paperfit-cli 1.0.0

package/scripts/package-for-opensource.sh

@@ -0,0 +1,138 @@
+#!/usr/bin/env bash
+#
+# PaperFit 开源打包脚本
+#
+# 功能：
+# 1. 清理所有本地数据、编译产物和个人配置
+# 2. 保留核心项目文件
+# 3. 生成干净的发布版本
+#
+# 用法：
+#   ./scripts/package-for-opensource.sh [目标目录]
+#
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
+TARGET_DIR="${1:-$PROJECT_ROOT/dist}"
+
+echo "============================================================"
+echo "PaperFit 开源打包脚本"
+echo "============================================================"
+echo ""
+echo "源目录：$PROJECT_ROOT"
+echo "目标目录：$TARGET_DIR"
+echo ""
+
+# 创建目标目录
+mkdir -p "$TARGET_DIR"
+
+# 定义需要复制的核心目录和文件
+CORE_DIRS=(
+    "agents"
+    "bin"
+    "config"
+    "docs"
+    "scripts"
+    "skills"
+)
+
+CORE_FILES=(
+    "CLAUDE.md"
+    "README.md"
+    "package.json"
+    "package-lock.json"
+    "requirements.txt"
+    ".gitignore"
+)
+
+# 定义需要排除的模式
+EXCLUDE_PATTERNS=(
+    "*.aux"
+    "*.log"
+    "*.out"
+    "*.bbl"
+    "*.blg"
+    "*.fls"
+    "*.fdb_latexmk"
+    "*.pdf"
+    "*.png"
+    "*.jpg"
+    "*.DS_Store"
+    "__pycache__"
+    "*.pyc"
+    "*.pyo"
+    ".DS_Store"
+)
+
+echo "正在复制核心文件..."
+
+# 复制核心目录
+for dir in "${CORE_DIRS[@]}"; do
+    if [ -d "$PROJECT_ROOT/$dir" ]; then
+        echo "  → 复制 $dir/"
+        cp -r "$PROJECT_ROOT/$dir" "$TARGET_DIR/"
+    fi
+done
+
+# 复制核心文件
+for file in "${CORE_FILES[@]}"; do
+    if [ -f "$PROJECT_ROOT/$file" ]; then
+        echo "  → 复制 $file"
+        cp "$PROJECT_ROOT/$file" "$TARGET_DIR/"
+    fi
+done
+
+# 复制 .claude 目录（排除敏感配置）
+echo "  → 复制 .claude/ (排除敏感配置)..."
+mkdir -p "$TARGET_DIR/.claude"
+if [ -d "$PROJECT_ROOT/.claude/commands" ]; then
+    cp -r "$PROJECT_ROOT/.claude/commands" "$TARGET_DIR/.claude/"
+fi
+# 不复制 settings.json 和 settings.local.json（包含个人配置）
+
+# 复制 data 目录的结构（不包含实际数据）
+echo "  → 创建 data/ 目录结构..."
+mkdir -p "$TARGET_DIR/data"
+mkdir -p "$TARGET_DIR/data/benchmarks/samples"
+
+# 如果有 sample 文件，可以选择性复制
+# if [ -d "$PROJECT_ROOT/data/benchmarks/samples" ]; then
+#     cp -r "$PROJECT_ROOT/data/benchmarks/samples" "$TARGET_DIR/data/benchmarks/"
+# fi
+
+# 清理编译产物
+echo ""
+echo "正在清理编译产物..."
