|lodash|sprintf-js|payment|react-native-flip-card|react-native-animatable)['"]`
+      ]
+    },
+    impact: "Transitive dependencies may be removed in future updates, causing silent breakage.",
+    recommendation: "Declare all used packages explicitly in package.json or replace with native alternatives."
+  }
+];
+var ALL_RULES = [...SECURITY_RULES, ...CODE_QUALITY_RULES];
+
+// packages/rules/src/compliance-engine.ts
+function toPosix3(p) {
+  return p.replace(/\\/g, "/");
+}
+var SEVERITY_TO_PRIORITY = {
+  critical: "P0",
+  high: "P1",
+  medium: "P2",
+  low: "P3",
+  info: "P4"
+};
+var SOURCE_EXTENSIONS2 = /\.(tsx?|jsx?|php|cs|java|py|dart)$/;
+var ComplianceEngine = class {
+  constructor(fs) {
+    this.fs = fs;
+  }
+  fs;
+  loadRules() {
+    return ALL_RULES;
+  }
+  async evaluate(rootPath, repoIndex) {
+    const applicableRules = this.filterApplicableRules(repoIndex);
+    const allFiles = await this.collectAllFiles(rootPath);
+    const findings = [];
+    for (const rule of applicableRules) {
+      const ruleFindings = await this.evaluateRule(rule, rootPath, allFiles);
+      findings.push(...ruleFindings);
+    }
+    return this.deduplicateFindings(findings);
+  }
+  filterApplicableRules(repoIndex) {
+    const projectTags = /* @__PURE__ */ new Set();
+    projectTags.add(repoIndex.project.type);
+    for (const item of repoIndex.stack) {
+      projectTags.add(item.name);
+    }
+    return ALL_RULES.filter(
+      (rule) => rule.appliesTo.some((tag) => projectTags.has(tag))
+    );
+  }
+  async collectAllFiles(rootPath) {
+    return this.fs.glob(rootPath, SOURCE_EXTENSIONS2.source);
+  }
+  async evaluateRule(rule, rootPath, files) {
+    switch (rule.detection.type) {
+      case "pattern":
+        return this.evaluatePatternRule(rule, rootPath, files);
+      case "filename":
+        return this.evaluateFilenameRule(rule, rootPath, files);
+      case "structure":
+        return this.evaluateStructureRule(rule, rootPath, files);
+      default:
+        return [];
+    }
+  }
+  async evaluatePatternRule(rule, rootPath, files) {
+    const allEvidence = [];
+    for (const file of files) {
+      try {
+        const content = await this.fs.readFile(file);
+        const lines = content.split("\n");
+        const relative = toPosix3(path5.relative(rootPath, file));
+        for (const pattern of rule.detection.patterns) {
+          const regex = new RegExp(pattern, "gi");
+          for (let i = 0; i < lines.length; i++) {
+            if (regex.test(lines[i])) {
+              allEvidence.push({
+                file: relative,
+                line: i + 1,
+                snippet: lines[i].trim().substring(0, 120)
+              });
+            }
+            regex.lastIndex = 0;
+          }
+        }
+      } catch {
+      }
+    }
+    if (allEvidence.length === 0) return [];
+    return [{
+      id: rule.id,
+      title: rule.title,
+      pillar: rule.category,
+      severity: rule.severity,
+      evidence: allEvidence.slice(0, 10),
+      frameworks: rule.frameworks,
+      impact: rule.impact,
+      recommendation: rule.recommendation,
+      priority: SEVERITY_TO_PRIORITY[rule.severity]
+    }];
+  }
+  async evaluateFilenameRule(rule, rootPath, _files) {
+    const allEvidence = [];
+    for (const pattern of rule.detection.patterns) {
+      const matchingFiles = await this.fs.glob(rootPath, pattern);
+      for (const file of matchingFiles) {
+        const relative = toPosix3(path5.relative(rootPath, file));
+        allEvidence.push({
+          file: relative,
+          line: 0,
+          snippet: `File matches sensitive pattern: ${pattern}`
