verification-layer 0.20.0 → 0.22.0

package/dist/cli.js

@@ -32,6 +32,7 @@ program
     .option('--min-confidence <level>', 'Minimum confidence level (high, medium, low)', 'low')
     .option('--fix', 'Automatically fix detected issues where possible')
     .option('--no-ai', 'Disable AI-powered triage and analysis')
+    .option('--audit', 'Run npm audit and include dependency vulnerabilities in report')
     .action(async (path, options) => {
     const spinner = ora('Scanning repository...').start();
     const absolutePath = resolve(path);
@@ -70,6 +71,21 @@ program
             minConfidence: options.minConfidence,
         });
         spinner.succeed(`Scan complete. Found ${result.findings.length} issues.`);
+        // Run npm audit if --audit flag is provided
+        let vulnerabilities;
+        if (options.audit) {
+            const auditSpinner = ora('Running npm audit...').start();
+            const { runNpmAudit } = await import('./utils/npm-audit.js');
+            const auditResult = await runNpmAudit(absolutePath);
+            if (auditResult.error) {
+                auditSpinner.warn(`npm audit: ${auditResult.error}`);
+            }
+            else {
+                const vulnCount = auditResult.vulnerabilities.length;
+                auditSpinner.succeed(`npm audit complete. Found ${vulnCount} vulnerabilities.`);
+                vulnerabilities = auditResult.vulnerabilities;
+            }
+        }
         // Apply fixes if --fix flag is provided
         if (options.fix) {
             const fixSpinner = ora('Applying automatic fixes...').start();
@@ -84,11 +100,23 @@ program
                 console.log(chalk.yellow('\nRun `vlayer audit <path> --generate-report` to generate PDF audit report.'));
             }
         }
+        // Get previous scan history and create comparison
+        const { getMostRecentScan, compareScan, saveScanHistory } = await import('./utils/scan-history.js');
+        const previousScan = await getMostRecentScan(absolutePath);
+        const comparison = result.complianceScore
+            ? compareScan(result.complianceScore.score, result.findings, previousScan)
+            : null;
         const reportOptions = {
             format: options.format,
             outputPath: options.output,
+            vulnerabilities,
+            scanComparison: comparison,
         };
         await generateReport(result, path, reportOptions);
+        // Save current scan to history
+        if (result.complianceScore) {
+            await saveScanHistory(absolutePath, result.complianceScore.score, result.findings, result.scannedFiles);
+        }
         // Print summary
         const acknowledged = result.findings.filter(f => f.acknowledged && !f.acknowledgment?.expired).length;
         const suppressed = result.findings.filter(f => f.suppressed).length;
@@ -118,6 +146,29 @@ program
         if (high > 0) {
             console.log(chalk.yellow(`  High (new): ${high}`));
         }
+        // Display vulnerability summary if audit was run
+        if (vulnerabilities && vulnerabilities.length > 0) {
+            const vulnCounts = {
+                critical: vulnerabilities.filter(v => v.severity === 'critical').length,
+                high: vulnerabilities.filter(v => v.severity === 'high').length,
+                moderate: vulnerabilities.filter(v => v.severity === 'moderate').length,
+                low: vulnerabilities.filter(v => v.severity === 'low').length,
+            };
+            console.log('\n' + chalk.bold('Dependency Vulnerabilities:'));
+            console.log(`  Total: ${vulnerabilities.length}`);
+            if (vulnCounts.critical > 0) {
+                console.log(chalk.red(`  Critical: ${vulnCounts.critical}`));
+            }
+            if (vulnCounts.high > 0) {
+                console.log(chalk.yellow(`  High: ${vulnCounts.high}`));
+            }
+            if (vulnCounts.moderate > 0) {
+                console.log(chalk.hex('#ca8a04')(`  Moderate: ${vulnCounts.moderate}`));
+            }
+            if (vulnCounts.low > 0) {
+                console.log(chalk.blue(`  Low: ${vulnCounts.low}`));
+            }
+        }
         // Exit with error code if new critical issues found (only if not fixing)
         if (critical > 0 && !options.fix) {
             process.exit(1);
@@ -876,5 +927,496 @@ rulesCommand
         process.exit(1);
     }
 });
+// Marketplace commands
+const marketplaceCommand = program
+    .command('marketplace')
+    .alias('market')
+    .description('Community Rules Marketplace - Share and discover healthcare compliance rules');
+marketplaceCommand
+    .command('search')
+    .description('Search for rules in the marketplace')
+    .argument('[query]', 'Search query (rule name, description, tags)', '')
+    .option('--framework <framework>', 'Filter by compliance framework (hipaa, state-law, payer-specific)')
+    .option('--jurisdiction <state>', 'Filter by state jurisdiction (california, new-york, texas, etc.)')