+
+find "$TARGET_DIR" -type f -name "*.aux" -delete
+find "$TARGET_DIR" -type f -name "*.log" -delete
+find "$TARGET_DIR" -type f -name "*.out" -delete
+find "$TARGET_DIR" -type f -name "*.bbl" -delete
+find "$TARGET_DIR" -type f -name "*.blg" -delete
+find "$TARGET_DIR" -type f -name "*.fls" -delete
+find "$TARGET_DIR" -type f -name "*.fdb_latexmk" -delete
+find "$TARGET_DIR" -type f -name "*.pdf" -delete
+find "$TARGET_DIR" -type f -name "*.png" -delete
+find "$TARGET_DIR" -type f -name "*.jpg" -delete
+find "$TARGET_DIR" -type f -name ".DS_Store" -delete
+find "$TARGET_DIR" -type d -name "__pycache__" -exec rm -rf {} + 2>/dev/null || true
+find "$TARGET_DIR" -type f -name "*.pyc" -delete
+find "$TARGET_DIR" -type f -name "*.pyo" -delete
+
+echo ""
+echo "============================================================"
+echo "打包完成！"
+echo "============================================================"
+echo ""
+echo "发布的文件位于：$TARGET_DIR"
+echo ""
+echo "下一步操作："
+echo "  1. cd $TARGET_DIR"
+echo "  2. git init"
+echo "  3. git add -A"
+echo "  4. git commit -m 'Initial commit: PaperFit VTO System'"
+echo "  5. git remote add origin <your-repo-url>"
+echo "  6. git push -u origin main"
+echo ""

package/scripts/parse_log.py

@@ -0,0 +1,260 @@
+#!/usr/bin/env python3
+"""
+LaTeX 编译日志解析器
+
+解析 LaTeX 编译生成的 .log 文件，提取错误、警告、Overfull/Underfull hbox
+等信息，并输出结构化的 JSON 报告，供 rule-engine-agent 使用。
+
+用法:
+    python parse_log.py <log_file> [--output <json_file>] [--verbose]
+
+示例:
+    python parse_log.py compile.log --output log_report.json
+"""
+
+import re
+import json
+import argparse
+import sys
+from pathlib import Path
+from typing import List, Dict, Any, Optional
+
+
+class LogParser:
+    """LaTeX 日志解析器"""
+
+    def __init__(self, log_path: str):
+        self.log_path = Path(log_path)
+        self.content = ""
+        self.errors: List[Dict] = []
+        self.warnings: List[Dict] = []
+        self.overfull_hbox: List[Dict] = []
+        self.underfull_hbox: List[Dict] = []
+        self.undefined_refs: List[str] = []
+        self.citation_issues: List[str] = []
+        self.float_warnings: List[Dict] = []
+        self.package_warnings: List[Dict] = []
+        self.compile_success = True
+
+    def parse(self) -> Dict[str, Any]:
+        """执行完整解析，返回结构化报告"""
+        if not self.log_path.exists():
+            return {"error": f"Log file not found: {self.log_path}"}
+
+        with open(self.log_path, 'r', encoding='utf-8', errors='ignore') as f:
+            self.content = f.read()
+
+        self._check_compile_success()
+        self._extract_errors()
+        self._extract_overfull()
+        self._extract_underfull()
+        self._extract_undefined_references()
+        self._extract_citation_warnings()
+        self._extract_float_warnings()
+        self._extract_package_warnings()
+
+        return self._build_report()
+
+    def _check_compile_success(self) -> None:
+        """检查编译是否成功（日志中是否有 Fatal error）"""
+        # 常见成功标志
+        if "Output written on" in self.content:
+            self.compile_success = True
+        elif "Fatal error" in self.content or "Emergency stop" in self.content:
+            self.compile_success = False
+        else:
+            # 默认视为成功（可能日志不完整）
+            self.compile_success = True
+
+    def _extract_errors(self) -> None:
+        """提取 ! 开头的错误行"""
+        lines = self.content.split('\n')
+        for i, line in enumerate(lines):
+            if line.startswith('!'):
+                error = {
+                    "type": "LaTeX Error",
+                    "message": line[2:].strip(),
+                    "line": self._find_line_number(lines, i),
+                    "context": self._extract_context(lines, i)
+                }
+                self.errors.append(error)
+
+    def _extract_overfull(self) -> None:
+        """提取 Overfull \hbox 警告"""
+        pattern = r'Overfull \\hbox \(([0-9.]+)pt too wide\) (.*?)(?: at lines ([0-9]+(?:--[0-9]+)?))?'
+        matches = re.finditer(pattern, self.content, re.MULTILINE)
+
+        for match in matches:
+            overflow_pt = float(match.group(1))
+            context = match.group(2).strip()
+            lines_range = match.group(3) if match.group(3) else None
+
+            # 判断是否在表格对齐环境中
+            is_alignment = 'in alignment' in context
+
+            entry = {
+                "type": "Overfull hbox",
+                "subtype": "alignment" if is_alignment else "paragraph",
+                "overflow_pt": overflow_pt,
+                "context": context,
+                "lines": lines_range,
+                "severity": "major" if overflow_pt >= 5.0 else "minor"
+            }
+            self.overfull_hbox.append(entry)
+            self.warnings.append(entry)
+
+    def _extract_underfull(self) -> None:
+        """提取 Underfull \hbox 警告"""
+        pattern = r'Underfull \\hbox \(badness [0-9]+\) (.*?)(?: at lines ([0-9]+(?:--[0-9]+)?))?'
