safelaunch 1.0.16 → 1.0.18

package/README.md

@@ -1,14 +1,14 @@
 # safelaunch
 
-> Stop breaking production over environment variables.
+> Ship without breaking production.
 
 [![npm version](https://badge.fury.io/js/safelaunch.svg)](https://www.npmjs.com/package/safelaunch)
 
-safelaunch validates your environment before every push. It catches missing variables, misconfigurations, and dependency issues before they reach production — in seconds.
+safelaunch validates your environment before every push. Catches missing variables, empty values, duplicates, dependency drift, and prefix misconfigurations — before they reach production.
 
 Works with **Node.js, Next.js, Vite, and Create React App**. Not just backend. Any JavaScript project.
 
-🌐 [safelaunch.dev](https://karthicedric7-cloud.github.io/Orches)
+🌐 [orches.dev](https://karthicedric7-cloud.github.io/Orches)
 
 ---
 
@@ -18,21 +18,39 @@ safelaunch runs **entirely on your machine**. It never sends your environment va
 
 ---
 
-## Two commands. That's it.
-
-**Step 1 — Generate your environment manifest**
+## Try it right now — zero setup
 ```bash
-safelaunch init
+npx safelaunch scan
 ```
 
-Scans your codebase, finds every environment variable your app uses, and generates an `env.manifest.json` file automatically.
+No installation. No config. Just run it in any JavaScript project.
 
-**Step 2 — Validate before you push**
-```bash
-safelaunch validate
+Scans your entire codebase, checks your `.env`, and tells you exactly what would break your next deploy.
 ```
+Scanning your project...
+
+Detected: Next.js
+
+Found 8 env variables in your codebase
+
+⚠️  DUPLICATE VARIABLES (1 found)
+
+   DATABASE_URL   defined more than once in .env
+
+❌ MISSING VARIABLES (2 found)
 
-Runs 11 checks against your `.env` file and tells you exactly what will break before it does.
+   NEXTAUTH_SECRET   missing from .env
+   STRIPE_SECRET_KEY   missing from .env
+
+✅ PASSING (6)
+
+   API_KEY   present
+   NODE_ENV   present
+
+Your next deploy would have failed.
+
+Run safelaunch init to lock this in permanently.
+```
 
 ---
 
@@ -43,7 +61,27 @@ npm install -g safelaunch
 
 ---
 
-## Never break a push again — install the git hook
+## Lock it in permanently
+
+Once you've seen what scan finds, lock it in with two commands:
+
+**Step 1 — Generate your environment manifest**
+```bash
+safelaunch init
+```
+
+Scans your codebase and generates an `env.manifest.json` contract file automatically.
+
+**Step 2 — Validate before every push**
+```bash
+safelaunch validate
+```
+
+Runs 11 checks against your `.env` and tells you exactly what will break before it does.
+
+---
+
+## Never think about it again — install the git hook
 ```bash
 safelaunch hook install
 ```
@@ -52,7 +90,17 @@ Blocks `git push` automatically if validation fails. Set it once, forget about i
 
 ---
 
-## What it checks
+## What scan checks
+
+1. Missing variables
+2. Empty variables
+3. Duplicate variables
+4. Dependencies not installed
+5. Dependency drift
+6. `VITE_` prefix validation
+7. `REACT_APP_` prefix validation
+
+## What validate checks
 
 1. Missing required variables
 2. Empty variables
@@ -68,28 +116,9 @@ Blocks `git push` automatically if validation fails. Set it once, forget about i
 
 ---
 
-## Example output
-```
-Running safelaunch...
-
-❌ MISSING VARIABLES (2 found)
-   DATABASE_URL   required but missing from .env
-   REDIS_URL      required but missing from .env
-
-✅ PASSING (9)
-   API_KEY        present
-   NODE_ENV       present
-   ...
-
-Your environment is not ready for production.
-Fix the issues above and run safelaunch again.
-```
-
----
-
 ## CI Integration
 
-Add this to your GitHub Actions workflow to block deployments automatically:
+Block deployments automatically by adding this to your GitHub Actions workflow:
 ```yaml
 - name: Install safelaunch
   run: npm install -g safelaunch