+    .option('--payer <payer>', 'Filter by payer (medicare, medicaid, bcbs, etc.)')
+    .option('--tech <stack>', 'Filter by tech stack (fhir, hl7, nextjs, etc.)')
+    .option('--verified', 'Show only verified rules')
+    .option('--min-rating <rating>', 'Minimum rating (1-5)', '0')
+    .option('--limit <number>', 'Maximum results to show', '20')
+    .action(async (query, options) => {
+    const spinner = ora('Searching marketplace...').start();
+    try {
+        const { MarketplaceRegistry } = await import('./marketplace/index.js');
+        const registry = new MarketplaceRegistry();
+        const filters = {};
+        if (options.framework)
+            filters.framework = options.framework;
+        if (options.jurisdiction)
+            filters.jurisdiction = options.jurisdiction;
+        if (options.payer)
+            filters.payer = options.payer;
+        if (options.tech)
+            filters.techStack = options.tech;
+        if (options.verified)
+            filters.verified = true;
+        if (options.minRating)
+            filters.minRating = parseFloat(options.minRating);
+        const result = await registry.search(query, filters, 1, parseInt(options.limit));
+        spinner.succeed(`Found ${result.total} rule(s)`);
+        if (result.rules.length === 0) {
+            console.log(chalk.yellow('\nNo rules found matching your criteria.'));
+            console.log(chalk.gray('Try broadening your search or removing filters.'));
+            return;
+        }
+        console.log(chalk.bold('\n📦 Marketplace Rules:\n'));
+        for (const rule of result.rules) {
+            const verified = rule.verified ? chalk.green('✓ Verified') : chalk.gray('Unverified');
+            const rating = '⭐'.repeat(Math.round(rule.rating));
+            console.log(chalk.cyan.bold(`${rule.id}`));
+            console.log(`  ${rule.name} ${verified}`);
+            console.log(chalk.gray(`  ${rule.description}`));
+            console.log(`  ${rating} ${rule.rating.toFixed(1)} (${rule.reviews} reviews) | ${rule.downloads} downloads`);
+            console.log(chalk.gray(`  Author: ${rule.author.name}${rule.author.organization ? ` (${rule.author.organization})` : ''}`));
+            console.log(chalk.gray(`  Framework: ${rule.framework} | Severity: ${rule.severity} | Version: ${rule.version}`));
+            if (rule.jurisdiction) {
+                console.log(chalk.gray(`  Jurisdiction: ${rule.jurisdiction}`));
+            }
+            if (rule.payer) {
+                console.log(chalk.gray(`  Payer: ${rule.payer}`));
+            }
+            console.log(chalk.gray(`  Tags: ${rule.tags.join(', ')}`));
+            console.log('');
+        }
+        console.log(chalk.gray(`\nShowing ${result.rules.length} of ${result.total} results`));
+        console.log(chalk.cyan('\nInstall a rule:') + chalk.white(' vlayer marketplace install <rule-id>'));
+    }
+    catch (error) {
+        spinner.fail('Search failed');
+        console.error(chalk.red(error instanceof Error ? error.message : 'Unknown error'));
+        process.exit(1);
+    }
+});
+marketplaceCommand
+    .command('install')
+    .description('Install a rule from the marketplace')
+    .argument('<rule-id>', 'Rule ID to install')
+    .option('--version <version>', 'Specific version to install')
+    .option('--package', 'Install as a package (collection of rules)')
+    .action(async (ruleId, options) => {
+    const spinner = ora(`Installing ${ruleId}...`).start();
+    try {
+        const { RulesInstaller } = await import('./marketplace/index.js');
+        const installer = new RulesInstaller(process.cwd());
+        if (options.package) {
+            const installed = await installer.installPackage(ruleId);
+            spinner.succeed(`Installed package with ${installed.length} rule(s)`);
+            console.log(chalk.green('\n✓ Package installed successfully!'));
+            console.log(chalk.gray(`\nInstalled rules:`));
+            installed.forEach(r => console.log(chalk.gray(`  • ${r.id} (v${r.version})`)));
+        }
+        else {
+            const installed = await installer.install(ruleId, options.version);