+        matches = re.finditer(pattern, self.content, re.MULTILINE)
+
+        for match in matches:
+            context = match.group(1).strip()
+            lines_range = match.group(2) if match.group(2) else None
+
+            entry = {
+                "type": "Underfull hbox",
+                "context": context,
+                "lines": lines_range,
+                "severity": "minor"
+            }
+            self.underfull_hbox.append(entry)
+            self.warnings.append(entry)
+
+    def _extract_undefined_references(self) -> None:
+        """提取未定义的引用警告"""
+        pattern = r'LaTeX Warning: Reference `([^`]+)\' undefined'
+        matches = re.finditer(pattern, self.content)
+
+        for match in matches:
+            ref = match.group(1)
+            self.undefined_refs.append(ref)
+            self.warnings.append({
+                "type": "Undefined reference",
+                "reference": ref,
+                "severity": "major"
+            })
+
+    def _extract_citation_warnings(self) -> None:
+        """提取未定义的引用警告"""
+        pattern = r'LaTeX Warning: Citation `([^`]+)\' .*undefined'
+        matches = re.finditer(pattern, self.content)
+
+        for match in matches:
+            cite = match.group(1)
+            self.citation_issues.append(cite)
+            self.warnings.append({
+                "type": "Undefined citation",
+                "citation": cite,
+                "severity": "major"
+            })
+
+    def _extract_float_warnings(self) -> None:
+        """提取浮动体相关警告"""
+        pattern = r'LaTeX Warning: Float too large for page by ([0-9.]+)pt'
+        matches = re.finditer(pattern, self.content)
+
+        for match in matches:
+            overflow_pt = float(match.group(1))
+            entry = {
+                "type": "Float too large",
+                "overflow_pt": overflow_pt,
+                "severity": "major"
+            }
+            self.float_warnings.append(entry)
+            self.warnings.append(entry)
+
+    def _extract_package_warnings(self) -> None:
+        """提取宏包警告（如 hyperref、caption 等）"""
+        pattern = r'Package (\w+) Warning: (.*?)(?: on input line ([0-9]+))?'
+        matches = re.finditer(pattern, self.content)
+
+        for match in matches:
+            package = match.group(1)
+            message = match.group(2).strip()
+            line = match.group(3) if match.group(3) else None
+
+            entry = {
+                "type": "Package warning",
+                "package": package,
+                "message": message,
+                "line": line,
+                "severity": "minor"
+            }
+            self.package_warnings.append(entry)
+            self.warnings.append(entry)
+
+    def _find_line_number(self, lines: List[str], current_idx: int) -> Optional[int]:
+        """尝试从上下文中提取行号"""
+        for offset in range(-3, 4):
+            idx = current_idx + offset
+            if 0 <= idx < len(lines):
+                match = re.search(r'l\.([0-9]+)', lines[idx])
+                if match:
+                    return int(match.group(1))
+        return None
+
+    def _extract_context(self, lines: List[str], error_idx: int) -> str:
+        """提取错误附近的上下文行"""
+        context_lines = []
+        for offset in range(1, 5):
+            idx = error_idx + offset
+            if idx < len(lines) and lines[idx].strip():
+                context_lines.append(lines[idx].strip())
+        return ' '.join(context_lines[:2])
+
+    def _build_report(self) -> Dict[str, Any]:
+        """构建最终 JSON 报告"""
+        summary = {
+            "errors": len(self.errors),
+            "warnings": len(self.warnings),