+        });
+      }
+    }
+    if (allEvidence.length === 0) return [];
+    return [{
+      id: rule.id,
+      title: rule.title,
+      pillar: rule.category,
+      severity: rule.severity,
+      evidence: allEvidence,
+      frameworks: rule.frameworks,
+      impact: rule.impact,
+      recommendation: rule.recommendation,
+      priority: SEVERITY_TO_PRIORITY[rule.severity]
+    }];
+  }
+  async evaluateStructureRule(rule, rootPath, files) {
+    if (rule.detection.patterns.includes("mixed-js-ts")) {
+      return this.checkMixedJsTs(rule, rootPath, files);
+    }
+    return [];
+  }
+  async checkMixedJsTs(rule, rootPath, files) {
+    const hasJs = files.some((f) => f.endsWith(".js") || f.endsWith(".jsx"));
+    const hasTs = files.some((f) => f.endsWith(".ts") || f.endsWith(".tsx"));
+    if (!hasJs || !hasTs) return [];
+    const jsFiles = files.filter((f) => f.endsWith(".js") || f.endsWith(".jsx"));
+    return [{
+      id: rule.id,
+      title: rule.title,
+      pillar: rule.category,
+      severity: rule.severity,
+      evidence: jsFiles.slice(0, 5).map((f) => ({
+        file: toPosix3(path5.relative(rootPath, f)),
+        line: 0,
+        snippet: "JavaScript file in a TypeScript project"
+      })),
+      frameworks: rule.frameworks,
+      impact: rule.impact,
+      recommendation: rule.recommendation,
+      priority: SEVERITY_TO_PRIORITY[rule.severity]
+    }];
+  }
+  deduplicateFindings(findings) {
+    const seen = /* @__PURE__ */ new Set();
+    return findings.filter((f) => {
+      if (seen.has(f.id)) return false;
+      seen.add(f.id);
+      return true;
+    });
+  }
+};
+
+// packages/agents/src/installer.ts
+var Installer = class {
+  /**
+   * Instala o Legacy Squad Framework dentro do projeto alvo.
+   * Escaneia o repo, gera dados, instala agentes como slash commands.
+   */
+  async install(projectRoot, templateDir) {
+    const fs = new NodeFileSystem();
+    const scanner = new RepoScanner(fs);
+    const repoIndex = await scanner.scan(projectRoot);
+    const compliance = new ComplianceEngine(fs);
+    const findings = await compliance.evaluate(projectRoot, repoIndex);
+    const contextBuilder = new ContextBuilder(fs);
+    const contextPacks = await contextBuilder.buildPacks(projectRoot, repoIndex);
+    const memoryDir = path6.join(projectRoot, ".legacy-squad", "memory");
+    await mkdir(memoryDir, { recursive: true });
+    const repoIndexPath = path6.join(memoryDir, "repo-index.json");
+    const findingsPath = path6.join(memoryDir, "findings.json");
+    const contextPacksPath = path6.join(memoryDir, "context-packs.json");
+    await writeFile(repoIndexPath, JSON.stringify(repoIndex, null, 2), "utf-8");
+    await writeFile(findingsPath, JSON.stringify(findings, null, 2), "utf-8");
+    await writeFile(contextPacksPath, JSON.stringify(contextPacks, null, 2), "utf-8");
+    const configDir = path6.join(projectRoot, ".legacy-squad", "config");
+    await mkdir(configDir, { recursive: true });
+    const projectConfig = {
+      project: {
+        name: repoIndex.project.name,
+        type: repoIndex.project.type,
+        stack: repoIndex.stack.map((s) => s.name)
+      },
+      scope: {
+        mode: "full-project",
+        exclude: ["node_modules", "build", "dist", ".git", "vendor"]
+      },
+      pillars: {
+        security: true,
+        architecture: true,
+        legacy_code: true,
+        business_rules: true,
+        modernization: true
+      },
+      mode: { execution: "read_only" },
+      ide: { primary: "claude-code" },
+      installed_at: (/* @__PURE__ */ new Date()).toISOString(),