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "safelaunch",
-  "version": "1.0.16",
+  "version": "1.0.18",
   "description": "Validate your environment before every push. Catch missing, empty, and misconfigured env variables before they break production.",
   "main": "index.js",
   "bin": {
@@ -31,4 +31,4 @@
   "dependencies": {
     "posthog-node": "^5.28.2"
   }
-}
+}

package/safelaunch/src/scan.js

@@ -1,6 +1,52 @@
 const fs = require('fs');
 const path = require('path');
-const { track, shutdown } = require('./telemetry');
+
+// ─── Impact messages per check type ───────────────────────────────────────────
+
+const IMPACT = {
+  missing: (key) => impactBlock([
+    'Your app cannot use ' + key,
+    '→ Will crash or behave incorrectly at runtime'
+  ]),
+  empty: (key) => impactBlock([
+    key + ' is defined but has no value',
+    '→ Your app will treat it as blank — this will break things'
+  ]),
+  duplicate: (key) => impactBlock([
+    key + ' is defined more than once',
+    '→ The last value silently wins — likely not what you want'
+  ]),
+  depsNotInstalled: () => impactBlock([
+    'node_modules is missing entirely',
+    '→ Your app will not start'
+  ]),
+  depsDrift: (dep) => impactBlock([
+    dep + ' is in package.json but not installed',
+    '→ Any code that imports it will fail'
+  ]),
+  prefixVite: (key) => impactBlock([
+    key + ' is missing the VITE_ prefix',
+    '→ It will not be exposed to the browser — your frontend will not see it'
+  ]),
+  prefixCra: (key) => impactBlock([
+    key + ' is missing the REACT_APP_ prefix',
+    '→ It will not be exposed to the browser — your frontend will not see it'
+  ]),
+  noEnvFile: () => impactBlock([
+    'No .env file found',
+    '→ Every environment variable your app needs will be missing'
+  ]),
+};
+
+function impactBlock(lines) {
+  return '   Impact:\n' + lines.map(l => '   ' + l).join('\n');
+}
+
+// ─── Divider ──────────────────────────────────────────────────────────────────
+
+const DIVIDER = '────────────────────────────';
+
+// ─── Helpers ──────────────────────────────────────────────────────────────────
 
 function detectProjectType(cwd) {
   if (fs.existsSync(path.join(cwd, 'vite.config.js')) ||
@@ -59,20 +105,6 @@ function readEnvDetailed(cwd) {
   return { envVars, duplicates: [...duplicates] };
 }
 
-function checkPrefixes(foundVars, envVars, projectType) {
-  const warnings = [];
-  for (const key of foundVars) {
-    if (key === 'NODE_ENV') continue;
-    if (projectType === 'vite' && !key.startsWith('VITE_')) {
-      warnings.push(key + '   missing VITE_ prefix (won\'t be exposed to client)');
-    }
-    if (projectType === 'cra' && !key.startsWith('REACT_APP_')) {
-      warnings.push(key + '   missing REACT_APP_ prefix (won\'t be exposed to client)');
-    }
-  }
-  return warnings;
-}
-
 function checkDependencies(cwd) {
   const packagePath = path.join(cwd, 'package.json');
   const modulesPath = path.join(cwd, 'node_modules');
@@ -87,17 +119,41 @@ function checkDependencies(cwd) {
   return { notInstalled: false, missing };
 }
 
+// ─── Render helpers ───────────────────────────────────────────────────────────
+
+function renderIssue(number, title, impactLines) {
+  return (
+    number + '. ' + title + '\n' +
+    '\n' +
+    impactLines + '\n'
+  );
+}
+
+// ─── Main ─────────────────────────────────────────────────────────────────────
+
 async function scan() {
-  console.log('\nScanning your project...\n');
+  // Lazy-load telemetry so it doesn't affect output
+  let track = async () => {};
+  let shutdown = async () => {};
+  try {
+    const telemetry = require('./safelaunch/src/telemetry');
+    track = telemetry.track;
+    shutdown = telemetry.shutdown;
+  } catch (_) {}
 
   const cwd = process.cwd();
   const projectType = detectProjectType(cwd);
   const typeLabels = { vite: 'Vite', next: 'Next.js', cra: 'Create React App', node: 'Node.js' };
-  console.log('Detected: ' + typeLabels[projectType] + '\n');
+
+  console.log('');
+  console.log('Scanning your project...');
+  console.log('Detected: ' + typeLabels[projectType]);
+  console.log('');
+
+  // ── Collect env vars used in codebase ──
 
   const extensions = ['.js', '.ts', '.jsx', '.tsx', '.vue', '.svelte'];
   let pattern;
-
   if (projectType === 'vite') {
     pattern = /import\.meta\.env\.([A-Z_][A-Z0-9_]*)/g;
   } else if (projectType === 'cra') {
@@ -108,29 +164,77 @@ async function scan() {
 
   const found = scanFiles(cwd, extensions, pattern);
 
