vibecheck-ai 2.0.1 → 5.0.0

package/bin/runners/runPacks.js

@@ -0,0 +1,2089 @@
+/**
+ * vibecheck packs - Unified Artifact Factory V2
+ * 
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * ENTERPRISE-GRADE ARTIFACT BUNDLING
+ * "One command to produce a ZIP bundle + manifest + HTML index"
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * 
+ * Consolidates all artifact generation into a single command:
+ * 
+ *   • EVIDENCE     - Videos, traces, screenshots, HAR files
+ *   • PERMISSIONS  - AuthZ matrix, role-based permission mapping
+ *   • PROOF-GRAPH  - Verification coverage and proof chains
+ *   • REPORTS      - HTML, Markdown, SARIF, CSV, PDF
+ *   • BUNDLE       - All-in-one shareable evidence bundle (V2)
+ * 
+ * V2 Features:
+ *   - Stable naming scheme, reproducible builds
+ *   - Cross-links to ship/reality/shield receipts
+ *   - Unified manifest schema with build fingerprints
+ *   - HTML index for all packs
+ * 
+ * @module runPacks
+ * @version 5.0.0
+ * @license MIT
+ */
+
+"use strict";
+
+const path = require("path");
+const fs = require("fs");
+const crypto = require("crypto");
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// LAZY IMPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+let _globalFlags = null;
+let _exitCodes = null;
+let _cliOutput = null;
+
+function getGlobalFlags() {
+  if (!_globalFlags) {
+    _globalFlags = require("./lib/global-flags");
+  }
+  return _globalFlags;
+}
+
+function getExitCodes() {
+  if (!_exitCodes) {
+    _exitCodes = require("./lib/exit-codes");
+  }
+  return _exitCodes;
+}
+
+function getCliOutput() {
+  if (!_cliOutput) {
+    _cliOutput = require("./lib/unified-cli-output");
+  }
+  return _cliOutput;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// UNDERLYING IMPLEMENTATIONS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const implementations = {
+  evidencePack: null,
+  report: null,
+};
+
+function loadImplementation(name) {
+  if (implementations[name] !== null) return implementations[name];
+  
+  try {
+    switch (name) {
+      case "evidencePack":
+        implementations[name] = require("./runEvidencePack").runEvidencePack;
+        break;
+      case "report":
+        implementations[name] = require("./runReport").runReport;
+        break;
+      default:
+        implementations[name] = false;
+    }
+  } catch (e) {
+    implementations[name] = false;
+  }
+  
+  return implementations[name];
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// V2 PACKS MODULES (Lazy Loaded)
+// ═══════════════════════════════════════════════════════════════════════════════
+
+let _packFactory = null;
+let _permissionsPack = null;
+let _proofGraphPack = null;
+let _evidencePackV2 = null;
+let _bundlePack = null;
+
+function getPackFactory() {
+  if (!_packFactory) {
+    try {
+      _packFactory = require("./lib/packs/pack-factory");
+    } catch (e) {
+      _packFactory = false;
+    }
+  }
+  return _packFactory;
+}
+
+function getPermissionsPack() {
+  if (!_permissionsPack) {
+    try {
+      _permissionsPack = require("./lib/packs/permissions-pack");
+    } catch (e) {
+      _permissionsPack = false;
+    }
+  }
+  return _permissionsPack;
+}
+
+function getProofGraphPack() {
+  if (!_proofGraphPack) {
+    try {
+      _proofGraphPack = require("./lib/packs/proof-graph-pack");
+    } catch (e) {
+      _proofGraphPack = false;
+    }
+  }
+  return _proofGraphPack;
+}
+
+function getEvidencePackV2() {
+  if (!_evidencePackV2) {
+    try {
+      _evidencePackV2 = require("./lib/packs/evidence-pack");
+    } catch (e) {
+      _evidencePackV2 = false;
+    }
+  }
+  return _evidencePackV2;
+}
+
+function getBundlePack() {
+  if (!_bundlePack) {
+    try {
+      _bundlePack = require("./lib/packs/bundle");
+    } catch (e) {
+      _bundlePack = false;
+    }
+  }
+  return _bundlePack;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// CONSTANTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const PACKS_VERSION = "5.0.0";
+
+const SUBCOMMANDS = {
+  bundle: {
+    description: "All-in-one ZIP bundle + manifest + HTML index (V2)",
+    pro: false,
+    formats: ["zip", "dir"],
+  },
+  evidence: { 
+    description: "Bundle videos, traces, screenshots, HAR files", 
+    pro: false,
+    formats: ["pack", "zip"],
+  },
+  permissions: { 
+    description: "AuthZ matrix, roles, protected routes", 
+    pro: false,
+    formats: ["json", "html", "md"],
+  },
+  graph: { 
+    description: "Proof graph with receipt cross-links", 
+    pro: false,
+    formats: ["json", "dot", "mermaid", "html"],
+  },
+  report: { 
+    description: "Generate HTML/MD/SARIF/CSV/PDF reports", 
+    pro: false,
+    formats: ["html", "md", "json", "sarif", "csv", "pdf"],
+  },
+  manifest: {
+    description: "List all available artifacts",
+    pro: false,
+    formats: ["json", "table"],
+  },
+  launch: {
+    description: "Bundle launch validation results for team sharing",
+    pro: false,
+    formats: ["zip", "json", "md"],
+  },
+  list: {
+    description: "List existing packs and bundles",
+    pro: false,
+    formats: ["json", "table"],
+  },
+  cleanup: {
+    description: "Remove old packs (keeps 5 most recent)",
+    pro: false,
+    formats: ["json"],
+  },
+};
+
+const GRAPH_QUERIES = {
+  all: "All nodes and edges",
+  unexecuted: "Nodes never executed at runtime",
+  "unhit-routes": "Routes never called",
+  "dead-ui": "UI elements with no handlers",
+  gaps: "Missing connections (proof gaps)",
+};
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// HELP SYSTEM
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function printHelp(detailed = false) {
+  const cli = getCliOutput();
+  const { ansi, renderMinimalHeader } = cli;
+  
+  // Print unified header
+  renderMinimalHeader("packs", "free");
+  
+  console.log(`  ${ansi.bold}ARTIFACT PACKS V2${ansi.reset}
+  ${ansi.dim}One command to produce ZIP bundle + manifest + HTML index${ansi.reset}
+
+  ${ansi.bold}USAGE${ansi.reset}
+    ${ansi.cyan}vibecheck packs${ansi.reset} [subcommand] [options]
+
+  ${ansi.dim}Generate shareable evidence bundles with stable naming and reproducible builds.