+            spinner.succeed('Rule installed');
+            console.log(chalk.green('\n✓ Rule installed successfully!'));
+            console.log(chalk.gray(`\nRule: ${installed.id}`));
+            console.log(chalk.gray(`Version: ${installed.version}`));
+            console.log(chalk.gray(`Location: .vlayer/marketplace/${installed.id}.yaml`));
+        }
+        console.log(chalk.cyan('\nRun a scan:') + chalk.white(' vlayer scan .'));
+    }
+    catch (error) {
+        spinner.fail('Installation failed');
+        console.error(chalk.red(error instanceof Error ? error.message : 'Unknown error'));
+        process.exit(1);
+    }
+});
+marketplaceCommand
+    .command('list')
+    .description('List installed marketplace rules')
+    .option('--enabled', 'Show only enabled rules')
+    .option('--disabled', 'Show only disabled rules')
+    .action(async (options) => {
+    try {
+        const { RulesInstaller } = await import('./marketplace/index.js');
+        const installer = new RulesInstaller(process.cwd());
+        let installed = await installer.listInstalled();
+        if (options.enabled) {
+            installed = installed.filter(r => r.enabled);
+        }
+        else if (options.disabled) {
+            installed = installed.filter(r => !r.enabled);
+        }
+        if (installed.length === 0) {
+            console.log(chalk.yellow('No marketplace rules installed.'));
+            console.log(chalk.gray('\nSearch for rules:') + chalk.white(' vlayer marketplace search'));
+            return;
+        }
+        console.log(chalk.bold(`\n📦 Installed Rules (${installed.length}):\n`));
+        for (const rule of installed) {
+            const status = rule.enabled ? chalk.green('✓ Enabled') : chalk.gray('○ Disabled');
+            const source = rule.source === 'marketplace' ? chalk.blue('[Marketplace]') : chalk.gray('[Local]');
+            console.log(`${status} ${chalk.cyan(rule.id)} ${source}`);
+            console.log(chalk.gray(`  Version: ${rule.version} | Installed: ${new Date(rule.installedAt).toLocaleDateString()}`));
+            console.log('');
+        }
+        console.log(chalk.gray('Update all:') + chalk.white(' vlayer marketplace update'));
+    }
+    catch (error) {
+        console.error(chalk.red(error instanceof Error ? error.message : 'Unknown error'));
+        process.exit(1);
+    }
+});
+marketplaceCommand
+    .command('update')
+    .description('Update installed rules to latest versions')
+    .option('--dry-run', 'Show what would be updated without installing')
+    .action(async (options) => {
+    const spinner = ora('Checking for updates...').start();
+    try {
+        const { RulesInstaller } = await import('./marketplace/index.js');
+        const installer = new RulesInstaller(process.cwd());
+        const result = await installer.updateAll();
+        spinner.succeed('Update check complete');
+        if (result.updated.length === 0 && result.failed.length === 0) {
+            console.log(chalk.green('\n✓ All rules are up to date!'));
+            return;
+        }
+        if (result.updated.length > 0) {
+            console.log(chalk.green(`\n✓ Updated ${result.updated.length} rule(s):`));
+            result.updated.forEach(id => console.log(chalk.gray(`  • ${id}`)));
+        }
+        if (result.failed.length > 0) {
+            console.log(chalk.red(`\n✗ Failed to update ${result.failed.length} rule(s):`));
+            result.failed.forEach(id => console.log(chalk.gray(`  • ${id}`)));
+        }
+    }
+    catch (error) {
+        spinner.fail('Update failed');
+        console.error(chalk.red(error instanceof Error ? error.message : 'Unknown error'));
+        process.exit(1);
+    }
+});
+marketplaceCommand
+    .command('uninstall')
+    .description('Uninstall a marketplace rule')
+    .argument('<rule-id>', 'Rule ID to uninstall')
+    .action(async (ruleId) => {
+    const spinner = ora(`Uninstalling ${ruleId}...`).start();
+    try {
+        const { RulesInstaller } = await import('./marketplace/index.js');
+        const installer = new RulesInstaller(process.cwd());