+  // ── No env vars in codebase at all ──
+
   if (found.size === 0) {
-    console.log('No environment variables found in your codebase.\n');
+    console.log('🛡️  Safelaunch Scan Report');
+    console.log('');
+    console.log('No environment variables found in your codebase.');
+    console.log('');
+    console.log(DIVIDER);
+    console.log('');
+    console.log('✅ Nothing to check');
+    console.log('');
+    console.log('   Your project does not appear to use process.env');
+    console.log('');
     await track('safelaunch_scan_run', { project_type: projectType, vars_found: 0 });
     await shutdown();
     return;
   }
 
-  console.log('Found ' + found.size + ' env variables in your codebase\n');
+  // ── No .env file found ──
 
   const result = readEnvDetailed(cwd);
 
   if (!result) {
-    console.log('❌ No .env file found — all variables would be missing.\n');
-    for (const key of [...found].sort()) {
-      console.log('   ' + key);
+    const varList = [...found].sort();
+    const criticals = [];
+    let issueNum = 1;
+
+    criticals.push(renderIssue(
+      issueNum++,
+      '.env file is missing',
+      IMPACT.noEnvFile()
+    ));
+
+    for (const key of varList) {
+      criticals.push(renderIssue(issueNum++, key + ' is missing', IMPACT.missing(key)));
     }
-    console.log('\nYour next deploy would have failed.\n');
-    console.log('Run safelaunch init to lock this in permanently.\n');
+
+    console.log('🚨 Safelaunch Scan Report');
+    console.log('');
+    console.log('This project is NOT safe to deploy');
+    console.log('');
+    console.log((varList.length + 1) + ' issues found');
+    console.log((varList.length + 1) + ' critical');
+    console.log('');
+    console.log(DIVIDER);
+    console.log('');
+    console.log('🚨 CRITICAL (will break your app)');
+    console.log('');
+    for (const block of criticals) {
+      console.log(block);
+      console.log('---');
+      console.log('');
+    }
+    console.log(DIVIDER);
+    console.log('');
+    console.log('💡 Next step');
+    console.log('');
+    console.log('   Create a .env file with your environment variables,');
+    console.log('   then run:');
+    console.log('');
+    console.log('   safelaunch init');
+    console.log('');
+    console.log('   Lock this configuration and prevent future breakage');
+    console.log('');
     await track('safelaunch_scan_run', { project_type: projectType, vars_found: found.size, missing: found.size, no_env: true });
     await shutdown();
     return;
   }
 
+  // ── Full scan ──
+
   const { envVars, duplicates } = result;
   const missing = [];
   const empty = [];
@@ -146,76 +250,167 @@ async function scan() {
     }
   }
 
-  const prefixWarnings = checkPrefixes(found, envVars, projectType);
   const drift = checkDependencies(cwd);
 
-  let hasFailed = false;
-
-  if (duplicates.length > 0) {
-    hasFailed = true;
-    console.log('⚠️  DUPLICATE VARIABLES (' + duplicates.length + ' found)\n');
-    for (const key of duplicates) {
-      console.log('   ' + key + '   defined more than once in .env');
+  // Prefix issues (warnings only)
+  const prefixWarnings = [];
+  for (const key of found) {
+    if (key === 'NODE_ENV') continue;
+    if (projectType === 'vite' && !key.startsWith('VITE_')) {
+      prefixWarnings.push({ key, type: 'vite' });
+    }
+    if (projectType === 'cra' && !key.startsWith('REACT_APP_')) {
+      prefixWarnings.push({ key, type: 'cra' });
     }
-    console.log('');
   }
 