+  Cross-links to ship/reality/shield receipts for complete audit trails.${ansi.reset}
+
+  ${ansi.bold}SUBCOMMANDS${ansi.reset}`);
+
+  const maxLen = Math.max(...Object.keys(SUBCOMMANDS).map(k => k.length));
+  for (const [name, info] of Object.entries(SUBCOMMANDS)) {
+    const proTag = info.pro ? `${ansi.magenta}PRO${ansi.reset} ` : "    ";
+    console.log(`    ${ansi.cyan}${name.padEnd(maxLen + 2)}${ansi.reset}${proTag}${info.description}`);
+  }
+
+  console.log(`
+  ${ansi.bold}BUNDLE OPTIONS (V2)${ansi.reset}
+    ${ansi.cyan}--output, -o <path>${ansi.reset}     Output directory
+    ${ansi.cyan}--no-zip${ansi.reset}                Create directory instead of ZIP
+    ${ansi.cyan}--no-evidence${ansi.reset}           Exclude evidence pack
+    ${ansi.cyan}--no-permissions${ansi.reset}        Exclude permissions pack
+    ${ansi.cyan}--no-graph${ansi.reset}              Exclude proof graph pack
+    ${ansi.cyan}--no-report${ansi.reset}             Exclude report pack
+
+  ${ansi.bold}EVIDENCE OPTIONS${ansi.reset}
+    ${ansi.cyan}--output, -o <path>${ansi.reset}     Output directory
+    ${ansi.cyan}--run-id <id>${ansi.reset}           Bundle specific run
+    ${ansi.cyan}--zip${ansi.reset}                   Create ZIP bundle
+
+  ${ansi.bold}PERMISSIONS OPTIONS${ansi.reset}
+    ${ansi.cyan}--output, -o <path>${ansi.reset}     Output directory
+    ${ansi.cyan}--zip${ansi.reset}                   Create ZIP bundle
+
+  ${ansi.bold}GRAPH OPTIONS${ansi.reset}
+    ${ansi.cyan}--output, -o <path>${ansi.reset}     Output directory
+    ${ansi.cyan}--zip${ansi.reset}                   Create ZIP bundle
+
+  ${ansi.bold}REPORT OPTIONS${ansi.reset}
+    ${ansi.cyan}--format <fmt>${ansi.reset}          Output format: html, md, json, sarif, csv, pdf
+    ${ansi.cyan}--type <type>${ansi.reset}           Report type: executive, technical, compliance
+    ${ansi.cyan}--output, -o <path>${ansi.reset}     Output file path
+    ${ansi.cyan}--open${ansi.reset}                  Open report in browser
+
+  ${ansi.bold}CLEANUP OPTIONS${ansi.reset}
+    ${ansi.cyan}--keep <n>${ansi.reset}              Number of bundles to keep (default: 5)
+    ${ansi.cyan}--max-age <days>${ansi.reset}        Max age in days (default: 30)
+
+  ${ansi.bold}GENERAL OPTIONS${ansi.reset}
+    ${ansi.cyan}--json${ansi.reset}                  Output as JSON (CI integration)
+    ${ansi.cyan}--quiet, -q${ansi.reset}             Suppress non-essential output
+    ${ansi.cyan}--verbose, -v${ansi.reset}           Show detailed output
+    ${ansi.cyan}--help, -h${ansi.reset}              Show this help
+
+  ${ansi.bold}EXAMPLES${ansi.reset}
+    ${ansi.dim}# Create all-in-one evidence bundle (default)${ansi.reset}
+    vibecheck packs
+
+    ${ansi.dim}# Create bundle with specific components${ansi.reset}
+    vibecheck packs bundle --no-report
+
+    ${ansi.dim}# Generate permissions/AuthZ matrix${ansi.reset}
+    vibecheck packs permissions
+
+    ${ansi.dim}# Generate proof graph with visualizations${ansi.reset}
+    vibecheck packs graph
+
+    ${ansi.dim}# Bundle evidence with ZIP${ansi.reset}
+    vibecheck packs evidence --zip
+
+    ${ansi.dim}# Generate HTML report${ansi.reset}
+    vibecheck packs report --format html --open
+
+    ${ansi.dim}# List existing packs${ansi.reset}
+    vibecheck packs list
+
+    ${ansi.dim}# Clean up old packs${ansi.reset}
+    vibecheck packs cleanup`);
+
+  if (detailed) {
+    console.log(`
+  ${ansi.bold}GRAPH QUERIES${ansi.reset}`);
+    for (const [query, desc] of Object.entries(GRAPH_QUERIES)) {
+      console.log(`    ${ansi.cyan}${query.padEnd(16)}${ansi.reset} ${desc}`);
+    }
+    
+    console.log(`
+  ${ansi.bold}OUTPUT LOCATIONS${ansi.reset}
+    ${ansi.dim}Evidence Packs:${ansi.reset}  .vibecheck/evidence-packs/<pack-id>/
+    ${ansi.dim}Reports:${ansi.reset}         .vibecheck/reports/
+    ${ansi.dim}Graphs:${ansi.reset}          .vibecheck/graphs/
+    ${ansi.dim}Manifests:${ansi.reset}       .vibecheck/manifests/`);
+  }
+
+  console.log(`
+  ${ansi.bold}EXIT CODES${ansi.reset}
+    ${ansi.green}0${ansi.reset}  Success
+    ${ansi.yellow}1${ansi.reset}  No data found
+    ${ansi.red}2${ansi.reset}  Generation failed
+    ${ansi.red}4${ansi.reset}  Invalid arguments
+
+  ${ansi.dim}────────────────────────────────────────────────────────────────────${ansi.reset}
+  ${ansi.dim}Documentation: https://docs.vibecheckai.dev/cli/packs${ansi.reset}
+  ${ansi.dim}Version: ${PACKS_VERSION}${ansi.reset}
+`);
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// MAIN ENTRY POINT
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Main packs command handler
+ * 
+ * @param {string[]} args - Command arguments
+ * @param {Object} context - Execution context
+ * @returns {Promise<number>} Exit code
+ */
+async function runPacks(args = [], context = {}) {
+  const { parseGlobalFlags, shouldSuppressOutput, isJsonMode } = getGlobalFlags();
+  const { EXIT } = getExitCodes();
+  
+  const { flags: globalFlags, cleanArgs } = parseGlobalFlags(args);
+  const quiet = shouldSuppressOutput(globalFlags);
+  const json = isJsonMode(globalFlags) || args.includes("--json");
+  const verbose = args.includes("--verbose") || args.includes("-v");
+  const projectRoot = context.repoRoot || globalFlags.path || process.cwd();
+  
+  // Parse subcommand
+  const subcommand = cleanArgs[0];
+  const subArgs = cleanArgs.slice(1);
+  
+  // Handle help
+  if (globalFlags.help || args.includes("--help") || args.includes("-h")) {
+    if (!subcommand || ["--help", "-h"].includes(subcommand)) {
+      printHelp(verbose);
+      return EXIT.SUCCESS;
+    }
+  }
+
+  // Create execution context
+  const execContext = {
+    projectRoot,
+    json,
+    quiet,
+    verbose,
+    args: subArgs,
+    originalArgs: args,
+    startTime: Date.now(),
+  };
+
+  try {
+    // Route to appropriate handler
+    switch (subcommand) {
+      case "bundle":
+        return await handleBundle(execContext);
+        
+      case "evidence":
+        return await handleEvidenceV2(execContext);
+        
+      case "permissions":
+        return await handlePermissionsV2(execContext);
+        
+      case "graph":
+        return await handleGraphV2(execContext);
+        
+      case "report":
+        return await handleReport(execContext);
+        
+      case "manifest":
+        return await handleManifest(execContext);
+        
+      case "launch":
+        return await handleLaunch(execContext);
+      
+      case "list":
+        return await handleList(execContext);
+        
+      case "cleanup":
+        return await handleCleanup(execContext);
+        
+      default:
+        // Default to bundle if no subcommand
+        if (!subcommand) {
+          return await handleBundle({ ...execContext, args: cleanArgs });
+        }
+        
+        // If it looks like a flag, pass to bundle
+        if (subcommand.startsWith("--")) {
+          return await handleBundle({ ...execContext, args: cleanArgs });
+        }
+        
+        return handleUnknownSubcommand(subcommand, execContext);
+    }
+  } catch (error) {
+    return handleError(error, execContext);
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// SUBCOMMAND HANDLERS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Handle evidence subcommand
+ */
+async function handleEvidence(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderMinimalHeader, renderSectionHeader, renderSuccess, renderWarning, sym, Spinner } = getCliOutput();
+  
+  const runEvidencePack = loadImplementation("evidencePack");
+  
+  if (!ctx.json && !ctx.quiet) {
+    renderMinimalHeader("packs", "free");
+    renderSectionHeader("Evidence Pack Generation", sym.pack);
+  }
+  
+  if (runEvidencePack) {
+    // Delegate to existing implementation
+    return await runEvidencePack(ctx.originalArgs);
+  }
+  
+  // Fallback implementation
+  const spinner = !ctx.quiet && !ctx.json ? new Spinner("Collecting evidence artifacts").start() : null;
+  
+  try {
+    const packId = `pack-${Date.now()}-${crypto.randomBytes(4).toString("hex")}`;
+    const outputDir = getArgValue(ctx.args, "--output") || getArgValue(ctx.args, "-o") || 
+                      path.join(ctx.projectRoot, ".vibecheck", "evidence-packs", packId);
+    
+    // Collect artifacts
+    const artifacts = await collectArtifacts(ctx.projectRoot, ctx.args);
+    
+    if (artifacts.count === 0) {
+      spinner?.warn("No artifacts found");
+      
+      if (ctx.json) {
+        console.log(JSON.stringify({ success: false, packId, artifacts: [], message: "No artifacts found" }));