+        await installer.uninstall(ruleId);
+        spinner.succeed('Rule uninstalled');
+        console.log(chalk.green(`\n✓ ${ruleId} has been removed.`));
+    }
+    catch (error) {
+        spinner.fail('Uninstall failed');
+        console.error(chalk.red(error instanceof Error ? error.message : 'Unknown error'));
+        process.exit(1);
+    }
+});
+marketplaceCommand
+    .command('featured')
+    .description('Show featured/popular rules')
+    .option('--limit <number>', 'Number of rules to show', '10')
+    .action(async (options) => {
+    const spinner = ora('Loading featured rules...').start();
+    try {
+        const { MarketplaceRegistry } = await import('./marketplace/index.js');
+        const registry = new MarketplaceRegistry();
+        const featured = await registry.getFeatured(parseInt(options.limit));
+        spinner.succeed(`Found ${featured.length} featured rule(s)`);
+        console.log(chalk.bold('\n⭐ Featured Rules:\n'));
+        for (const rule of featured) {
+            const rating = '⭐'.repeat(Math.round(rule.rating));
+            console.log(chalk.cyan.bold(`${rule.id}`));
+            console.log(`  ${rule.name} ${chalk.green('✓')}`);
+            console.log(chalk.gray(`  ${rule.description}`));
+            console.log(`  ${rating} ${rule.rating.toFixed(1)} | ${rule.downloads} downloads`);
+            console.log(chalk.gray(`  ${rule.framework} • ${rule.category} • ${rule.severity}`));
+            console.log('');
+        }
+        console.log(chalk.cyan('\nInstall:') + chalk.white(' vlayer marketplace install <rule-id>'));
+    }
+    catch (error) {
+        spinner.fail('Failed to load featured rules');
+        console.error(chalk.red(error instanceof Error ? error.message : 'Unknown error'));
+        process.exit(1);
+    }
+});
+marketplaceCommand
+    .command('stats')
+    .description('Show marketplace statistics')
+    .action(async () => {
+    const spinner = ora('Loading marketplace stats...').start();
+    try {
+        const { MarketplaceRegistry } = await import('./marketplace/index.js');
+        const registry = new MarketplaceRegistry();
+        const metadata = await registry.getMetadata();
+        spinner.succeed('Stats loaded');
+        console.log(chalk.bold('\n📊 Marketplace Statistics:\n'));
+        console.log(`Total Rules: ${chalk.cyan(metadata.totalRules)}`);
+        console.log(`Total Packages: ${chalk.cyan(metadata.totalPackages)}`);
+        console.log('');
+        console.log(chalk.bold('Rules by Framework:'));
+        Object.entries(metadata.frameworks)
+            .sort(([, a], [, b]) => b - a)
+            .forEach(([framework, count]) => {
+            console.log(`  ${framework}: ${chalk.cyan(count)}`);
+        });
+        console.log('');
+        console.log(chalk.bold('Rules by Category:'));
+        Object.entries(metadata.categories)
+            .sort(([, a], [, b]) => b - a)
+            .forEach(([category, count]) => {
+            console.log(`  ${category}: ${chalk.cyan(count)}`);
+        });
+        console.log('');
+        console.log(chalk.bold('Top Contributors:'));
+        metadata.topContributors.slice(0, 5).forEach((contributor, i) => {
+            console.log(`  ${i + 1}. ${contributor.name}`);
+            console.log(chalk.gray(`     ${contributor.rulesPublished} rules | ${contributor.downloads} downloads`));
+        });
+        console.log('');
+        console.log(chalk.gray('Search rules:') + chalk.white(' vlayer marketplace search'));
+    }
+    catch (error) {
+        spinner.fail('Failed to load stats');
+        console.error(chalk.red(error instanceof Error ? error.message : 'Unknown error'));
+        process.exit(1);
+    }
+});
+// Templates commands
+const templatesCommand = program
+    .command('templates')
+    .description('Export compliance document templates');
+templatesCommand
+    .command('export')
+    .description('Export a compliance document template')
+    .argument('<template>', 'Template name: baa, physical, irp, npp, security-officer')
+    .option('-o, --output <path>', 'Output file path')