-  if (drift) {
-    if (drift.notInstalled) {
-      hasFailed = true;
-      console.log('⚠️  DEPENDENCIES NOT INSTALLED\n');
-      console.log('   node_modules not found. Run npm install.\n');
-    } else if (drift.missing.length > 0) {
-      hasFailed = true;
-      console.log('⚠️  DEPENDENCY DRIFT (' + drift.missing.length + ' found)\n');
-      for (const dep of drift.missing) {
-        console.log('   ' + dep + '   in package.json but not installed');
-      }
-      console.log('');
-    }
+  // ── Build issue lists ──
+
+  const criticalIssues = [];   // { title, impact }
+  const warningIssues = [];    // { title, impact }
+  const passingChecks = [];    // string[]
+
+  // Criticals: missing vars
+  for (const key of missing) {
+    criticalIssues.push({ title: key + ' is missing', impact: IMPACT.missing(key) });
   }
 
-  if (prefixWarnings.length > 0) {
-    hasFailed = true;
-    console.log('⚠️  PREFIX WARNINGS (' + prefixWarnings.length + ' found)\n');
-    for (const w of prefixWarnings) {
-      console.log('   ' + w);
-    }
-    console.log('');
+  // Criticals: empty vars
+  for (const key of empty) {
+    criticalIssues.push({ title: key + ' is empty', impact: IMPACT.empty(key) });
   }
 
-  if (empty.length > 0) {
-    hasFailed = true;
-    console.log('❌ EMPTY VARIABLES (' + empty.length + ' found)\n');
-    for (const key of empty) {
-      console.log('   ' + key + '   present but empty in .env');
-    }
-    console.log('');
+  // Criticals: deps not installed at all
+  if (drift && drift.notInstalled) {
+    criticalIssues.push({ title: 'Dependencies are not installed', impact: IMPACT.depsNotInstalled() });
   }
 
-  if (missing.length > 0) {
-    hasFailed = true;
-    console.log('❌ MISSING VARIABLES (' + missing.length + ' found)\n');
-    for (const key of missing) {
-      console.log('   ' + key + '   missing from .env');
+  // Warnings: dependency drift
+  if (drift && !drift.notInstalled && drift.missing.length > 0) {
+    for (const dep of drift.missing) {
+      warningIssues.push({ title: dep + ' is not installed', impact: IMPACT.depsDrift(dep) });
     }
-    console.log('');
   }
 
-  if (present.length > 0) {
-    console.log('✅ PASSING (' + present.length + ')\n');
-    for (const key of present) {
-      console.log('   ' + key + '   present');
+  // Warnings: duplicate vars
+  for (const key of duplicates) {
+    warningIssues.push({ title: key + ' is defined more than once', impact: IMPACT.duplicate(key) });
+  }
+
+  // Warnings: prefix issues
+  for (const { key, type } of prefixWarnings) {
+    if (type === 'vite') {
+      warningIssues.push({ title: key + ' is missing VITE_ prefix', impact: IMPACT.prefixVite(key) });
+    } else {
+      warningIssues.push({ title: key + ' is missing REACT_APP_ prefix', impact: IMPACT.prefixCra(key) });
     }
-    console.log('');
   }
 