+      } else if (!ctx.quiet) {
+        renderWarning("No evidence artifacts found");
+        console.log(`
+  ${ansi.dim}Run verification commands first to generate artifacts:${ansi.reset}
+    ${ansi.cyan}vibecheck prove --url http://localhost:3000${ansi.reset}
+    ${ansi.cyan}vibecheck reality --url http://localhost:3000${ansi.reset}
+`);
+      }
+      return EXIT.NOT_FOUND;
+    }
+    
+    // Create pack directory
+    fs.mkdirSync(outputDir, { recursive: true });
+    
+    // Copy artifacts
+    for (const artifact of artifacts.items) {
+      const destPath = path.join(outputDir, artifact.type, artifact.name);
+      fs.mkdirSync(path.dirname(destPath), { recursive: true });
+      fs.copyFileSync(artifact.source, destPath);
+    }
+    
+    // Generate manifest
+    const manifest = {
+      id: packId,
+      version: PACKS_VERSION,
+      generated: new Date().toISOString(),
+      projectRoot: ctx.projectRoot,
+      artifacts: artifacts.items.map(a => ({
+        type: a.type,
+        name: a.name,
+        size: a.size,
+        hash: a.hash,
+      })),
+      summary: artifacts.summary,
+    };
+    
+    // Add signature if requested
+    if (ctx.args.includes("--sign")) {
+      manifest.signature = {
+        algorithm: "sha256",
+        hash: crypto.createHash("sha256").update(JSON.stringify(manifest)).digest("hex"),
+      };
+    }
+    
+    fs.writeFileSync(path.join(outputDir, "manifest.json"), JSON.stringify(manifest, null, 2));
+    
+    // Generate HTML viewer
+    const htmlViewer = generateHtmlViewer(manifest);
+    fs.writeFileSync(path.join(outputDir, "index.html"), htmlViewer);
+    
+    spinner?.succeed(`Evidence pack created: ${packId}`);
+    
+    if (ctx.json) {
+      console.log(JSON.stringify({
+        success: true,
+        packId,
+        outputDir,
+        manifest,
+      }, null, 2));
+    } else if (!ctx.quiet) {
+      console.log(`
+  ${ansi.bold}Pack Contents${ansi.reset}
+    ${ansi.dim}Videos:${ansi.reset}      ${artifacts.summary.videos || 0}
+    ${ansi.dim}Traces:${ansi.reset}      ${artifacts.summary.traces || 0}
+    ${ansi.dim}Screenshots:${ansi.reset} ${artifacts.summary.screenshots || 0}
+    ${ansi.dim}HAR Files:${ansi.reset}   ${artifacts.summary.har || 0}
+    ${ansi.dim}Reports:${ansi.reset}     ${artifacts.summary.reports || 0}
+
+  ${ansi.bold}Output${ansi.reset}
+    ${ansi.dim}Directory:${ansi.reset}   ${outputDir}
+    ${ansi.dim}Viewer:${ansi.reset}      ${path.join(outputDir, "index.html")}
+`);
+    }
+    
+    return EXIT.SUCCESS;
+  } catch (error) {
+    spinner?.fail("Failed to create evidence pack");
+    throw error;
+  }
+}
+
+/**
+ * Handle report subcommand
+ */
+async function handleReport(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderMinimalHeader, renderSectionHeader, sym } = getCliOutput();
+  
+  const runReport = loadImplementation("report");
+  
+  if (!ctx.json && !ctx.quiet) {
+    renderMinimalHeader("packs", "free");
+    renderSectionHeader("Report Generation", sym.file);
+  }
+  
+  if (runReport) {
+    // Delegate to existing implementation
+    return await runReport(ctx.originalArgs);
+  }
+  
+  // Fallback: basic report generation
+  const format = getArgValue(ctx.args, "--format") || "html";
+  const output = getArgValue(ctx.args, "--output") || getArgValue(ctx.args, "-o");
+  const reportType = getArgValue(ctx.args, "--type") || "technical";
+  
+  // Load scan data
+  const scanPath = path.join(ctx.projectRoot, ".vibecheck", "scan", "last_scan.json");
+  let scanData = { findings: [], summary: {} };
+  
+  if (fs.existsSync(scanPath)) {
+    try {
+      scanData = JSON.parse(fs.readFileSync(scanPath, "utf-8"));
+    } catch {
+      // Use defaults
+    }
+  }
+  
+  const report = {
+    type: reportType,
+    format,
+    generated: new Date().toISOString(),
+    version: PACKS_VERSION,
+    summary: {
+      total: scanData.findings?.length || 0,
+      critical: scanData.findings?.filter(f => f.severity === "critical").length || 0,
+      high: scanData.findings?.filter(f => f.severity === "high").length || 0,
+      medium: scanData.findings?.filter(f => f.severity === "medium").length || 0,
+      low: scanData.findings?.filter(f => f.severity === "low").length || 0,
+    },
+    findings: scanData.findings || [],
+  };
+  
+  let outputContent;
+  switch (format) {
+    case "json":
+      outputContent = JSON.stringify(report, null, 2);
+      break;
+    case "sarif":
+      outputContent = generateSarif(report);
+      break;
+    case "md":
+      outputContent = generateMarkdownReport(report);
+      break;
+    case "html":
+    default:
+      outputContent = generateHtmlReport(report);
+      break;
+  }
+  
+  if (output) {
+    const outputPath = path.isAbsolute(output) ? output : path.join(ctx.projectRoot, output);
+    fs.mkdirSync(path.dirname(outputPath), { recursive: true });
+    fs.writeFileSync(outputPath, outputContent);
+    
+    if (ctx.json) {
+      console.log(JSON.stringify({ success: true, path: outputPath, format, type: reportType }));
+    } else if (!ctx.quiet) {
+      console.log(`
+  ${ansi.green}✓${ansi.reset} Report generated: ${outputPath}
+  
+  ${ansi.dim}Format: ${format} | Type: ${reportType}${ansi.reset}
+  ${ansi.dim}Findings: ${report.summary.total} (${report.summary.critical} critical, ${report.summary.high} high)${ansi.reset}
+`);
+      
+      if (ctx.args.includes("--open")) {
+        const open = require("open");
+        open(outputPath);
+      }
+    }
+  } else {
+    console.log(outputContent);
+  }
+  
+  return EXIT.SUCCESS;
+}
+
+/**
+ * Handle graph subcommand
+ */
+async function handleGraph(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderMinimalHeader, renderSectionHeader, renderWarning, sym, Spinner } = getCliOutput();
+  
+  const format = getArgValue(ctx.args, "--format") || "json";
+  const output = getArgValue(ctx.args, "--output") || getArgValue(ctx.args, "-o");
+  const query = getArgValue(ctx.args, "--query");
+  const depth = parseInt(getArgValue(ctx.args, "--depth") || "0", 10);
+  
+  if (!ctx.json && !ctx.quiet) {
+    renderMinimalHeader("packs", "pro");
+    renderSectionHeader("Proof Graph Generation", sym.chart);
+  }
+  
+  const spinner = !ctx.quiet && !ctx.json ? new Spinner("Building proof graph").start() : null;
+  
+  try {
+    // Load graph data from various sources
+    let graphData = await loadGraphData(ctx.projectRoot);
+    
+    if (!graphData || (graphData.nodes?.length === 0 && graphData.edges?.length === 0)) {
+      spinner?.warn("No graph data found");
+      
+      if (ctx.json) {
+        console.log(JSON.stringify({ 
+          success: false, 
+          error: "No proof graph data found",
+          hint: "Run vibecheck prove or vibecheck reality first",
+        }));
+      } else if (!ctx.quiet) {
+        renderWarning("No proof graph data found");
+        console.log(`
+  ${ansi.dim}Run verification commands to generate graph data:${ansi.reset}
+    ${ansi.cyan}vibecheck prove --url http://localhost:3000${ansi.reset}
+    ${ansi.cyan}vibecheck reality --url http://localhost:3000${ansi.reset}
+`);
+      }
+      return EXIT.NOT_FOUND;
+    }
+    
+    // Apply query filter
+    if (query && GRAPH_QUERIES[query]) {
+      graphData = filterGraphByQuery(graphData, query);
+      if (spinner) spinner.text = `Filtering: ${GRAPH_QUERIES[query]}`;
+    }
+    
+    // Apply depth limit
+    if (depth > 0) {
+      graphData = limitGraphDepth(graphData, depth);
+    }
+    
+    // Add metadata
+    graphData.metadata = {
+      version: PACKS_VERSION,
+      generated: new Date().toISOString(),
+      query: query || "all",
+      depth: depth || "unlimited",
+      stats: {
+        nodes: graphData.nodes?.length || 0,
+        edges: graphData.edges?.length || 0,
+        gaps: graphData.gaps?.length || 0,
+      },
+    };
+    
+    // Format output
+    let outputContent;
+    switch (format) {
+      case "dot":
+        outputContent = graphToDot(graphData);
+        break;
+      case "mermaid":
+        outputContent = graphToMermaid(graphData);
+        break;
+      case "html":
+        outputContent = graphToHtml(graphData);
+        break;
+      case "json":
+      default:
+        outputContent = JSON.stringify(graphData, null, 2);
+        break;
+    }
+    
+    spinner?.succeed(`Graph generated (${graphData.metadata.stats.nodes} nodes, ${graphData.metadata.stats.edges} edges)`);
+    
+    // Write or print output
+    if (output) {