+      framework_version: "1.0.0"
+    };
+    await writeFile(
+      path6.join(configDir, "project.yaml"),
+      this.toYaml(projectConfig),
+      "utf-8"
+    );
+    await mkdir(path6.join(projectRoot, ".legacy-squad", "outputs", "reports"), { recursive: true });
+    await mkdir(path6.join(projectRoot, ".legacy-squad", "outputs", "assessments"), { recursive: true });
+    await mkdir(path6.join(projectRoot, ".legacy-squad", "logs"), { recursive: true });
+    const claudeCommandsDir = path6.join(projectRoot, ".claude", "commands", "legacy-squad");
+    await mkdir(claudeCommandsDir, { recursive: true });
+    await this.copySlashCommands(templateDir, claudeCommandsDir);
+    await this.generateAgentsMd(projectRoot, repoIndex.project.name);
+    const logContent = [
+      `Legacy Squad Framework \u2014 Install Log`,
+      `Date: ${(/* @__PURE__ */ new Date()).toISOString()}`,
+      `Project: ${repoIndex.project.name}`,
+      `Type: ${repoIndex.project.type}`,
+      `Stack: ${repoIndex.stack.map((s) => s.name).join(", ")}`,
+      `Modules: ${repoIndex.modules.length}`,
+      `Dependencies: ${repoIndex.dependencies.length}`,
+      `Findings: ${findings.length}`,
+      `Context Packs: ${contextPacks.length}`,
+      `Agents installed: ${ALL_AGENTS.length}`
+    ].join("\n");
+    await writeFile(
+      path6.join(projectRoot, ".legacy-squad", "logs", "install.log"),
+      logContent,
+      "utf-8"
+    );
+    return {
+      repoIndexPath,
+      findingsPath,
+      contextPacksPath,
+      agentCount: ALL_AGENTS.length,
+      findingCount: findings.length,
+      stackNames: repoIndex.stack.map((s) => s.name),
+      moduleCount: repoIndex.modules.length,
+      dependencyCount: repoIndex.dependencies.length
+    };
+  }
+  async copySlashCommands(templateDir, targetDir) {
+    const commandFiles = [
+      "security.md",
+      "architecture.md",
+      "legacy-code.md",
+      "business-rules.md",
+      "modernization.md",
+      "generate-prs.md",
+      "scan.md"
+    ];
+    for (const file of commandFiles) {
+      const sourcePath = path6.join(templateDir, file);
+      const targetPath = path6.join(targetDir, file);
+      try {
+        const content = await readFile2(sourcePath, "utf-8");
+        await writeFile(targetPath, content, "utf-8");
+      } catch {
+      }
+    }
+  }
+  async generateAgentsMd(projectRoot, projectName) {
+    const lines = [
+      `# Legacy Squad Agents \u2014 ${projectName}`,
+      "",
+      "Este arquivo define os agentes do Legacy Squad Framework para Codex CLI.",
+      "Ative um agente com: `@legacy-squad-{nome}`",
+      ""
+    ];
+    for (const agent of ALL_AGENTS) {
+      lines.push(`## ${agent.name} (@legacy-squad-${agent.id.replace("-agent", "")})`);
+      lines.push("");
+      lines.push(`**Role:** ${agent.role}`);
+      lines.push(`**Pillar:** ${agent.pillar}`);
+      lines.push(`**Frameworks:** ${agent.frameworks.join(", ")}`);
+      lines.push("");
+      lines.push("Leia `.legacy-squad/memory/` para contexto e produza o assessment em `.legacy-squad/outputs/assessments/`.");
+      lines.push("");
+    }
+    await writeFile(path6.join(projectRoot, "AGENTS.md"), lines.join("\n"), "utf-8");
+  }
+  toYaml(obj, indent = 0) {
+    const lines = [];
+    const prefix = "  ".repeat(indent);
+    for (const [key, value] of Object.entries(obj)) {
+      if (value === null || value === void 0) continue;
+      if (typeof value === "object" && !Array.isArray(value)) {
+        lines.push(`${prefix}${key}:`);
+        lines.push(this.toYaml(value, indent + 1));
+      } else if (Array.isArray(value)) {