+  // Passing checks
+  if (result) passingChecks.push('Environment file detected');
+  if (!drift || (!drift.notInstalled && drift.missing.length === 0)) passingChecks.push('Dependencies installed');
+  if (duplicates.length === 0) passingChecks.push('No duplicate variables');
+  for (const key of present) {
+    passingChecks.push(key + ' configured');
+  }
+
+  const totalIssues = criticalIssues.length + warningIssues.length;
+  const hasFailed = totalIssues > 0;
+
+  // ─── Render ───────────────────────────────────────────────────────────────
+
   if (hasFailed) {
-    console.log('Your next deploy would have failed.\n');
-    console.log('Run safelaunch init to lock this in permanently.\n');
+    const critCount = criticalIssues.length;
+    const warnCount = warningIssues.length;
+
+    let summary = totalIssues + ' issue' + (totalIssues !== 1 ? 's' : '') + ' found';
+    const parts = [];
+    if (critCount > 0) parts.push(critCount + ' critical');
+    if (warnCount > 0) parts.push(warnCount + ' warning' + (warnCount !== 1 ? 's' : ''));
+    summary += '\n' + parts.join(' · ');
+
+    console.log('🚨 Safelaunch Scan Report');
+    console.log('');
+    console.log('This project is NOT safe to deploy');
+    console.log('');
+    console.log(summary);
+    console.log('');
+    console.log(DIVIDER);
+    console.log('');
+
+    if (criticalIssues.length > 0) {
+      console.log('🚨 CRITICAL (will break your app)');
+      console.log('');
+      criticalIssues.forEach((issue, i) => {
+        console.log(renderIssue(i + 1, issue.title, issue.impact));
+        if (i < criticalIssues.length - 1) {
+          console.log('---');
+          console.log('');
+        }
+      });
+      console.log('');
+      console.log(DIVIDER);
+      console.log('');
+    }
+
+    if (warningIssues.length > 0) {
+      console.log('⚠️  WARNINGS (may cause issues)');
+      console.log('');
+      const offset = criticalIssues.length;
+      warningIssues.forEach((issue, i) => {
+        console.log(renderIssue(offset + i + 1, issue.title, issue.impact));
+        if (i < warningIssues.length - 1) {
+          console.log('---');
+          console.log('');
+        }
+      });
+      console.log('');
+      console.log(DIVIDER);
+      console.log('');
+    }
+
+    if (passingChecks.length > 0) {
+      console.log('✅ What\'s working (' + passingChecks.length + ' checks passed)');
+      console.log('');
+      for (const check of passingChecks) {
+        console.log('- ' + check);
+      }
+      console.log('');
+      console.log(DIVIDER);
+      console.log('');
+    }
+
+    console.log('💡 Next step');
+    console.log('');
+    console.log('   Run:');
+    console.log('   safelaunch init');
+    console.log('');
+    console.log('   Lock this configuration and prevent future breakage');
+    console.log('');
+
   } else {
-    console.log('Your project is clean. Nothing would break your next deploy.\n');
-    console.log('Run safelaunch init to lock this in permanently.\n');
+    // ── All clean ──
+
+    console.log('🛡️  Safelaunch Scan Report');
+    console.log('');
+    console.log('Your project is safe to deploy');
+    console.log('');
+    console.log('No issues found');
+    console.log('');
+    console.log(DIVIDER);
+    console.log('');
+    console.log('✅ All checks passed');
+    console.log('');
+    for (const check of passingChecks) {
+      console.log('- ' + check);
+    }
+    console.log('');
+    console.log(DIVIDER);
+    console.log('');
+    console.log('🎉 You\'re good to go');
+    console.log('');
+    console.log('   Deploy with confidence');
+    console.log('');
   }
 
   await track('safelaunch_scan_run', {

package/safelaunch/src/validate.js

@@ -2,6 +2,59 @@ const fs = require('fs');
 const path = require('path');
 const { track, shutdown } = require('./telemetry');
 