+      const outputPath = path.isAbsolute(output) ? output : path.join(ctx.projectRoot, output);
+      fs.mkdirSync(path.dirname(outputPath), { recursive: true });
+      fs.writeFileSync(outputPath, outputContent);
+      
+      if (ctx.json) {
+        console.log(JSON.stringify({ 
+          success: true, 
+          path: outputPath, 
+          format, 
+          stats: graphData.metadata.stats,
+        }));
+      } else if (!ctx.quiet) {
+        console.log(`
+  ${ansi.bold}Graph Statistics${ansi.reset}
+    ${ansi.dim}Nodes:${ansi.reset} ${graphData.metadata.stats.nodes}
+    ${ansi.dim}Edges:${ansi.reset} ${graphData.metadata.stats.edges}
+    ${ansi.dim}Gaps:${ansi.reset}  ${graphData.metadata.stats.gaps}
+
+  ${ansi.bold}Output${ansi.reset}
+    ${ansi.dim}Path:${ansi.reset}   ${outputPath}
+    ${ansi.dim}Format:${ansi.reset} ${format}
+`);
+      }
+    } else {
+      console.log(outputContent);
+    }
+    
+    return EXIT.SUCCESS;
+  } catch (error) {
+    spinner?.fail("Graph generation failed");
+    throw error;
+  }
+}
+
+/**
+ * Handle permissions subcommand (placeholder - legacy)
+ */
+async function handlePermissions(ctx) {
+  // Redirect to V2
+  return handlePermissionsV2(ctx);
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// V2 HANDLERS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Handle bundle subcommand - All-in-one ZIP bundle + manifest + HTML index
+ */
+async function handleBundle(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderMinimalHeader, renderSectionHeader, sym } = getCliOutput();
+  
+  const bundlePack = getBundlePack();
+  
+  if (!ctx.json && !ctx.quiet) {
+    renderMinimalHeader("packs", "free");
+    renderSectionHeader("Unified Bundle Generation (V2)", "📦");
+    console.log();
+  }
+  
+  if (!bundlePack) {
+    if (ctx.json) {
+      console.log(JSON.stringify({ success: false, error: "Bundle pack module not available" }));
+    } else if (!ctx.quiet) {
+      console.log(`${ansi.red}✗${ansi.reset} Bundle pack module not available\n`);
+    }
+    return EXIT.INTERNAL_ERROR;
+  }
+  
+  try {
+    const outputDir = getArgValue(ctx.args, "--output") || getArgValue(ctx.args, "-o");
+    const noZip = ctx.args.includes("--no-zip");
+    const noEvidence = ctx.args.includes("--no-evidence");
+    const noPermissions = ctx.args.includes("--no-permissions");
+    const noGraph = ctx.args.includes("--no-graph");
+    const noReport = ctx.args.includes("--no-report");
+    
+    const result = await bundlePack.buildBundle(ctx.projectRoot, {
+      outputDir,
+      createZip: !noZip,
+      includeEvidence: !noEvidence,
+      includePermissions: !noPermissions,
+      includeProofGraph: !noGraph,
+      includeReport: !noReport,
+    });
+    
+    if (ctx.json) {
+      console.log(JSON.stringify({
+        success: true,
+        bundleId: result.bundleId,
+        bundleDir: result.bundleDir,
+        zipPath: result.zipPath,
+        components: Object.keys(result.components).filter(k => result.components[k]),
+        manifest: result.manifest,
+      }, null, 2));
+    } else if (!ctx.quiet) {
+      console.log(`\n${ansi.green}✓${ansi.reset} ${ansi.bold}Bundle created successfully!${ansi.reset}\n`);
+      console.log(`  ${ansi.bold}Bundle ID:${ansi.reset} ${result.bundleId}`);
+      console.log(`  ${ansi.bold}Directory:${ansi.reset} ${result.bundleDir}`);
+      if (result.zipPath) {
+        console.log(`  ${ansi.bold}ZIP File:${ansi.reset}  ${result.zipPath}`);
+      }
+      console.log(`  ${ansi.bold}Index:${ansi.reset}     ${path.join(result.bundleDir, "index.html")}`);
+      
+      console.log(`\n  ${ansi.bold}Components${ansi.reset}`);
+      for (const [name, comp] of Object.entries(result.components)) {
+        if (comp) {
+          const icon = { evidence: "📸", permissions: "🔐", "proof-graph": "🕸️", report: "📊" }[name] || "📦";
+          console.log(`    ${icon}  ${name}`);
+        }
+      }
+      
+      if (result.manifest.receipts?.ship) {
+        console.log(`\n  ${ansi.bold}Cross-References${ansi.reset}`);
+        console.log(`    Ship:    ${result.manifest.receipts.ship.verdict || "N/A"}`);
+      }
+      if (result.manifest.receipts?.reality) {
+        console.log(`    Reality: ${result.manifest.receipts.reality.verdict || "N/A"}`);
+      }
+      
+      console.log(`\n  ${ansi.dim}Open index.html in a browser to view the bundle${ansi.reset}\n`);
+    }
+    
+    return EXIT.SUCCESS;
+  } catch (error) {
+    if (ctx.json) {
+      console.log(JSON.stringify({ success: false, error: error.message }));
+    } else if (!ctx.quiet) {
+      console.log(`\n${ansi.red}✗${ansi.reset} Bundle creation failed: ${error.message}\n`);
+    }
+    return EXIT.INTERNAL_ERROR;
+  }
+}
+
+/**
+ * Handle evidence subcommand V2 - Enhanced with pack factory
+ */
+async function handleEvidenceV2(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderMinimalHeader, renderSectionHeader, sym } = getCliOutput();
+  
+  const evidencePack = getEvidencePackV2();
+  
+  if (!ctx.json && !ctx.quiet) {
+    renderMinimalHeader("packs", "free");
+    renderSectionHeader("Evidence Pack Generation", sym.pack);
+    console.log();
+  }
+  
+  if (!evidencePack) {
+    // Fall back to legacy handler
+    return await handleEvidence(ctx);
+  }
+  
+  try {
+    const outputDir = getArgValue(ctx.args, "--output") || getArgValue(ctx.args, "-o");
+    const createZip = ctx.args.includes("--zip");
+    const runId = getArgValue(ctx.args, "--run-id");
+    
+    const result = await evidencePack.buildEvidencePack(ctx.projectRoot, {
+      outputDir,
+      createZip,
+      runId,
+    });
+    
+    if (ctx.json) {
+      console.log(JSON.stringify({
+        success: true,
+        packId: result.packId,
+        outputDir: result.outputDir,
+        artifactCount: result.artifactCount,
+        manifest: result.manifest,
+      }, null, 2));
+    } else if (!ctx.quiet) {
+      console.log(`${ansi.green}✓${ansi.reset} Evidence pack created: ${result.packId}\n`);
+      console.log(`  ${ansi.bold}Artifacts${ansi.reset}`);
+      console.log(`    Screenshots: ${result.manifest.metadata.screenshotCount}`);
+      console.log(`    Videos:      ${result.manifest.metadata.videoCount}`);
+      console.log(`    Traces:      ${result.manifest.metadata.traceCount}`);
+      console.log(`    Findings:    ${result.manifest.metadata.findingCount}`);
+      console.log(`\n  ${ansi.bold}Output${ansi.reset}`);
+      console.log(`    Directory: ${result.outputDir}`);
+      console.log(`    Gallery:   ${path.join(result.outputDir, "gallery.html")}\n`);
+    }
+    
+    return EXIT.SUCCESS;
+  } catch (error) {
+    if (ctx.json) {
+      console.log(JSON.stringify({ success: false, error: error.message }));
+    } else if (!ctx.quiet) {
+      console.log(`\n${ansi.red}✗${ansi.reset} Evidence pack failed: ${error.message}\n`);
+    }
+    return EXIT.INTERNAL_ERROR;
+  }
+}
+
+/**
+ * Handle permissions subcommand V2 - AuthZ matrix extraction
+ */
+async function handlePermissionsV2(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderMinimalHeader, renderSectionHeader, sym, Spinner } = getCliOutput();
+  
+  const permissionsPack = getPermissionsPack();
+  
+  if (!ctx.json && !ctx.quiet) {
+    renderMinimalHeader("packs", "free");
+    renderSectionHeader("Permissions Pack Generation", "🔐");
+    console.log();
+  }
+  
+  if (!permissionsPack) {
+    if (ctx.json) {
+      console.log(JSON.stringify({ success: false, error: "Permissions pack module not available" }));
+    } else if (!ctx.quiet) {
+      console.log(`${ansi.red}✗${ansi.reset} Permissions pack module not available\n`);
+    }
+    return EXIT.INTERNAL_ERROR;
+  }
+  
+  const spinner = !ctx.quiet && !ctx.json ? new Spinner("Scanning codebase for permissions").start() : null;
+  
+  try {
+    const outputDir = getArgValue(ctx.args, "--output") || getArgValue(ctx.args, "-o");
+    const createZip = ctx.args.includes("--zip");
+    
+    const result = await permissionsPack.buildPermissionsPack(ctx.projectRoot, {
+      outputDir,
+      createZip,
+    });
+    
+    spinner?.succeed("Permissions pack created");
+    
+    if (ctx.json) {
+      console.log(JSON.stringify({
+        success: true,
+        packId: result.packId,
+        outputDir: result.outputDir,
+        metadata: result.manifest.metadata,
+      }, null, 2));
+    } else if (!ctx.quiet) {
+      console.log(`\n  ${ansi.bold}AuthZ Matrix${ansi.reset}`);
+      console.log(`    Roles:            ${result.manifest.metadata.rolesCount}`);
+      console.log(`    Permissions:      ${result.manifest.metadata.permissionsCount}`);