+            "overfull_hbox_total": len(self.overfull_hbox),
+            "underfull_hbox_total": len(self.underfull_hbox),
+            "undefined_references": len(self.undefined_refs),
+            "citation_issues": len(self.citation_issues),
+            "float_warnings": len(self.float_warnings),
+            "package_warnings": len(self.package_warnings)
+        }
+
+        return {
+            "parse_version": "1.0",
+            "log_file": str(self.log_path),
+            "compile_success": self.compile_success,
+            "summary": summary,
+            "errors": self.errors,
+            "warnings": self.warnings,
+            "overfull_hbox": self.overfull_hbox,
+            "underfull_hbox": self.underfull_hbox,
+            "undefined_references": self.undefined_refs,
+            "citation_issues": self.citation_issues,
+            "float_warnings": self.float_warnings,
+            "package_warnings": self.package_warnings,
+            "compilation_blockers": self.errors  # 任何错误都阻塞编译
+        }
+
+
+def main():
+    parser = argparse.ArgumentParser(description="解析 LaTeX 编译日志")
+    parser.add_argument("log_file", help="LaTeX .log 文件路径")
+    parser.add_argument("--output", "-o", help="输出 JSON 文件路径")
+    parser.add_argument("--verbose", "-v", action="store_true", help="详细输出")
+
+    args = parser.parse_args()
+
+    log_parser = LogParser(args.log_file)
+    report = log_parser.parse()
+
+    if args.output:
+        with open(args.output, 'w', encoding='utf-8') as f:
+            json.dump(report, f, indent=2, ensure_ascii=False)
+        print(f"Report saved to {args.output}")
+
+    if args.verbose or not args.output:
+        print(json.dumps(report, indent=2, ensure_ascii=False))
+
+    # 根据编译状态返回退出码
+    sys.exit(0 if report.get("compile_success", False) else 1)
+
+
+if __name__ == "__main__":
+    main()

package/scripts/postinstall.js

@@ -0,0 +1,38 @@
+#!/usr/bin/env node
+/**
+ * Postinstall: print next steps. Heavy setup (pip, data dirs) belongs in the user's project or `paperfit doctor`.
+ */
+
+const path = require('path');
+const fs = require('fs');
+
+const pkgRoot = path.join(__dirname, '..');
+const insideNodeModules = pkgRoot.includes(`${path.sep}node_modules${path.sep}`);
+const isGlobal = process.env.npm_config_global === 'true';
+
+console.log('\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+console.log('  PaperFit (paperfit-cli) installed');
+console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');
+
+if (!insideNodeModules) {
+  // Git checkout: optional lightweight data scaffold (no pip)
+  const dataDirs = ['data/backups', 'data/benchmarks/case', 'data/pages', 'data/evidence'];
+  for (const rel of dataDirs) {
+    const p = path.join(pkgRoot, rel);
+    if (!fs.existsSync(p)) {
+      fs.mkdirSync(p, { recursive: true });
+    }
+  }
+}
+
+console.log('Global Claude Code integration (recommended):');
+console.log('  paperfit-install          # copy commands/skills/agents → ~/.claude');
+console.log('  paperfit-install --force  # overwrite existing files\n');
+
+console.log('CLI:');
+console.log('  paperfit doctor           # check Python, poppler, latexmk');
+console.log('  paperfit init             # verify environment in current dir\n');
+
+if (isGlobal) {
+  console.log('Tip: run `paperfit-install` once so /fix-layout and skills are available in any project.\n');
+}

package/scripts/pre_tool_use.py

@@ -0,0 +1,265 @@
+#!/usr/bin/env python3
+"""
+PaperFit Pre-Tool Use Security Hook
+
+Detects secrets and sensitive patterns before tool execution.
+Inspired by ECC's beforeSubmitPrompt hook with sk-, ghp_, AKIA patterns.