+        lines.push(`${prefix}${key}:`);
+        for (const item of value) {
+          lines.push(`${prefix}  - ${item}`);
+        }
+      } else {
+        lines.push(`${prefix}${key}: ${value}`);
+      }
+    }
+    return lines.join("\n");
+  }
+};
+
+// packages/agents/src/doctor.ts
+import { stat as stat2 } from "node:fs/promises";
+import path7 from "node:path";
+var Doctor = class {
+  async check(projectRoot) {
+    const checks = [];
+    checks.push(await this.checkFile(projectRoot, ".legacy-squad/memory/repo-index.json", "Repo Index"));
+    checks.push(await this.checkFile(projectRoot, ".legacy-squad/memory/findings.json", "Findings"));
+    checks.push(await this.checkFile(projectRoot, ".legacy-squad/memory/context-packs.json", "Context Packs"));
+    checks.push(await this.checkFile(projectRoot, ".legacy-squad/config/project.yaml", "Project Config"));
+    checks.push(await this.checkDir(projectRoot, ".claude/commands/legacy-squad", "Claude Code Agents"));
+    checks.push(await this.checkFile(projectRoot, "AGENTS.md", "Codex AGENTS.md"));
+    checks.push(await this.checkDir(projectRoot, ".legacy-squad/outputs/assessments", "Assessments Dir"));
+    checks.push(await this.checkDir(projectRoot, ".legacy-squad/outputs/reports", "Reports Dir"));
+    return checks;
+  }
+  async checkFile(root, relativePath, label) {
+    try {
+      const fullPath = path7.join(root, relativePath);
+      const s = await stat2(fullPath);
+      if (s.size === 0) {
+        return { name: label, status: "warning", message: `${relativePath} exists but is empty` };
+      }
+      return { name: label, status: "ok", message: `${relativePath} \u2713` };
+    } catch {
+      return { name: label, status: "error", message: `${relativePath} not found` };
+    }
+  }
+  async checkDir(root, relativePath, label) {
+    try {
+      const fullPath = path7.join(root, relativePath);
+      const s = await stat2(fullPath);
+      if (!s.isDirectory()) {
+        return { name: label, status: "error", message: `${relativePath} is not a directory` };
+      }
+      return { name: label, status: "ok", message: `${relativePath} \u2713` };
+    } catch {
+      return { name: label, status: "error", message: `${relativePath} not found` };
+    }
+  }
+};
+
+// apps/cli/src/index.ts
+var program = new Command();
+function getTemplateDir() {
+  const cliDir = path8.dirname(fileURLToPath(import.meta.url));
+  const bundledPath = path8.resolve(cliDir, "templates", "claude-commands");
+  if (existsSync(bundledPath)) return bundledPath;
+  const devPath = path8.resolve(cliDir, "..", "..", "..", "templates", "claude-commands");
+  if (existsSync(devPath)) return devPath;
+  throw new Error("Templates not found. Run from the framework root or use the published package.");
+}
+program.name("legacy-squad").description("AI-Powered Legacy Modernization Platform \u2014 Understand. Plan. Modernize.").version("1.0.0");
+program.command("install").description("Install Legacy Squad Framework inside the current project").option("-p, --path <dir>", "Project root directory", ".").action(async (opts) => {
+  const projectRoot = path8.resolve(opts.path);
+  const templateDir = getTemplateDir();
+  console.log("\n\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501");
+  console.log("  Legacy Squad Framework V1 \u2014 Install");
+  console.log("  Understand. Plan. Modernize.");
+  console.log("\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n");
+  console.log(`\u{1F4C2} Project: ${projectRoot}
+`);
+  console.log("\u{1F50D} Step 1/3 \u2014 Scanning & analyzing...");
+  const installer = new Installer();