+      console.log(`    Protected Routes: ${result.manifest.metadata.protectedRoutesCount}`);
+      console.log(`    Entitlements:     ${result.manifest.metadata.entitlementsCount}`);
+      console.log(`    Files Scanned:    ${result.manifest.metadata.filesScanned}`);
+      console.log(`\n  ${ansi.bold}Output${ansi.reset}`);
+      console.log(`    Directory: ${result.outputDir}`);
+      console.log(`    Matrix:    ${path.join(result.outputDir, "matrix.html")}`);
+      console.log(`    Report:    ${path.join(result.outputDir, "permissions-report.md")}\n`);
+    }
+    
+    return EXIT.SUCCESS;
+  } catch (error) {
+    spinner?.fail("Permissions pack failed");
+    if (ctx.json) {
+      console.log(JSON.stringify({ success: false, error: error.message }));
+    } else if (!ctx.quiet) {
+      console.log(`\n${ansi.red}✗${ansi.reset} Permissions pack failed: ${error.message}\n`);
+    }
+    return EXIT.INTERNAL_ERROR;
+  }
+}
+
+/**
+ * Handle graph subcommand V2 - Proof graph with receipt cross-links
+ */
+async function handleGraphV2(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderMinimalHeader, renderSectionHeader, sym, Spinner } = getCliOutput();
+  
+  const proofGraphPack = getProofGraphPack();
+  
+  if (!ctx.json && !ctx.quiet) {
+    renderMinimalHeader("packs", "free");
+    renderSectionHeader("Proof Graph Pack Generation", "🕸️");
+    console.log();
+  }
+  
+  if (!proofGraphPack) {
+    // Fall back to legacy handler
+    return await handleGraph(ctx);
+  }
+  
+  const spinner = !ctx.quiet && !ctx.json ? new Spinner("Building proof graph").start() : null;
+  
+  try {
+    const outputDir = getArgValue(ctx.args, "--output") || getArgValue(ctx.args, "-o");
+    const createZip = ctx.args.includes("--zip");
+    
+    const result = await proofGraphPack.buildProofGraphPack(ctx.projectRoot, {
+      outputDir,
+      createZip,
+    });
+    
+    spinner?.succeed("Proof graph pack created");
+    
+    if (ctx.json) {
+      console.log(JSON.stringify({
+        success: true,
+        packId: result.packId,
+        outputDir: result.outputDir,
+        metadata: result.manifest.metadata,
+      }, null, 2));
+    } else if (!ctx.quiet) {
+      console.log(`\n  ${ansi.bold}Graph Statistics${ansi.reset}`);
+      console.log(`    Nodes: ${result.manifest.metadata.nodeCount}`);
+      console.log(`    Edges: ${result.manifest.metadata.edgeCount}`);
+      console.log(`\n  ${ansi.bold}Receipt Cross-Links${ansi.reset}`);
+      console.log(`    Ship Receipt:    ${result.manifest.metadata.hasShipReceipt ? "✓" : "✗"}`);
+      console.log(`    Reality Receipt: ${result.manifest.metadata.hasRealityReceipt ? "✓" : "✗"}`);
+      console.log(`    Scan Receipt:    ${result.manifest.metadata.hasScanReceipt ? "✓" : "✗"}`);
+      console.log(`    Proof Runs:      ${result.manifest.metadata.proofRunCount}`);
+      console.log(`\n  ${ansi.bold}Output${ansi.reset}`);
+      console.log(`    Directory:     ${result.outputDir}`);
+      console.log(`    Visualization: ${path.join(result.outputDir, "visualization.html")}`);
+      console.log(`    DOT Format:    ${path.join(result.outputDir, "proof-graph.dot")}`);
+      console.log(`    Mermaid:       ${path.join(result.outputDir, "proof-graph.mmd")}\n`);
+    }
+    
+    return EXIT.SUCCESS;
+  } catch (error) {
+    spinner?.fail("Proof graph pack failed");
+    if (ctx.json) {
+      console.log(JSON.stringify({ success: false, error: error.message }));
+    } else if (!ctx.quiet) {
+      console.log(`\n${ansi.red}✗${ansi.reset} Proof graph pack failed: ${error.message}\n`);
+    }
+    return EXIT.INTERNAL_ERROR;
+  }
+}
+
+/**
+ * Handle list subcommand - List existing packs and bundles
+ */
+async function handleList(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderMinimalHeader, renderSectionHeader, sym } = getCliOutput();
+  
+  const bundlePack = getBundlePack();
+  const packFactory = getPackFactory();
+  
+  if (!ctx.json && !ctx.quiet) {
+    renderMinimalHeader("packs", "free");
+    renderSectionHeader("Available Packs", sym.list);
+    console.log();
+  }
+  
+  const result = {
+    bundles: [],
+    packs: [],
+  };
+  
+  // List bundles
+  if (bundlePack && bundlePack.listBundles) {
+    result.bundles = bundlePack.listBundles(ctx.projectRoot);
+  }
+  
+  // List individual packs
+  const packsDir = path.join(ctx.projectRoot, ".vibecheck/packs");
+  if (fs.existsSync(packsDir)) {
+    const dirs = fs.readdirSync(packsDir, { withFileTypes: true })
+      .filter(d => d.isDirectory())
+      .map(d => d.name);
+    
+    for (const dir of dirs) {
+      const manifestPath = path.join(packsDir, dir, "manifest.json");
+      if (fs.existsSync(manifestPath)) {
+        try {
+          const manifest = JSON.parse(fs.readFileSync(manifestPath, "utf-8"));
+          result.packs.push({
+            id: manifest.id,
+            type: manifest.type,
+            generatedAt: manifest.generatedAt,
+            artifactCount: manifest.summary?.artifactCount || 0,
+          });
+        } catch (e) {
+          // Skip invalid
+        }
+      }
+    }
+  }
+  
+  if (ctx.json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else if (!ctx.quiet) {
+    console.log(`  ${ansi.bold}Bundles${ansi.reset} (${result.bundles.length})`);
+    if (result.bundles.length === 0) {
+      console.log(`    ${ansi.dim}No bundles found${ansi.reset}`);
+    } else {
+      for (const bundle of result.bundles.slice(0, 5)) {
+        const time = bundle.generatedAt ? new Date(bundle.generatedAt).toLocaleString() : "?";
+        const verdict = bundle.verdict ? ` [${bundle.verdict}]` : "";
+        console.log(`    ${ansi.cyan}${bundle.id}${ansi.reset}${verdict}`);
+        console.log(`      ${ansi.dim}${time} • ${bundle.componentCount} components${ansi.reset}`);
+      }
+    }
+    
+    console.log(`\n  ${ansi.bold}Packs${ansi.reset} (${result.packs.length})`);
+    if (result.packs.length === 0) {
+      console.log(`    ${ansi.dim}No packs found${ansi.reset}`);
+    } else {
+      for (const pack of result.packs.slice(0, 10)) {
+        const time = pack.generatedAt ? new Date(pack.generatedAt).toLocaleString() : "?";
+        console.log(`    ${ansi.cyan}${pack.id}${ansi.reset} [${pack.type}]`);
+        console.log(`      ${ansi.dim}${time} • ${pack.artifactCount} artifacts${ansi.reset}`);
+      }
+    }
+    console.log();
+  }
+  
+  return EXIT.SUCCESS;
+}
+
+/**
+ * Handle cleanup subcommand - Remove old packs
+ */
+async function handleCleanup(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderMinimalHeader, renderSectionHeader, sym } = getCliOutput();
+  
+  const bundlePack = getBundlePack();
+  
+  if (!ctx.json && !ctx.quiet) {
+    renderMinimalHeader("packs", "free");
+    renderSectionHeader("Cleanup Old Packs", "🧹");
+    console.log();
+  }
+  
+  let removed = 0;
+  
+  // Cleanup bundles
+  if (bundlePack && bundlePack.cleanupBundles) {
+    const maxCount = parseInt(getArgValue(ctx.args, "--keep") || "5", 10);
+    const maxAgeDays = parseInt(getArgValue(ctx.args, "--max-age") || "30", 10);
+    
+    removed = bundlePack.cleanupBundles(ctx.projectRoot, { maxCount, maxAgeDays });
+  }
+  
+  // Cleanup individual packs
+  const packsDir = path.join(ctx.projectRoot, ".vibecheck/packs");
+  if (fs.existsSync(packsDir)) {
+    const dirs = fs.readdirSync(packsDir, { withFileTypes: true })
+      .filter(d => d.isDirectory())
+      .map(d => d.name)
+      .sort()
+      .reverse();
+    
+    // Keep 10 most recent
+    for (const dir of dirs.slice(10)) {
+      try {
+        fs.rmSync(path.join(packsDir, dir), { recursive: true, force: true });
+        removed++;
+      } catch (e) {
+        // Skip
+      }
+    }
+  }
+  
+  if (ctx.json) {
+    console.log(JSON.stringify({ success: true, removed }));
+  } else if (!ctx.quiet) {
+    if (removed > 0) {
+      console.log(`  ${ansi.green}✓${ansi.reset} Removed ${removed} old packs\n`);
+    } else {
+      console.log(`  ${ansi.dim}No packs to clean up${ansi.reset}\n`);
+    }
+  }
+  
+  return EXIT.SUCCESS;
+}
+
+/**
+ * Handle manifest subcommand - list all artifacts
+ */
+async function handleManifest(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderMinimalHeader, renderSectionHeader, sym } = getCliOutput();
+  
+  if (!ctx.json && !ctx.quiet) {
+    renderMinimalHeader("packs", "free");
+    renderSectionHeader("Artifact Manifest", sym.list);
+  }
+  
+  const artifacts = {
+    scans: [],
+    evidence: [],
+    reports: [],
+    graphs: [],
+  };
+  