+    .action(async (template, options) => {
+    try {
+        const validTemplates = ['baa', 'physical', 'irp', 'npp', 'security-officer'];
+        if (!validTemplates.includes(template)) {
+            console.error(chalk.red(`Unknown template: ${template}`));
+            console.log(chalk.yellow('\nAvailable templates:'));
+            console.log(chalk.gray('  • baa - Business Associate Agreement Verification Letter'));
+            console.log(chalk.gray('  • physical - Physical Safeguards Checklist'));
+            console.log(chalk.gray('  • irp - Incident Response Plan'));
+            console.log(chalk.gray('  • npp - Notice of Privacy Practices'));
+            console.log(chalk.gray('  • security-officer - Security Officer Designation'));
+            process.exit(1);
+        }
+        // Read template file
+        const { readFile: fsReadFile } = await import('fs/promises');
+        const { fileURLToPath } = await import('url');
+        const { dirname, join } = await import('path');
+        // Get the directory of the current module
+        const __filename = fileURLToPath(import.meta.url);
+        const __dirname = dirname(__filename);
+        // Map template names to file names
+        const templateFiles = {
+            'baa': 'baa-verification-letter.md',
+            'physical': 'physical-safeguards-checklist.md',
+            'irp': 'irp.md',
+            'npp': 'notice-of-privacy-practices.md',
+            'security-officer': 'security-officer-designation.md',
+        };
+        const templateFileName = templateFiles[template];
+        const templatePath = join(__dirname, '..', 'templates', templateFileName);
+        const templateContent = await fsReadFile(templatePath, 'utf-8');
+        // Determine output path
+        const outputPath = options.output || `./${templateFileName}`;
+        // Write template to output location
+        await writeFile(outputPath, templateContent, 'utf-8');
+        console.log(chalk.green(`\n✓ Template exported successfully!`));
+        console.log(chalk.cyan(`\nFile: ${outputPath}`));
+        // Provide template-specific instructions
+        if (template === 'baa') {
+            console.log(chalk.gray('\nNext steps:'));
+            console.log(chalk.gray('  1. Open the file and fill in the bracketed placeholders:'));
+            console.log(chalk.gray('     [BA COMPANY NAME], [DATE], [SCORE], etc.'));
+            console.log(chalk.gray('  2. Check all applicable boxes (☐ → ☑)'));
+            console.log(chalk.gray('  3. Attach your vlayer compliance report as Exhibit A'));
+            console.log(chalk.gray('  4. Have both parties sign and date'));
+            console.log(chalk.gray('  5. Retain for 6 years per HIPAA requirements\n'));
+        }
+        else if (template === 'physical') {
+            console.log(chalk.gray('\nNext steps:'));
+            console.log(chalk.gray('  1. Review Section A (Remote/Cloud) - applies to ALL organizations'));
+            console.log(chalk.gray('  2. Review Section B (Physical Office) - only if you have a physical location'));
+            console.log(chalk.gray('  3. Check all applicable boxes (☐ → ☑)'));
+            console.log(chalk.gray('  4. Fill in verification details and dates'));
+            console.log(chalk.gray('  5. Complete remediation plan for non-compliant items'));
+            console.log(chalk.gray('  6. Sign and date the attestation'));
+            console.log(chalk.gray('  7. Retain for 6 years per HIPAA requirements\n'));
+        }
+        else if (template === 'irp') {
+            console.log(chalk.gray('\nNext steps:'));
+            console.log(chalk.gray('  1. Fill in organization and IRT contact information'));
+            console.log(chalk.gray('  2. Customize severity levels and response times for your organization'));
+            console.log(chalk.gray('  3. Update external contact information (HHS, FBI, insurance, etc.)'));
+            console.log(chalk.gray('  4. Review and customize incident response procedures'));
+            console.log(chalk.gray('  5. Obtain executive approval and signatures'));