+
+Usage:
+    python pre_tool_use.py --check-secrets <content>
+    python pre_tool_use.py --check-file <file_path>
+"""
+
+import argparse
+import json
+import re
+import sys
+from pathlib import Path
+
+# Secret patterns based on ECC security implementation
+SECRET_PATTERNS = [
+    # API Keys
+    (r'sk-[a-zA-Z0-9]{20,}', 'OpenAI API Key (sk-...)'),
+    (r'sk-proj-[a-zA-Z0-9]{20,}', 'OpenAI Project Key'),
+    (r'api[_-]?key[\"\'\s]*[:=]\s*[\"\'\'][a-zA-Z0-9]{16,}[\"\'\']', 'Generic API Key'),
+
+    # GitHub
+    (r'ghp_[a-zA-Z0-9]{36}', 'GitHub Personal Access Token'),
+    (r'gho_[a-zA-Z0-9]{36}', 'GitHub OAuth Token'),
+    (r'ghu_[a-zA-Z0-9]{36}', 'GitHub User Token'),
+    (r'ghs_[a-zA-Z0-9]{36}', 'GitHub Server Token'),
+    (r'ghr_[a-zA-Z0-9]{36}', 'GitHub Refresh Token'),
+
+    # AWS
+    (r'AKIA[0-9A-Z]{16}', 'AWS Access Key ID'),
+    (r'[0-9a-zA-Z/+]{40}={0,2}', 'Possible AWS Secret Key'),
+
+    # Azure
+    (r'[a-zA-Z0-9]{8}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{12}', 'Azure/GUID (potential secret)'),
+
+    # Google
+    (r'AIza[0-9A-Za-z\\-_]{35}', 'Google Cloud API Key'),
+    (r'ya29\\.[0-9A-Za-z\\-_]+', 'Google OAuth Token'),
+
+    # Stripe
+    (r'sk_live_[0-9a-zA-Z]{24,}', 'Stripe Secret Key'),
+    (r'pk_live_[0-9a-zA-Z]{24,}', 'Stripe Publishable Key'),
+
+    # Slack
+    (r'xox[baprs]-[0-9a-zA-Z]{10,48}', 'Slack Token'),
+
+    # Private Keys
+    (r'-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----', 'Private Key'),
+    (r'-----BEGIN PGP PRIVATE KEY BLOCK-----', 'PGP Private Key'),
+
+    # Passwords in config
+    (r'password[\"\'\s]*[:=]\s*[\"\'][^\"\']{8,}[\"\']', 'Hardcoded Password'),
+    (r'passwd[\"\'\s]*[:=]\s*[\"\'][^\"\']{8,}[\"\']', 'Hardcoded Password (passwd)'),
+
+    # JWT Tokens
+    (r'eyJ[a-zA-Z0-9_-]*\\.eyJ[a-zA-Z0-9_-]*\\.[a-zA-Z0-9_-]*', 'JWT Token'),
+
+    # NPM Tokens
+    (r'npm_[a-zA-Z0-9]{36}', 'NPM Access Token'),
+
+    # Hugging Face
+    (r'hf_[a-zA-Z]{34}', 'Hugging Face Token'),
+
+    # Generic secrets
+    (r'secret[\"\'\s]*[:=]\s*[\"\'][^\"\']{8,}[\"\']', 'Hardcoded Secret'),
+    (r'bearer[\\s]+[a-zA-Z0-9\\-_\\.]{20,}', 'Bearer Token'),
+]
+
+# Files that commonly contain secrets
+SENSITIVE_FILES = [
+    '.env',
+    '.env.local',
+    '.env.production',
+    '.env.development',
+    '.env.test',
+    '.git-credentials',
+    '.netrc',
+    '.pgpass',
+    '.my.cnf',
+    'credentials',
+    'credentials.json',
+    'credentials.yaml',
+    'credentials.yml',
+    'config.json',
+    'config.yaml',
+    'config.yml',
+    'secrets.json',
+    'secrets.yaml',
+    'secrets.yml',
+    '.dsn',
+    'id_rsa',
+    'id_dsa',
+    'id_ecdsa',
+    'id_ed25519',
+    '.pem',
+    '.key',
+    '.p12',
+    '.pfx',
+]
+
+
+def check_for_secrets(content: str, file_path: str = None) -> list:
+    """
+    Check content for secret patterns.
+
+    Args:
+        content: The text content to scan
+        file_path: Optional file path for context
+
+    Returns:
+        List of findings, each with pattern_name, match, and severity
+    """
+    findings = []
+
+    for pattern, name in SECRET_PATTERNS:
+        matches = re.finditer(pattern, content, re.IGNORECASE)
+        for match in matches:
+            # Skip false positives
+            matched_text = match.group(0)
+
+            # Skip if it looks like an example/placeholder
+            if any(placeholder in matched_text.lower() for placeholder in
+                   ['example', 'your_', '<', '>', 'xxx', '***', '${', '{{']):
+                continue
+
+            # Skip very short matches that might be false positives
+            if len(matched_text) < 10 and 'key' not in name.lower():
+                continue
+
+            findings.append({
+                'pattern': name,
+                'match': matched_text[:50] + '...' if len(matched_text) > 50 else matched_text,
+                'position': match.start(),
+                'severity': 'CRITICAL' if 'private key' in name.lower() or 'secret' in name.lower() else 'HIGH'
+            })
+
+    return findings
+
+
+def check_sensitive_file(file_path: str) -> dict:
+    """
+    Check if a file path matches known sensitive file patterns.