+  // Collect scans
+  const scansDir = path.join(ctx.projectRoot, ".vibecheck", "scan");
+  if (fs.existsSync(scansDir)) {
+    const files = fs.readdirSync(scansDir).filter(f => f.endsWith(".json"));
+    artifacts.scans = files.map(f => ({
+      name: f,
+      path: path.join(scansDir, f),
+      modified: fs.statSync(path.join(scansDir, f)).mtime,
+    }));
+  }
+  
+  // Collect evidence packs
+  const packsDir = path.join(ctx.projectRoot, ".vibecheck", "evidence-packs");
+  if (fs.existsSync(packsDir)) {
+    const dirs = fs.readdirSync(packsDir).filter(d => 
+      fs.statSync(path.join(packsDir, d)).isDirectory()
+    );
+    artifacts.evidence = dirs.map(d => {
+      const manifestPath = path.join(packsDir, d, "manifest.json");
+      let manifest = null;
+      if (fs.existsSync(manifestPath)) {
+        try {
+          manifest = JSON.parse(fs.readFileSync(manifestPath, "utf-8"));
+        } catch {
+          // Skip invalid manifests
+        }
+      }
+      return {
+        id: d,
+        path: path.join(packsDir, d),
+        manifest,
+      };
+    });
+  }
+  
+  // Collect reports
+  const reportsDir = path.join(ctx.projectRoot, ".vibecheck", "reports");
+  if (fs.existsSync(reportsDir)) {
+    const files = fs.readdirSync(reportsDir);
+    artifacts.reports = files.map(f => ({
+      name: f,
+      path: path.join(reportsDir, f),
+      modified: fs.statSync(path.join(reportsDir, f)).mtime,
+    }));
+  }
+  
+  const manifest = {
+    version: PACKS_VERSION,
+    generated: new Date().toISOString(),
+    projectRoot: ctx.projectRoot,
+    artifacts,
+    summary: {
+      scans: artifacts.scans.length,
+      evidence: artifacts.evidence.length,
+      reports: artifacts.reports.length,
+      graphs: artifacts.graphs.length,
+      total: artifacts.scans.length + artifacts.evidence.length + artifacts.reports.length + artifacts.graphs.length,
+    },
+  };
+  
+  if (ctx.json) {
+    console.log(JSON.stringify(manifest, null, 2));
+  } else if (!ctx.quiet) {
+    console.log(`
+  ${ansi.bold}Artifact Summary${ansi.reset}
+    ${ansi.dim}Scans:${ansi.reset}          ${manifest.summary.scans}
+    ${ansi.dim}Evidence Packs:${ansi.reset} ${manifest.summary.evidence}
+    ${ansi.dim}Reports:${ansi.reset}        ${manifest.summary.reports}
+    ${ansi.dim}Graphs:${ansi.reset}         ${manifest.summary.graphs}
+    ${ansi.dim}Total:${ansi.reset}          ${manifest.summary.total}
+`);
+
+    if (artifacts.evidence.length > 0) {
+      console.log(`  ${ansi.bold}Recent Evidence Packs${ansi.reset}`);
+      for (const pack of artifacts.evidence.slice(-5)) {
+        const time = pack.manifest?.generated ? new Date(pack.manifest.generated).toLocaleString() : "?";
+        console.log(`    ${ansi.dim}${pack.id}${ansi.reset} - ${time}`);
+      }
+      console.log();
+    }
+    
+    if (artifacts.scans.length > 0) {
+      console.log(`  ${ansi.bold}Recent Scans${ansi.reset}`);
+      for (const scan of artifacts.scans.slice(-5)) {
+        const time = scan.modified ? new Date(scan.modified).toLocaleString() : "?";
+        console.log(`    ${ansi.dim}${scan.name}${ansi.reset} - ${time}`);
+      }
+      console.log();
+    }
+  }
+  
+  return EXIT.SUCCESS;
+}
+
+/**
+ * Handle launch subcommand - bundle launch validation results
+ */
+async function handleLaunch(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderMinimalHeader, renderSectionHeader, sym } = getCliOutput();
+  
+  if (!ctx.json && !ctx.quiet) {
+    renderMinimalHeader("packs", "free");
+    renderSectionHeader("Launch Pack Bundle", "🚀");
+  }
+  
+  const launchDir = path.join(ctx.projectRoot, ".vibecheck", "launch");
+  
+  if (!fs.existsSync(launchDir)) {
+    if (ctx.json) {
+      console.log(JSON.stringify({ 
+        success: false, 
+        error: "No launch results found. Run 'vibecheck launch' first." 
+      }));
+    } else if (!ctx.quiet) {
+      console.log(`\n  ${ansi.yellow}No launch results found.${ansi.reset}`);
+      console.log(`  Run ${ansi.cyan}vibecheck launch${ansi.reset} first to generate results.\n`);
+    }
+    return EXIT.NOT_FOUND;
+  }
+  
+  // Find the most recent launch results
+  const files = fs.readdirSync(launchDir)
+    .filter(f => f.startsWith("launch-") && f.endsWith(".json"))
+    .sort()
+    .reverse();
+  
+  if (files.length === 0) {
+    if (ctx.json) {
+      console.log(JSON.stringify({ 
+        success: false, 
+        error: "No launch results found." 
+      }));
+    } else if (!ctx.quiet) {
+      console.log(`\n  ${ansi.yellow}No launch results found.${ansi.reset}\n`);
+    }
+    return EXIT.NOT_FOUND;
+  }
+  
+  const latestFile = files[0];
+  const format = getArgValue(ctx.args, "--format") || "zip";
+  const outputPath = getArgValue(ctx.args, "--output") || getArgValue(ctx.args, "-o");
+  
+  // Collect all launch artifacts
+  const artifacts = [
+    { name: latestFile, path: path.join(launchDir, latestFile), type: "results" },
+  ];
+  
+  // Add other standard launch files if they exist
+  const standardFiles = ["blockers.json", "checklist.md", "audit-trail.json", "manifest.json"];
+  for (const file of standardFiles) {
+    const filePath = path.join(launchDir, file);
+    if (fs.existsSync(filePath)) {
+      artifacts.push({ name: file, path: filePath, type: file.replace(/\.[^.]+$/, "") });
+    }
+  }
+  
+  if (format === "json") {
+    // Output as JSON listing
+    const result = {
+      success: true,
+      packId: latestFile.replace(/\.json$/, ""),
+      artifacts: artifacts.map(a => ({ name: a.name, type: a.type })),
+      launchDir,
+    };
+    console.log(JSON.stringify(result, null, 2));
+    return EXIT.SUCCESS;
+  }
+  
+  if (format === "md") {
+    // Output the checklist markdown
+    const checklistPath = path.join(launchDir, "checklist.md");
+    if (fs.existsSync(checklistPath)) {
+      console.log(fs.readFileSync(checklistPath, "utf-8"));
+    } else {
+      console.log("# Launch Checklist\n\nNo checklist generated yet.");
+    }
+    return EXIT.SUCCESS;
+  }
+  
+  // Default: ZIP bundle
+  const timestamp = new Date().toISOString().replace(/[:.]/g, "-").slice(0, 19);
+  const zipName = outputPath || `launch-pack-${timestamp}.zip`;
+  const zipPath = path.resolve(ctx.projectRoot, zipName);
+  
+  try {
+    // Create a simple zip using Node.js (no external deps)
+    const archiver = require("archiver");
+    const output = fs.createWriteStream(zipPath);
+    const archive = archiver("zip", { zlib: { level: 9 } });
+    
+    archive.pipe(output);
+    
+    for (const artifact of artifacts) {
+      archive.file(artifact.path, { name: artifact.name });
+    }
+    
+    await archive.finalize();
+    
+    if (!ctx.quiet) {
+      console.log(`\n  ${ansi.green}✓${ansi.reset} Created: ${ansi.cyan}${zipName}${ansi.reset}`);
+      console.log(`    • ${artifacts.length} files bundled`);
+      console.log(`    • ${artifacts.map(a => a.name).join(", ")}`);
+      console.log();
+    }
+    
+    if (ctx.json) {
+      console.log(JSON.stringify({
+        success: true,
+        path: zipPath,
+        artifacts: artifacts.length,
+        files: artifacts.map(a => a.name),
+      }));
+    }
+    
+    return EXIT.SUCCESS;
+  } catch (err) {
+    // Fallback: just copy files to a directory if archiver not available
+    const bundleDir = outputPath || path.join(ctx.projectRoot, `launch-pack-${timestamp}`);
+    fs.mkdirSync(bundleDir, { recursive: true });
+    
+    for (const artifact of artifacts) {
+      fs.copyFileSync(artifact.path, path.join(bundleDir, artifact.name));
+    }
+    
+    if (!ctx.quiet) {
+      console.log(`\n  ${ansi.green}✓${ansi.reset} Created bundle directory: ${ansi.cyan}${bundleDir}${ansi.reset}`);
+      console.log(`    • ${artifacts.length} files copied`);
+      console.log();
+    }
+    
+    return EXIT.SUCCESS;
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// ERROR HANDLING
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function handleUnknownSubcommand(subcommand, ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi } = getCliOutput();
+  
+  if (ctx.json) {
+    console.log(JSON.stringify({ 
+      success: false, 
+      error: `Unknown subcommand: ${subcommand}`,
+      available: Object.keys(SUBCOMMANDS),
+    }));
+  } else {
+    console.log(`
+${ansi.red}Error: Unknown subcommand '${subcommand}'${ansi.reset}
+
+${ansi.dim}Available subcommands:${ansi.reset}
+${Object.keys(SUBCOMMANDS).map(s => `  ${ansi.cyan}${s}${ansi.reset}`).join("\n")}
+
+Run ${ansi.cyan}vibecheck packs --help${ansi.reset} for usage.