+            console.log(chalk.gray('  6. Distribute to all IRT members'));
+            console.log(chalk.gray('  7. Schedule quarterly drills and annual updates\n'));
+        }
+        else if (template === 'npp') {
+            console.log(chalk.gray('\nNext steps:'));
+            console.log(chalk.gray('  1. Replace all [PLACEHOLDERS] with your organization\'s information'));
+            console.log(chalk.gray('  2. Review 2024 updates: 15-day timeline, in-person inspection rights'));
+            console.log(chalk.gray('  3. Customize uses and disclosures to match your practices'));
+            console.log(chalk.gray('  4. Review with healthcare attorney for state-specific requirements'));
+            console.log(chalk.gray('  5. Have Privacy Officer approve the final version'));
+            console.log(chalk.gray('  6. Post prominently in your facility and on website'));
+            console.log(chalk.gray('  7. Provide to all patients and obtain signed acknowledgment\n'));
+        }
+        else if (template === 'security-officer') {
+            console.log(chalk.gray('\nNext steps:'));
+            console.log(chalk.gray('  1. Fill in Security Officer name and contact information'));
+            console.log(chalk.gray('  2. Customize responsibilities and authorities for your organization'));
+            console.log(chalk.gray('  3. Define budget, resources, and staff allocation'));
+            console.log(chalk.gray('  4. Identify backup/interim Security Officers'));
+            console.log(chalk.gray('  5. Obtain executive signature (CEO/COO)'));
+            console.log(chalk.gray('  6. Obtain Security Officer signature accepting designation'));
+            console.log(chalk.gray('  7. Distribute to stakeholders and HR\n'));
+        }
+    }
+    catch (error) {
+        console.error(chalk.red(error instanceof Error ? error.message : 'Unknown error'));
+        process.exit(1);
+    }
+});
+templatesCommand
+    .command('list')
+    .description('List available templates')
+    .action(() => {
+    console.log(chalk.bold('\n📄 Available Compliance Templates:\n'));
+    console.log(chalk.cyan('baa') + chalk.gray(' - Business Associate Agreement Verification Letter'));
+    console.log(chalk.gray('  Annual security verification letter for HIPAA Business Associates'));
+    console.log(chalk.gray('  Includes technical safeguards checklist and compliance report attachment'));
+    console.log(chalk.gray('  Usage: vlayer templates export baa\n'));
+    console.log(chalk.cyan('physical') + chalk.gray(' - Physical Safeguards Checklist'));
+    console.log(chalk.gray('  HIPAA Physical Safeguards compliance checklist (§164.310)'));
+    console.log(chalk.gray('  Section A: Remote/Cloud setup | Section B: Physical office controls'));
+    console.log(chalk.gray('  Usage: vlayer templates export physical\n'));
+    console.log(chalk.cyan('irp') + chalk.gray(' - Incident Response Plan'));
+    console.log(chalk.gray('  Complete incident response procedures and breach notification guidelines'));
+    console.log(chalk.gray('  Includes IRT roles, severity levels, 5-phase response, and HIPAA timeline'));
+    console.log(chalk.gray('  Usage: vlayer templates export irp\n'));
+    console.log(chalk.cyan('npp') + chalk.gray(' - Notice of Privacy Practices'));
+    console.log(chalk.gray('  HIPAA §164.520 compliant patient notice (includes 2024 updates)'));
+    console.log(chalk.gray('  15-day access timeline, in-person inspection rights, electronic copy'));
+    console.log(chalk.gray('  Usage: vlayer templates export npp\n'));
+    console.log(chalk.cyan('security-officer') + chalk.gray(' - Security Officer Designation'));
+    console.log(chalk.gray('  Official HIPAA §164.308(a)(2) required designation document'));
+    console.log(chalk.gray('  Defines responsibilities, authorities, reporting structure, and signatures'));
+    console.log(chalk.gray('  Usage: vlayer templates export security-officer\n'));
+});
+program
+    .command('history')
+    .description('Show scan history with compliance scores over time')
+    .argument('[path]', 'Path to the project', '.')