+
+    Args:
+        file_path: The file path to check
+
+    Returns:
+        Dict with is_sensitive, reason, and risk_level
+    """
+    path_lower = file_path.lower()
+    file_name = Path(file_path).name.lower()
+
+    # Check exact matches
+    for sensitive in SENSITIVE_FILES:
+        if file_name == sensitive or path_lower.endswith(f'/{sensitive}'):
+            return {
+                'is_sensitive': True,
+                'reason': f'Matches sensitive file pattern: {sensitive}',
+                'risk_level': 'HIGH'
+            }
+
+    # Check extensions
+    sensitive_extensions = ['.key', '.pem', '.p12', '.pfx', '.dsn', '.credentials']
+    if any(path_lower.endswith(ext) for ext in sensitive_extensions):
+        return {
+            'is_sensitive': True,
+            'reason': f'Sensitive file extension detected',
+            'risk_level': 'HIGH'
+        }
+
+    # Check for .env files
+    if file_name.startswith('.env'):
+        return {
+            'is_sensitive': True,
+            'reason': 'Environment file detected',
+            'risk_level': 'MEDIUM'
+        }
+
+    return {
+        'is_sensitive': False,
+        'reason': None,
+        'risk_level': 'LOW'
+    }
+
+
+def main():
+    parser = argparse.ArgumentParser(description='PaperFit Security Hook')
+    parser.add_argument('--check-secrets', type=str, help='Check string content for secrets')
+    parser.add_argument('--check-file', type=str, help='Check file for secrets')
+    parser.add_argument('--check-file-sensitive', type=str, help='Check if file path is sensitive')
+    parser.add_argument('--json', action='store_true', help='Output in JSON format')
+
+    args = parser.parse_args()
+
+    findings = []
+    sensitive_file_result = None
+
+    if args.check_secrets:
+        findings = check_for_secrets(args.check_secrets)
+
+    if args.check_file:
+        try:
+            file_path = args.check_file
+            content = Path(file_path).read_text(encoding='utf-8', errors='ignore')
+            findings = check_for_secrets(content, file_path)
+
+            # Also check if the file itself is sensitive
+            sensitive_file_result = check_sensitive_file(file_path)
+            if sensitive_file_result['is_sensitive']:
+                findings.append({
+                    'pattern': 'Sensitive File',
+                    'match': sensitive_file_result['reason'],
+                    'position': 0,
+                    'severity': sensitive_file_result['risk_level']
+                })
+        except (OSError, UnicodeDecodeError) as e:
+            if args.json:
+                print(json.dumps({'error': str(e)}))
+            else:
+                print(f'Error reading file: {e}')
+            sys.exit(1)
+
+    if args.check_file_sensitive:
+        sensitive_file_result = check_sensitive_file(args.check_file_sensitive)
+        if args.json:
+            print(json.dumps(sensitive_file_result, indent=2))
+        else:
+            if sensitive_file_result['is_sensitive']:
+                print(f"⚠️  {sensitive_file_result['reason']}")
+                print(f"   Risk Level: {sensitive_file_result['risk_level']}")
+            else:
+                print("✅ File does not match sensitive patterns")
+        sys.exit(0 if not sensitive_file_result['is_sensitive'] else 1)
+
+    # Output results
+    if args.json:
+        output = {
+            'findings': findings,
+            'finding_count': len(findings),
+            'has_secrets': len(findings) > 0
+        }
+        if sensitive_file_result:
+            output['sensitive_file'] = sensitive_file_result
+        print(json.dumps(output, indent=2))
+    else:
+        if findings:
+            print(f"\n🚨 SECURITY ALERT: {len(findings)} potential secret(s) detected\n")
+            for i, finding in enumerate(findings, 1):
+                print(f"  {i}. {finding['pattern']}")
+                print(f"     Match: {finding['match']}")
+                print(f"     Severity: {finding['severity']}")
+                print()
+            print("⚠️  Remove secrets before committing!\n")
+            sys.exit(1)
+        else:
+            print("✅ No secrets detected")
+            sys.exit(0)
+
+
+if __name__ == '__main__':
+    main()