+`);
+  }
+  
+  return EXIT.USER_ERROR;
+}
+
+function handleError(error, ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderError } = getCliOutput();
+  
+  if (ctx.json) {
+    console.log(JSON.stringify({ 
+      success: false, 
+      error: error.message,
+      stack: ctx.verbose ? error.stack : undefined,
+    }));
+  } else {
+    renderError(`Packs error: ${error.message}`);
+    if (ctx.verbose) {
+      console.log(`\n${ansi.dim}${error.stack}${ansi.reset}\n`);
+    }
+  }
+  
+  return EXIT.INTERNAL_ERROR;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// UTILITY FUNCTIONS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function getArgValue(args, flag) {
+  const index = args.indexOf(flag);
+  if (index !== -1 && args[index + 1] && !args[index + 1].startsWith("--")) {
+    return args[index + 1];
+  }
+  return null;
+}
+
+async function collectArtifacts(projectRoot, args) {
+  const artifacts = { items: [], summary: {}, count: 0 };
+  const includeVideos = !args.includes("--no-videos");
+  const includeTraces = !args.includes("--no-traces");
+  const includeHar = !args.includes("--no-har");
+  
+  // Common artifact locations
+  const locations = [
+    { type: "videos", dir: ".vibecheck/prove/videos", enabled: includeVideos },
+    { type: "traces", dir: ".vibecheck/prove/traces", enabled: includeTraces },
+    { type: "screenshots", dir: ".vibecheck/prove/screenshots", enabled: true },
+    { type: "har", dir: ".vibecheck/prove/har", enabled: includeHar },
+    { type: "reports", dir: ".vibecheck/scan", enabled: true },
+  ];
+  
+  for (const loc of locations) {
+    if (!loc.enabled) continue;
+    
+    const dirPath = path.join(projectRoot, loc.dir);
+    if (!fs.existsSync(dirPath)) continue;
+    
+    const files = fs.readdirSync(dirPath);
+    artifacts.summary[loc.type] = files.length;
+    
+    for (const file of files) {
+      const filePath = path.join(dirPath, file);
+      const stats = fs.statSync(filePath);
+      if (stats.isFile()) {
+        const hash = crypto.createHash("md5")
+          .update(fs.readFileSync(filePath))
+          .digest("hex")
+          .slice(0, 8);
+        
+        artifacts.items.push({
+          type: loc.type,
+          name: file,
+          source: filePath,
+          size: stats.size,
+          hash,
+        });
+        artifacts.count++;
+      }
+    }
+  }
+  
+  return artifacts;
+}
+
+async function loadGraphData(projectRoot) {
+  // Try various sources in order of preference
+  const sources = [
+    ".vibecheck/proof-graph.json",
+    ".vibecheck/reality/last_reality.json",
+    ".vibecheck/prove/last_prove.json",
+    ".vibecheck/scan/last_scan.json",
+  ];
+  
+  for (const source of sources) {
+    const sourcePath = path.join(projectRoot, source);
+    if (fs.existsSync(sourcePath)) {
+      try {
+        const data = JSON.parse(fs.readFileSync(sourcePath, "utf-8"));
+        if (data.proofGraph) return data.proofGraph;
+        if (data.nodes && data.edges) return data;
+        
+        // Build from scan data
+        if (data.findings) {
+          return buildGraphFromScan(data);
+        }
+      } catch {
+        continue;
+      }
+    }
+  }
+  
+  return null;
+}
+
+function buildGraphFromScan(scanData) {
+  const nodes = [];
+  const edges = [];
+  const gaps = [];
+  const nodeIds = new Set();
+  
+  for (const finding of (scanData.findings || [])) {
+    if (finding.file && !nodeIds.has(`file:${finding.file}`)) {
+      nodeIds.add(`file:${finding.file}`);
+      nodes.push({
+        id: `file:${finding.file}`,
+        type: "file",
+        label: path.basename(finding.file),
+        path: finding.file,
+      });
+    }
+    
+    if (finding.ruleId?.includes("ROUTE") || finding.ruleId?.includes("GHOST")) {
+      gaps.push({
+        type: "finding",
+        ruleId: finding.ruleId,
+        evidence: finding,
+      });
+    }
+  }
+  
+  return { nodes, edges, gaps, generatedFrom: "scan" };
+}
+
+function filterGraphByQuery(graph, query) {
+  switch (query) {
+    case "unexecuted":
+      return {
+        ...graph,
+        nodes: graph.nodes?.filter(n => !n.executed) || [],
+        edges: graph.edges?.filter(e => {
+          const nodes = graph.nodes?.filter(n => !n.executed).map(n => n.id) || [];
+          return nodes.includes(e.source) || nodes.includes(e.target);
+        }) || [],
+      };
+    case "unhit-routes":
+      return {
+        ...graph,
+        nodes: graph.nodes?.filter(n => n.type === "route" && !n.hit) || [],
+      };
+    case "dead-ui":
+      return {
+        ...graph,
+        nodes: graph.nodes?.filter(n => n.type === "ui" && n.dead) || [],
+      };
+    case "gaps":
+      return {
+        ...graph,
+        nodes: graph.nodes?.filter(n => n.gap) || [],
+        gaps: graph.gaps || [],
+      };
+    default:
+      return graph;
+  }
+}
+
+function limitGraphDepth(graph, depth) {
+  // Simple depth limiting - could be more sophisticated
+  return {
+    ...graph,
+    nodes: graph.nodes?.slice(0, depth * 10) || [],
+    edges: graph.edges?.slice(0, depth * 15) || [],
+  };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// OUTPUT FORMATTERS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function graphToDot(graph) {
+  let dot = `digraph ProofGraph {
+  rankdir=LR;
+  node [shape=box, style="rounded,filled", fillcolor="#f8f9fa", fontname="Arial"];
+  edge [color="#6c757d"];
+  
+  // Graph metadata
+  label="Proof Graph - ${graph.metadata?.generated || new Date().toISOString()}";
+  labelloc=t;
+  fontname="Arial Bold";
+  
+`;
+  
+  // Group nodes by type
+  const nodesByType = {};
+  for (const node of (graph.nodes || [])) {
+    const type = node.type || "unknown";
+    if (!nodesByType[type]) nodesByType[type] = [];
+    nodesByType[type].push(node);
+  }
+  
+  // Add subgraphs for each type
+  for (const [type, nodes] of Object.entries(nodesByType)) {
+    dot += `  subgraph cluster_${type} {\n`;
+    dot += `    label="${type.toUpperCase()}";\n`;
+    dot += `    style=dashed;\n`;
+    
+    for (const node of nodes) {
+      const label = (node.label || node.id).replace(/"/g, '\\"');
+      const color = node.gap ? "#dc3545" : node.executed ? "#28a745" : "#ffc107";
+      dot += `    "${node.id}" [label="${label}", fillcolor="${color}"];\n`;
+    }
+    
+    dot += `  }\n\n`;
+  }
+  
+  // Add edges
+  dot += "  // Edges\n";
+  for (const edge of (graph.edges || [])) {
+    const label = edge.label ? ` [label="${edge.label}"]` : "";
+    dot += `  "${edge.source}" -> "${edge.target}"${label};\n`;
+  }
+  
+  dot += "}\n";
+  return dot;
+}
+
+function graphToMermaid(graph) {
+  let mermaid = `%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#00d4ff'}}}%%
+graph LR
+`;
+  
+  // Add nodes with styling
+  for (const node of (graph.nodes || [])) {
+    const safeId = node.id.replace(/[^a-zA-Z0-9]/g, "_");
+    const label = (node.label || node.id).replace(/"/g, "'");
+    
+    if (node.type === "route") {
+      mermaid += `  ${safeId}[/"${label}"/]\n`;
+    } else if (node.type === "ui") {
+      mermaid += `  ${safeId}(("${label}"))\n`;
+    } else {
+      mermaid += `  ${safeId}["${label}"]\n`;
+    }
+  }
+  
+  mermaid += "\n";
+  
+  // Add edges
+  for (const edge of (graph.edges || [])) {
+    const sourceId = edge.source.replace(/[^a-zA-Z0-9]/g, "_");
+    const targetId = edge.target.replace(/[^a-zA-Z0-9]/g, "_");
+    const label = edge.label ? `|"${edge.label}"|` : "";
+    mermaid += `  ${sourceId} -->${label} ${targetId}\n`;
+  }
+  
+  // Add styles for gaps
+  const gapNodes = (graph.nodes || []).filter(n => n.gap);
+  if (gapNodes.length > 0) {
+    mermaid += "\n  %% Highlight gaps\n";
+    for (const node of gapNodes) {
+      const safeId = node.id.replace(/[^a-zA-Z0-9]/g, "_");
+      mermaid += `  style ${safeId} fill:#dc3545,color:#fff\n`;
+    }
+  }
+  
+  return mermaid;
+}
+
+function graphToHtml(graph) {
+  const mermaid = graphToMermaid(graph);
+  const stats = graph.metadata?.stats || { nodes: 0, edges: 0, gaps: 0 };
+  
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Proof Graph - VibeCheck</title>
+  <script src="https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.min.js"></script>
+  <style>
+    :root {
+      --bg-primary: #0a0a1a;
+      --bg-secondary: #1a1a2e;
+      --accent: #00d4ff;
+      --text: #e0e0e0;
+      --text-dim: #888;
+    }
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: var(--bg-primary);
+      color: var(--text);
+      min-height: 100vh;
+      padding: 20px;
+    }
+    .container { max-width: 1400px; margin: 0 auto; }
+    header {
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+      padding: 20px;
+      background: var(--bg-secondary);
+      border-radius: 12px;
+      margin-bottom: 20px;
+    }