+    .option('-l, --limit <number>', 'Maximum number of scans to show', '10')
+    .action(async (path, options) => {
+    const absolutePath = resolve(path);
+    try {
+        const { getAllScans, formatHistoryDate } = await import('./utils/scan-history.js');
+        const scans = await getAllScans(absolutePath);
+        if (scans.length === 0) {
+            console.log(chalk.yellow('\nNo scan history found.'));
+            console.log(chalk.gray('Run `vlayer scan .` to create your first scan history entry.\n'));
+            return;
+        }
+        const limit = parseInt(options.limit);
+        const displayScans = scans.slice(0, limit);
+        console.log(chalk.bold('\n📊 Scan History\n'));
+        console.log(chalk.gray(`Showing ${displayScans.length} of ${scans.length} scan(s)\n`));
+        // Find max and min scores for context
+        const scores = scans.map(s => s.complianceScore);
+        const maxScore = Math.max(...scores);
+        const minScore = Math.min(...scores);
+        for (let i = 0; i < displayScans.length; i++) {
+            const scan = displayScans[i];
+            const prevScan = i < scans.length - 1 ? scans[i + 1] : null;
+            const scoreChange = prevScan ? scan.complianceScore - prevScan.complianceScore : 0;
+            const scoreColor = scan.complianceScore >= 90 ? chalk.green
+                : scan.complianceScore >= 70 ? chalk.yellow
+                    : chalk.red;
+            const changeArrow = scoreChange > 0 ? chalk.green('↑')
+                : scoreChange < 0 ? chalk.red('↓')
+                    : chalk.gray('→');
+            const changeStr = prevScan
+                ? ` (${scoreChange >= 0 ? '+' : ''}${scoreChange}) ${changeArrow}`
+                : '';
+            const date = formatHistoryDate(scan.date);
+            const isBest = scan.complianceScore === maxScore;
+            const isWorst = scan.complianceScore === minScore;
+            console.log(chalk.cyan(date) +
+                '  ' +
+                scoreColor.bold(`${scan.complianceScore}/100`) +
+                changeStr +
+                (isBest ? chalk.green.bold(' 🏆 Best') : '') +
+                (isWorst ? chalk.red(' ⚠️ Lowest') : ''));
+            // Show severity breakdown
+            const severityStr = [
+                scan.severity.critical > 0 ? chalk.red(`${scan.severity.critical}C`) : null,
+                scan.severity.high > 0 ? chalk.yellow(`${scan.severity.high}H`) : null,
+                scan.severity.medium > 0 ? chalk.hex('#ca8a04')(`${scan.severity.medium}M`) : null,
+                scan.severity.low > 0 ? chalk.blue(`${scan.severity.low}L`) : null,
+            ].filter(Boolean).join(' ');
+            if (severityStr) {
+                console.log(chalk.gray(`         Issues: ${severityStr}  •  Files: ${scan.totalFilesScanned}`));
+            }
+            else {
+                console.log(chalk.gray(`         No active issues  •  Files: ${scan.totalFilesScanned}`));
+            }
+            console.log('');
+        }
+        if (scans.length > limit) {
+            console.log(chalk.gray(`Use --limit ${scans.length} to see all scans\n`));
+        }
+        // Show statistics
+        const avgScore = Math.round(scores.reduce((a, b) => a + b, 0) / scores.length);
+        const trend = scans.length > 1
+            ? scans[0].complianceScore - scans[scans.length - 1].complianceScore
+            : 0;
+        console.log(chalk.bold('Statistics:'));
+        console.log(`  Total scans: ${scans.length}`);
+        console.log(`  Average score: ${avgScore}/100`);
+        console.log(`  Best score: ${chalk.green(maxScore)}/100`);
+        console.log(`  Lowest score: ${chalk.red(minScore)}/100`);
+        if (trend !== 0) {
+            const trendColor = trend > 0 ? chalk.green : chalk.red;
+            const trendArrow = trend > 0 ? '↑' : '↓';
+            console.log(`  Overall trend: ${trendColor(`${trend >= 0 ? '+' : ''}${trend} ${trendArrow}`)}`);
+        }
+        console.log('');
+    }
+    catch (error) {
+        console.error(chalk.red(error instanceof Error ? error.message : 'Unknown error'));
+        process.exit(1);
+    }
+});
+program
+    .command('training')
+    .description('Interactive HIPAA security training for developers')
+    .option('--status', 'Show training completion status')
+    .action(async (options) => {
+    try {
+        const { runTraining, showTrainingStatus } = await import('./training/index.js');
+        if (options.status) {
+            await showTrainingStatus();
+        }
+        else {
+            await runTraining();
+        }
+    }
+    catch (error) {
+        console.error(chalk.red(error instanceof Error ? error.message : 'Unknown error'));
+        process.exit(1);
+    }
+});
 program.parse();
 //# sourceMappingURL=cli.js.map