+  const result = await installer.install(projectRoot, templateDir);
+  console.log(`   Stack: ${result.stackNames.join(", ")}`);
+  console.log(`   Modules: ${result.moduleCount} | Dependencies: ${result.dependencyCount}`);
+  console.log(`   Findings: ${result.findingCount}`);
+  console.log("\n\u{1F916} Step 2/3 \u2014 Installing agents...");
+  console.log(`   Claude Code: .claude/commands/legacy-squad/ (${result.agentCount} agents)`);
+  console.log("   Codex CLI:   AGENTS.md");
+  console.log("\n\u2705 Step 3/3 \u2014 Verifying installation...");
+  const doctor = new Doctor();
+  const checks = await doctor.check(projectRoot);
+  const errors = checks.filter((c) => c.status === "error");
+  const ok = checks.filter((c) => c.status === "ok");
+  console.log(`   ${ok.length}/${checks.length} checks passed`);
+  if (errors.length > 0) {
+    for (const e of errors) {
+      console.log(`   \u274C ${e.name}: ${e.message}`);
+    }
+  }
+  console.log("\n\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501");
+  console.log("  \u2705 Installation complete!");
+  console.log("");
+  console.log("  \u{1F4C2} Data:   .legacy-squad/memory/");
+  console.log("  \u{1F916} Agents: .claude/commands/legacy-squad/");
+  console.log("");
+  console.log("  Next steps:");
+  console.log("    1. Open Claude Code: claude");
+  console.log("    2. Run: /legacy-squad-security");
+  console.log("    3. Run: /legacy-squad-architecture");
+  console.log("    4. Run: /legacy-squad-generate-prs");
+  console.log("\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n");
+});
+program.command("scan").description("Re-scan the project and update .legacy-squad/memory/").option("-p, --path <dir>", "Project root directory", ".").action(async (opts) => {
+  const projectRoot = path8.resolve(opts.path);
+  console.log(`
+\u{1F50D} Re-scanning: ${projectRoot}
+`);
+  const fs = new NodeFileSystem();
+  const scanner = new RepoScanner(fs);
+  const repoIndex = await scanner.scan(projectRoot);
+  const compliance = new ComplianceEngine(fs);
+  const findings = await compliance.evaluate(projectRoot, repoIndex);
+  const { mkdir: mkdir2, writeFile: writeFile2 } = await import("node:fs/promises");
+  const memoryDir = path8.join(projectRoot, ".legacy-squad", "memory");
+  await mkdir2(memoryDir, { recursive: true });
+  await writeFile2(path8.join(memoryDir, "repo-index.json"), JSON.stringify(repoIndex, null, 2), "utf-8");
+  await writeFile2(path8.join(memoryDir, "findings.json"), JSON.stringify(findings, null, 2), "utf-8");
+  console.log(`\u2705 Stack: ${repoIndex.stack.map((s) => s.name).join(", ")}`);
+  console.log(`\u{1F4E6} Modules: ${repoIndex.modules.length}`);
+  console.log(`\u{1F512} Findings: ${findings.length}`);
+  console.log(`\u{1F4C4} Updated: .legacy-squad/memory/
+`);
+});
+program.command("doctor").description("Verify Legacy Squad installation health").option("-p, --path <dir>", "Project root directory", ".").action(async (opts) => {
+  const projectRoot = path8.resolve(opts.path);
+  console.log("\n\u{1FA7A} Legacy Squad Doctor\n");
+  const doctor = new Doctor();
+  const checks = await doctor.check(projectRoot);
+  for (const check of checks) {
+    const icon = check.status === "ok" ? "\u2705" : check.status === "warning" ? "\u26A0\uFE0F" : "\u274C";
+    console.log(`  ${icon} ${check.name}: ${check.message}`);
+  }
+  const errors = checks.filter((c) => c.status === "error");
+  if (errors.length > 0) {
+    console.log(`
+\u274C ${errors.length} issues found. Run 'npx legacy-squad install' to fix.
+`);
+  } else {
+    console.log("\n\u2705 All checks passed.\n");
+  }
+});
+program.parse();