+    h1 { font-size: 1.5rem; color: var(--accent); }
+    .meta { color: var(--text-dim); font-size: 0.9rem; }
+    .stats {
+      display: flex;
+      gap: 30px;
+      padding: 20px;
+      background: var(--bg-secondary);
+      border-radius: 12px;
+      margin-bottom: 20px;
+    }
+    .stat { text-align: center; }
+    .stat-value { font-size: 2rem; font-weight: bold; color: var(--accent); }
+    .stat-label { color: var(--text-dim); font-size: 0.85rem; text-transform: uppercase; }
+    .graph-container {
+      background: #fff;
+      border-radius: 12px;
+      padding: 30px;
+      overflow: auto;
+    }
+    .mermaid { min-height: 400px; }
+    footer {
+      margin-top: 20px;
+      padding: 15px;
+      text-align: center;
+      color: var(--text-dim);
+      font-size: 0.85rem;
+    }
+    footer a { color: var(--accent); text-decoration: none; }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <header>
+      <h1>Proof Graph</h1>
+      <div class="meta">Generated: ${graph.metadata?.generated || new Date().toISOString()}</div>
+    </header>
+    
+    <div class="stats">
+      <div class="stat">
+        <div class="stat-value">${stats.nodes}</div>
+        <div class="stat-label">Nodes</div>
+      </div>
+      <div class="stat">
+        <div class="stat-value">${stats.edges}</div>
+        <div class="stat-label">Edges</div>
+      </div>
+      <div class="stat">
+        <div class="stat-value">${stats.gaps}</div>
+        <div class="stat-label">Gaps</div>
+      </div>
+    </div>
+    
+    <div class="graph-container">
+      <pre class="mermaid">
+${mermaid}
+      </pre>
+    </div>
+    
+    <footer>
+      Powered by <a href="https://vibecheckai.dev">VibeCheck</a> v${PACKS_VERSION}
+    </footer>
+  </div>
+  
+  <script>
+    mermaid.initialize({ 
+      startOnLoad: true, 
+      theme: 'default',
+      securityLevel: 'loose',
+    });
+  </script>
+</body>
+</html>`;
+}
+
+function generateHtmlViewer(manifest) {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Evidence Pack - ${manifest.id}</title>
+  <style>
+    :root {
+      --bg: #0a0a1a;
+      --card: #1a1a2e;
+      --accent: #00d4ff;
+      --text: #e0e0e0;
+      --dim: #666;
+    }
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body { font-family: system-ui, sans-serif; background: var(--bg); color: var(--text); padding: 20px; }
+    .container { max-width: 1200px; margin: 0 auto; }
+    header { text-align: center; padding: 40px 0; }
+    h1 { color: var(--accent); margin-bottom: 10px; }
+    .id { color: var(--dim); font-family: monospace; }
+    .grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(300px, 1fr)); gap: 20px; margin-top: 30px; }
+    .card { background: var(--card); border-radius: 12px; padding: 20px; }
+    .card h3 { color: var(--accent); margin-bottom: 15px; }
+    .artifact { display: flex; justify-content: space-between; padding: 8px 0; border-bottom: 1px solid #333; }
+    .artifact:last-child { border-bottom: none; }
+    .artifact-name { font-family: monospace; }
+    .artifact-size { color: var(--dim); }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <header>
+      <h1>Evidence Pack</h1>
+      <div class="id">${manifest.id}</div>
+      <p style="color: var(--dim); margin-top: 10px;">Generated: ${manifest.generated}</p>
+    </header>
+    
+    <div class="grid">
+      ${Object.entries(manifest.summary || {}).map(([type, count]) => `
+        <div class="card">
+          <h3>${type.charAt(0).toUpperCase() + type.slice(1)}</h3>
+          <p>${count} files</p>
+          ${(manifest.artifacts || []).filter(a => a.type === type).map(a => `
+            <div class="artifact">
+              <span class="artifact-name">${a.name}</span>
+              <span class="artifact-size">${formatBytes(a.size)}</span>
+            </div>
+          `).join('')}
+        </div>
+      `).join('')}
+    </div>
+  </div>
+  
+  <script>
+    function formatBytes(bytes) {
+      if (bytes === 0) return '0 B';
+      const k = 1024;
+      const sizes = ['B', 'KB', 'MB', 'GB'];
+      const i = Math.floor(Math.log(bytes) / Math.log(k));
+      return parseFloat((bytes / Math.pow(k, i)).toFixed(1)) + ' ' + sizes[i];
+    }
+  </script>
+</body>
+</html>`;
+}
+
+function formatBytes(bytes) {
+  if (bytes === 0) return '0 B';
+  const k = 1024;
+  const sizes = ['B', 'KB', 'MB', 'GB'];
+  const i = Math.floor(Math.log(bytes) / Math.log(k));
+  return parseFloat((bytes / Math.pow(k, i)).toFixed(1)) + ' ' + sizes[i];
+}
+
+function generateSarif(report) {
+  return JSON.stringify({
+    $schema: "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+    version: "2.1.0",
+    runs: [{
+      tool: {
+        driver: {
+          name: "VibeCheck",
+          version: PACKS_VERSION,
+          informationUri: "https://vibecheckai.dev",
+          rules: [],
+        },
+      },
+      results: (report.findings || []).map(f => ({
+        ruleId: f.ruleId || f.id || "unknown",
+        message: { text: f.message || f.description },
+        level: f.severity === "critical" ? "error" : f.severity === "high" ? "error" : "warning",
+        locations: f.file ? [{
+          physicalLocation: {
+            artifactLocation: { uri: f.file },
+            region: { startLine: f.line || 1 },
+          },
+        }] : [],
+      })),
+    }],
+  }, null, 2);
+}
+
+function generateMarkdownReport(report) {
+  return `# VibeCheck Report
+
+Generated: ${report.generated}
+Type: ${report.type}
+
+## Summary
+
+| Severity | Count |
+|----------|-------|
+| Critical | ${report.summary.critical} |
+| High | ${report.summary.high} |
+| Medium | ${report.summary.medium} |
+| Low | ${report.summary.low} |
+| **Total** | **${report.summary.total}** |
+
+## Findings
+
+${(report.findings || []).map(f => `
+### ${f.ruleId || f.id}
+
+- **Severity**: ${f.severity}
+- **File**: ${f.file || 'N/A'}
+- **Line**: ${f.line || 'N/A'}
+
+${f.message || f.description}
+`).join('\n---\n')}
+
+---
+*Generated by VibeCheck v${PACKS_VERSION}*
+`;
+}
+
+function generateHtmlReport(report) {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>VibeCheck Report</title>
+  <style>
+    :root { --accent: #00d4ff; --bg: #0a0a1a; --card: #1a1a2e; --text: #e0e0e0; }
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body { font-family: system-ui, sans-serif; background: var(--bg); color: var(--text); padding: 40px; }
+    .container { max-width: 1000px; margin: 0 auto; }
+    h1 { color: var(--accent); margin-bottom: 30px; }
+    .summary { display: flex; gap: 20px; margin-bottom: 40px; }
+    .stat { background: var(--card); padding: 20px; border-radius: 12px; text-align: center; flex: 1; }
+    .stat-value { font-size: 2rem; font-weight: bold; }
+    .stat-label { color: #888; font-size: 0.85rem; }
+    .critical { color: #dc3545; }
+    .high { color: #fd7e14; }
+    .medium { color: #ffc107; }
+    .low { color: #28a745; }
+    .finding { background: var(--card); padding: 20px; border-radius: 12px; margin-bottom: 15px; }
+    .finding-header { display: flex; justify-content: space-between; margin-bottom: 10px; }
+    .finding-id { font-family: monospace; color: var(--accent); }
+    .finding-file { color: #888; font-size: 0.9rem; }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <h1>VibeCheck Report</h1>
+    
+    <div class="summary">
+      <div class="stat"><div class="stat-value critical">${report.summary.critical}</div><div class="stat-label">Critical</div></div>
+      <div class="stat"><div class="stat-value high">${report.summary.high}</div><div class="stat-label">High</div></div>
+      <div class="stat"><div class="stat-value medium">${report.summary.medium}</div><div class="stat-label">Medium</div></div>
+      <div class="stat"><div class="stat-value low">${report.summary.low}</div><div class="stat-label">Low</div></div>
+    </div>
+    
+    <h2 style="margin-bottom: 20px;">Findings</h2>
+    
+    ${(report.findings || []).map(f => `
+      <div class="finding">
+        <div class="finding-header">
+          <span class="finding-id">${f.ruleId || f.id}</span>
+          <span class="finding-severity ${f.severity}">${f.severity?.toUpperCase()}</span>
+        </div>
+        <p>${f.message || f.description}</p>
+        ${f.file ? `<div class="finding-file">${f.file}${f.line ? `:${f.line}` : ''}</div>` : ''}
+      </div>
+    `).join('')}
+  </div>
+</body>
+</html>`;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+module.exports = {
+  runPacks,
+  // Export constants for testing
+  PACKS_VERSION,
+  SUBCOMMANDS,
+  GRAPH_QUERIES,
+  // Export individual handlers (V2)
+  handleBundle,
+  handleEvidenceV2,
+  handlePermissionsV2,
+  handleGraphV2,
+  handleList,
+  handleCleanup,
+  // Legacy handlers
+  handleEvidence,
+  handleReport,
+  handleGraph,
+  handlePermissions,
+  handleManifest,
+};