+// ─── Impact messages ──────────────────────────────────────────────────────────
+
+function impactBlock(lines) {
+  return '   Impact:\n' + lines.map(l => '   ' + l).join('\n');
+}
+
+const IMPACT = {
+  missing: (key) => impactBlock([
+    key + ' is required but not in your .env',
+    '→ Your app will crash or behave incorrectly at runtime'
+  ]),
+  empty: (key) => impactBlock([
+    key + ' is present but has no value',
+    '→ Your app will treat it as blank — this will break things'
+  ]),
+  runtimeMismatch: (required, actual) => impactBlock([
+    'Expected Node ' + required + ', found Node ' + actual,
+    '→ Unexpected runtime errors may occur'
+  ]),
+  duplicate: (key) => impactBlock([
+    key + ' is defined more than once in .env',
+    '→ The last value silently wins — likely not what you want'
+  ]),
+  depsNotInstalled: () => impactBlock([
+    'node_modules is missing entirely',
+    '→ Your app will not start'
+  ]),
+  depsDrift: (dep) => impactBlock([
+    dep + ' is in package.json but not installed',
+    '→ Any code that imports it will fail'
+  ]),
+  exampleMissing: (key) => impactBlock([
+    key + ' is in .env.example but missing from your .env',
+    '→ This was likely required — your app may break'
+  ]),
+  prefixVite: (key) => impactBlock([
+    key + ' is missing the VITE_ prefix',
+    '→ It will not be exposed to the browser — your frontend will not see it'
+  ]),
+  prefixCra: (key) => impactBlock([
+    key + ' is missing the REACT_APP_ prefix',
+    '→ It will not be exposed to the browser — your frontend will not see it'
+  ]),
+  priority: (key) => impactBlock([
+    key + ' exists in both .env and .env.local',
+    '→ .env.local takes priority — .env value will be ignored'
+  ]),
+};
+
+const DIVIDER = '────────────────────────────';
+
+// ─── File helpers ─────────────────────────────────────────────────────────────
+
 function detectProjectType(cwd) {
   if (fs.existsSync(path.join(cwd, 'vite.config.js')) ||
       fs.existsSync(path.join(cwd, 'vite.config.ts'))) {
@@ -23,7 +76,11 @@ function detectProjectType(cwd) {
 function readManifest() {
   const manifestPath = path.join(process.cwd(), 'env.manifest.json');
   if (!fs.existsSync(manifestPath)) {
-    console.log('\nNo env.manifest.json found. Run safelaunch init first.\n');
+    console.log('');
+    console.log('No env.manifest.json found.');
+    console.log('');
+    console.log('Run safelaunch init to generate one.');
+    console.log('');
     process.exit(1);
   }
   return JSON.parse(fs.readFileSync(manifestPath, 'utf8'));
@@ -32,7 +89,9 @@ function readManifest() {
 function readEnv() {
   const envPath = path.join(process.cwd(), '.env');
   if (!fs.existsSync(envPath)) {
-    console.log('\nNo .env file found.\n');
+    console.log('');
+    console.log('No .env file found.');
+    console.log('');
     process.exit(1);
   }
   const envVars = {};
@@ -101,13 +160,10 @@ function checkPrefixes(envVars, projectType) {
   for (const key of Object.keys(envVars)) {
     if (key === 'NODE_ENV') continue;
     if (projectType === 'vite' && !key.startsWith('VITE_')) {
-      warnings.push(key + '   missing VITE_ prefix (won\'t be exposed to client)');
+      warnings.push({ key, type: 'vite' });
     }
     if (projectType === 'cra' && !key.startsWith('REACT_APP_')) {
-      warnings.push(key + '   missing REACT_APP_ prefix (won\'t be exposed to client)');
-    }
-    if (projectType === 'next' && key.startsWith('NEXT_PUBLIC_') === false) {
-      // server-side only — no warning needed
+      warnings.push({ key, type: 'cra' });
     }
   }
   return warnings;
@@ -132,15 +188,29 @@ function checkEnvPriority(cwd, projectType) {
   if (fileVars['.env'] && fileVars['.env.local']) {
     for (const key of Object.keys(fileVars['.env'])) {
       if (fileVars['.env.local'][key]) {
-        warnings.push(key + '   in both .env and .env.local (.env.local takes priority)');
+        warnings.push(key);
       }
     }
   }
   return warnings;
 }
 
+// ─── Render helpers ───────────────────────────────────────────────────────────
+
+function renderIssue(number, title, impact) {
+  return (
+    number + '. ' + title + '\n' +
+    '\n' +
+    impact + '\n'
+  );
+}
+
+// ─── Main ─────────────────────────────────────────────────────────────────────
+
 async function validate() {
-  console.log('\nRunning safelaunch...\n');
+  console.log('');
+  console.log('Running safelaunch...');
+  console.log('');
 
   const cwd = process.cwd();
   const manifest = readManifest();
@@ -148,7 +218,10 @@ async function validate() {
 
   const projectType = manifest.projectType || detectProjectType(cwd);
   const typeLabels = { vite: 'Vite', next: 'Next.js', cra: 'Create React App', node: 'Node.js' };
-  console.log('project type: ' + (typeLabels[projectType] || 'Node.js') + '\n');
+  console.log('Detected: ' + (typeLabels[projectType] || 'Node.js'));
+  console.log('');
+
+  // ── Collect results ──
 
   const missing = [];
   const empty = [];
@@ -170,89 +243,136 @@ async function validate() {
   const prefixWarnings = checkPrefixes(envVars, projectType);
   const priorityWarnings = checkEnvPriority(cwd, projectType);
 
-  if (runtimeMismatch) {
-    console.log('⚠️  RUNTIME MISMATCH\n');
-    console.log('   Node required: ' + runtimeMismatch.required);
-    console.log('   Node actual:   ' + runtimeMismatch.actual);
-    console.log('');
-  }
+  // ── Build issue lists ──
 
