refactorai-cli 0.1.0__py3-none-any.whl

refactor_cli/__init__.py

@@ -0,0 +1,8 @@
+"""The `refactor` local-first CLI.
+
+Provides a git-style workflow (`refactor init`, `refactor code`, ...) that runs
+the shared `refactor_core` pipeline from a project folder while staying
+authenticated to the hosted platform via a developer key.
+"""
+
+__version__ = "0.1.0"

refactor_cli/auth.py

@@ -0,0 +1,120 @@
+"""Authentication guard: resolve the developer key, validate it (with a cached
+short-lived token), and fail closed when it is missing, invalid, or expired.
+"""
+
+from __future__ import annotations
+
+import hashlib
+import json
+import time
+from dataclasses import dataclass
+from datetime import datetime, timezone
+from pathlib import Path
+
+from refactor_core.paths import ensure_dir, validation_cache_dir
+
+from refactor_cli.client import PlatformClient, PlatformError
+from refactor_cli.credentials import ResolvedKey, resolve_developer_key
+
+
+class AuthError(RuntimeError):
+    """Raised when authentication cannot be established (fail closed)."""
+
+
+@dataclass
+class AuthContext:
+    key: ResolvedKey
+    account_id: str
+    quota_remaining: int | None
+    cached: bool
+
+
+def _fingerprint(key: str) -> str:
+    return hashlib.sha256(key.encode("utf-8")).hexdigest()[:16]
+
+
+def _cache_file(key: str) -> Path:
+    return validation_cache_dir() / f"{_fingerprint(key)}.json"
+
+
+def _read_cache(key: str) -> dict | None:
+    path = _cache_file(key)
+    if not path.is_file():
+        return None
+    try:
+        data = json.loads(path.read_text(encoding="utf-8"))
+    except (json.JSONDecodeError, OSError):
+        return None
+    expires_at = data.get("expires_at_epoch", 0)
+    if not isinstance(expires_at, (int, float)) or expires_at <= time.time():
+        return None
+    return data
+
+
+def _write_cache(key: str, payload: dict) -> None:
+    ensure_dir(validation_cache_dir())
+    expires_epoch = _parse_expiry(payload.get("expires_at"))
+    record = {
+        "account_id": payload.get("account_id"),
+        "quota_remaining": payload.get("quota_remaining"),
+        "validation_token": payload.get("validation_token"),
+        "expires_at": payload.get("expires_at"),
+        "expires_at_epoch": expires_epoch,
+    }
+    _cache_file(key).write_text(json.dumps(record, indent=2), encoding="utf-8")
+
+
+def _parse_expiry(value) -> float:
+    if not value:
+        return time.time() + 300
+    try:
+        dt = datetime.fromisoformat(str(value).replace("Z", "+00:00"))
+        return dt.replace(tzinfo=dt.tzinfo or timezone.utc).timestamp()
+    except ValueError:
+        return time.time() + 300
+
+
+def ensure_authenticated(
+    project_root: Path | None = None,
+    *,
+    force_remote: bool = False,
+    client: PlatformClient | None = None,
+) -> AuthContext:
+    """Resolve and validate the developer key, or raise ``AuthError``.
+
+    Uses a cached validation token when present and unexpired unless
+    ``force_remote`` is set.
+    """
+    resolved = resolve_developer_key(project_root)
+    if not resolved:
+        raise AuthError(
+            "No developer key configured. Run `refactor login`, set REFACTOR_API_KEY, "
+            "or add developer_key to refactor.config."
+        )
+
+    if not force_remote:
+        cached = _read_cache(resolved.key)
+        if cached:
+            return AuthContext(
+                key=resolved,
+                account_id=cached.get("account_id", "unknown"),
+                quota_remaining=cached.get("quota_remaining"),
+                cached=True,
+            )
+
+    client = client or PlatformClient()
+    try:
+        payload = client.validate_key(resolved.key)
+    except PlatformError as exc:
+        raise AuthError(str(exc)) from exc
+
+    if not payload.get("valid", False):
+        raise AuthError("Developer key is invalid or revoked")
+
+    _write_cache(resolved.key, payload)
+    return AuthContext(
+        key=resolved,
+        account_id=payload.get("account_id", "unknown"),
+        quota_remaining=payload.get("quota_remaining"),
+        cached=False,
+    )

refactor_cli/client.py

@@ -0,0 +1,46 @@
+"""Thin HTTP client for the hosted platform key endpoints."""
+
+from __future__ import annotations
+
+import httpx
+
+from refactor_cli.settings import platform_url
+
+
+class PlatformError(RuntimeError):
+    """Raised when the platform rejects a request."""
+
+    def __init__(self, message: str, *, status_code: int | None = None) -> None:
+        super().__init__(message)
+        self.status_code = status_code
+
+
+class PlatformClient:
+    def __init__(self, base_url: str | None = None, *, timeout: float = 20.0) -> None:
+        self.base_url = (base_url or platform_url()).rstrip("/")
+        self.timeout = timeout
+
+    def validate_key(self, developer_key: str) -> dict:
+        """Validate a developer key; returns the validation payload.
+
+        Raises ``PlatformError`` on rejection or transport failure so callers
+        can fail closed.
+        """
+        try:
+            response = httpx.post(
+                f"{self.base_url}/v1/keys/validate",
+                headers={"Authorization": f"Bearer {developer_key}"},
+                timeout=self.timeout,
+            )
+        except httpx.HTTPError as exc:
+            raise PlatformError(f"Could not reach platform at {self.base_url}: {exc}") from exc
+
+        if response.status_code == 401:
+            raise PlatformError("Developer key is invalid or revoked", status_code=401)
+        if response.status_code == 429:
+            raise PlatformError("Developer key quota exhausted", status_code=429)
+        if response.status_code >= 400:
+            raise PlatformError(
+                f"Key validation failed ({response.status_code})", status_code=response.status_code
+            )
+        return response.json()