-  if (duplicates.length > 0) {
-    console.log('⚠️  DUPLICATE VARIABLES (' + duplicates.length + ' found)\n');
-    for (const key of duplicates) {
-      console.log('   ' + key + '   defined more than once in .env');
-    }
-    console.log('');
+  const criticalIssues = [];
+  const warningIssues = [];
+  const passingChecks = [];
+
+  // Criticals
+  for (const key of missing) {
+    criticalIssues.push({ title: key + ' is missing', impact: IMPACT.missing(key) });
+  }
+  for (const key of empty) {
+    criticalIssues.push({ title: key + ' is empty', impact: IMPACT.empty(key) });
+  }
+  if (drift && drift.notInstalled) {
+    criticalIssues.push({ title: 'Dependencies are not installed', impact: IMPACT.depsNotInstalled() });
   }
 
-  if (drift) {
-    if (drift.notInstalled) {
-      console.log('⚠️  DEPENDENCIES NOT INSTALLED\n');
-      console.log('   node_modules not found. Run npm install.\n');
-    } else if (drift.missing.length > 0) {
-      console.log('⚠️  DEPENDENCY DRIFT (' + drift.missing.length + ' found)\n');
-      for (const dep of drift.missing) {
-        console.log('   ' + dep + '   in package.json but not installed');
-      }
-      console.log('');
+  // Warnings
+  if (runtimeMismatch) {
+    warningIssues.push({
+      title: 'Node.js version mismatch',
+      impact: IMPACT.runtimeMismatch(runtimeMismatch.required, runtimeMismatch.actual)
+    });
+  }
+  for (const key of duplicates) {
+    warningIssues.push({ title: key + ' is defined more than once', impact: IMPACT.duplicate(key) });
+  }
+  if (drift && !drift.notInstalled) {
+    for (const dep of drift.missing) {
+      warningIssues.push({ title: dep + ' is not installed', impact: IMPACT.depsDrift(dep) });
     }
   }
-
-  if (exampleMissing.length > 0) {
-    console.log('⚠️  MISSING FROM .env.example (' + exampleMissing.length + ' found)\n');
-    for (const key of exampleMissing) {
-      console.log('   ' + key + '   in .env.example but missing from .env');
+  for (const key of exampleMissing) {
+    warningIssues.push({ title: key + ' is missing (from .env.example)', impact: IMPACT.exampleMissing(key) });
+  }
+  for (const { key, type } of prefixWarnings) {
+    if (type === 'vite') {
+      warningIssues.push({ title: key + ' is missing VITE_ prefix', impact: IMPACT.prefixVite(key) });
+    } else {
+      warningIssues.push({ title: key + ' is missing REACT_APP_ prefix', impact: IMPACT.prefixCra(key) });
     }
-    console.log('');
+  }
+  for (const key of priorityWarnings) {
+    warningIssues.push({ title: key + ' has an env file priority conflict', impact: IMPACT.priority(key) });
   }
 
-  if (prefixWarnings.length > 0) {
-    console.log('⚠️  PREFIX WARNINGS (' + prefixWarnings.length + ' found)\n');
-    for (const w of prefixWarnings) {
-      console.log('   ' + w);
-    }
-    console.log('');
+  // Passing checks
+  passingChecks.push('env.manifest.json found');
+  passingChecks.push('Environment file detected');
+  if (!drift || (!drift.notInstalled && drift.missing.length === 0)) passingChecks.push('Dependencies installed');
+  if (duplicates.length === 0) passingChecks.push('No duplicate variables');
+  if (!runtimeMismatch && manifest.runtime) passingChecks.push('Runtime version matches');
+  for (const key of passing) {
+    passingChecks.push(key + ' configured');
   }
 
-  if (priorityWarnings.length > 0) {
-    console.log('⚠️  ENV FILE PRIORITY (' + priorityWarnings.length + ' found)\n');
-    for (const w of priorityWarnings) {
-      console.log('   ' + w);
-    }
+  const totalIssues = criticalIssues.length + warningIssues.length;
+  const hasFailed = totalIssues > 0;
+
+  // ─── Render ───────────────────────────────────────────────────────────────
+
+  if (hasFailed) {
+    const critCount = criticalIssues.length;
+    const warnCount = warningIssues.length;
+
+    const parts = [];
+    if (critCount > 0) parts.push(critCount + ' critical');
+    if (warnCount > 0) parts.push(warnCount + ' warning' + (warnCount !== 1 ? 's' : ''));
+
+    console.log('🚨 Safelaunch Scan Report');
+    console.log('');
+    console.log('This project is NOT safe to deploy');
+    console.log('');
+    console.log(totalIssues + ' issue' + (totalIssues !== 1 ? 's' : '') + ' found');
+    console.log(parts.join(' · '));
+    console.log('');
+    console.log(DIVIDER);
     console.log('');
-  }
 
-  if (empty.length > 0) {
-    console.log('❌ EMPTY VARIABLES (' + empty.length + ' found)\n');
-    for (const key of empty) {
-      console.log('   ' + key + '   required but empty in .env');
+    if (criticalIssues.length > 0) {
+      console.log('🚨 CRITICAL (will break your app)');
+      console.log('');
+      criticalIssues.forEach((issue, i) => {
+        console.log(renderIssue(i + 1, issue.title, issue.impact));
+        if (i < criticalIssues.length - 1) {
+          console.log('---');
+          console.log('');
+        }
+      });
+      console.log('');
+      console.log(DIVIDER);
+      console.log('');
     }
-    console.log('');
-  }
 
-  if (missing.length > 0) {
-    console.log('❌ MISSING VARIABLES (' + missing.length + ' found)\n');
-    for (const key of missing) {
-      console.log('   ' + key + '   required but missing from .env');
+    if (warningIssues.length > 0) {
+      console.log('⚠️  WARNINGS (may cause issues)');
+      console.log('');
+      const offset = criticalIssues.length;
+      warningIssues.forEach((issue, i) => {
+        console.log(renderIssue(offset + i + 1, issue.title, issue.impact));
+        if (i < warningIssues.length - 1) {
+          console.log('---');
+          console.log('');
+        }
+      });
+      console.log('');
+      console.log(DIVIDER);
+      console.log('');
     }
-    console.log('');
-  }
 
-  if (passing.length > 0) {
-    console.log('✅ PASSING (' + passing.length + ')\n');
-    for (const key of passing) {
-      console.log('   ' + key + '   present');
+    if (passingChecks.length > 0) {
+      console.log("✅ What's working (" + passingChecks.length + ' checks passed)');
+      console.log('');
+      for (const check of passingChecks) {
+        console.log('- ' + check);
+      }
+      console.log('');
+      console.log(DIVIDER);
+      console.log('');
     }
-    console.log('');
-  }
 
-  const hasFailed = runtimeMismatch || missing.length > 0 || empty.length > 0 ||
-    duplicates.length > 0 || exampleMissing.length > 0 ||
-    prefixWarnings.length > 0 || priorityWarnings.length > 0 ||
-    (drift && (drift.notInstalled || drift.missing.length > 0));
+    console.log('💡 Next step');
+    console.log('');
+    console.log('   Fix the issues above, then run:');
+    console.log('   safelaunch scan');
+    console.log('');
+    console.log('   Or re-run the contract lock:');
+    console.log('   safelaunch init');
+    console.log('');
 
-  if (hasFailed) {
-    console.log('Your environment is not ready for production.\n');
     await track('safelaunch_validate_run', {
       project_type: projectType,
       passed: false,
@@ -266,8 +386,31 @@ async function validate() {
     });
     await shutdown();
     process.exit(1);
+
   } else {
-    console.log('Your environment is ready for production.\n');
+    // ── All clean ──
+
+    console.log('🛡️  Safelaunch Scan Report');
+    console.log('');
+    console.log('Your project is safe to deploy');
+    console.log('');
+    console.log('No issues found');
+    console.log('');
+    console.log(DIVIDER);
+    console.log('');
+    console.log('✅ All checks passed');
+    console.log('');
+    for (const check of passingChecks) {
+      console.log('- ' + check);
+    }
+    console.log('');
+    console.log(DIVIDER);
+    console.log('');
+    console.log("🎉 You're good to go");
+    console.log('');
+    console.log('   Deploy with confidence');
+    console.log('');
+
     await track('safelaunch_validate_run', {
       project_type: projectType,
       passed: true,