refactor_cli/commands/__init__.py

@@ -0,0 +1 @@
+

refactor_cli/commands/auth_cmds.py

@@ -0,0 +1,85 @@
+"""`refactor login` and `refactor whoami`."""
+
+from __future__ import annotations
+
+import typer
+from rich.console import Console
+
+from refactor_cli.auth import AuthError, ensure_authenticated
+from refactor_cli.client import PlatformClient, PlatformError
+from refactor_cli.credentials import load_credentials, save_credentials
+from refactor_cli.settings import mask_key, platform_url
+
+console = Console()
+
+
+def login(
+    key: str = typer.Option(
+        None,
+        "--key",
+        "-k",
+        help="Developer key issued by the refactor platform. Prompted if omitted.",
+    ),
+) -> None:
+    """Validate a developer key and store it in the central credential file."""
+    developer_key = key or typer.prompt("Developer key", hide_input=True).strip()
+    if not developer_key:
+        console.print("[red]No key provided.[/red]")
+        raise typer.Exit(code=1)
+
+    client = PlatformClient()
+    try:
+        payload = client.validate_key(developer_key)
+    except PlatformError as exc:
+        console.print(f"[red]Login failed:[/red] {exc}")
+        raise typer.Exit(code=1) from exc
+
+    if not payload.get("valid", False):
+        console.print("[red]Login failed:[/red] key is invalid or revoked")
+        raise typer.Exit(code=1)
+
+    creds = load_credentials()
+    creds.update(
+        {
+            "developer_key": developer_key,
+            "account_id": payload.get("account_id"),
+            "platform_url": platform_url(),
+            "masked_key": mask_key(developer_key),
+        }
+    )
+    path = save_credentials(creds)
+    console.print(
+        f"[green]Logged in[/green] as account [bold]{payload.get('account_id', 'unknown')}[/bold] "
+        f"(key {mask_key(developer_key)}). Saved to {path}."
+    )
+
+
+def whoami() -> None:
+    """Show the active account and masked developer key."""
+    try:
+        ctx = ensure_authenticated()
+    except AuthError as exc:
+        console.print(f"[red]Not authenticated:[/red] {exc}")
+        raise typer.Exit(code=1) from exc
+    except OSError:
+        console.print(
+            "[red]Could not resolve the current project directory.[/red] "
+            "Please switch to a valid directory and retry. "
+            "If the problem continues, update/reinstall Refactor."
+        )
+        raise typer.Exit(code=1) from None
+    except Exception:
+        console.print(
+            "[red]Could not determine authentication status.[/red] "
+            "Please retry, and if this continues update/reinstall Refactor."
+        )
+        raise typer.Exit(code=1) from None
+
+    quota = "unknown" if ctx.quota_remaining is None else str(ctx.quota_remaining)
+    source = ctx.key.source
+    suffix = " (cached)" if ctx.cached else ""
+    console.print(
+        f"[bold]account[/bold]: {ctx.account_id}\n"
+        f"[bold]key[/bold]: {mask_key(ctx.key.key)} (source: {source})\n"
+        f"[bold]quota_remaining[/bold]: {quota}{suffix}"
+    )

refactor_cli/commands/engine_cmds.py

@@ -0,0 +1,147 @@
+"""Dedicated local engine commands (R13)."""
+
+from __future__ import annotations
+
+import os
+
+import typer
+from rich.console import Console
+
+from refactor_core.engine_runtime import (
+    DEFAULT_ENGINE_CONTAINER,
+    DEFAULT_ENGINE_IMAGE,
+    DEFAULT_ENGINE_PORT,
+    DEFAULT_ENGINE_PROFILE,
+    engine_status,
+    ensure_engine_up,
+    pull_model,
+    read_engine_state,
+    resolve_runtime,
+    run_engine_logs,
+    stop_engine,
+)
+from refactor_cli.model_policy import detect_machine_profile, evaluate_model, get_policy_bundle
+
+console = Console()
+app = typer.Typer(help="Manage the persistent local refactor engine.")
+
+
+def _resolve_engine_runtime() -> str:
+    preferred = os.environ.get("REFACTOR_ENGINE_RUNTIME", "podman")
+    runtime, reason = resolve_runtime(preferred)
+    if runtime:
+        return runtime
+    console.print(f"[red]Engine runtime unavailable:[/red] {reason}")
+    raise typer.Exit(code=1)
+
+
+@app.command("up")
+def up(
+    profile: str = typer.Option(DEFAULT_ENGINE_PROFILE, "--profile", help="Engine profile (cpu-small, cpu-balanced, gpu-standard)."),
+    image: str = typer.Option(DEFAULT_ENGINE_IMAGE, "--image", help="Engine container image."),
+    port: int = typer.Option(DEFAULT_ENGINE_PORT, "--port", help="Loopback port for local engine API."),
+    rebuild: bool = typer.Option(False, "--rebuild", help="Recreate container before startup."),
+) -> None:
+    """Create or start the persistent local engine container."""
+    runtime = _resolve_engine_runtime()
+    ok, message, state = ensure_engine_up(
+        runtime=runtime,
+        image=image,
+        container_name=DEFAULT_ENGINE_CONTAINER,
+        profile=profile,
+        port=port,
+        rebuild=rebuild,
+    )
+    if not ok:
+        console.print(f"[red]Engine start failed:[/red] {message}")
+        raise typer.Exit(code=1)
+    console.print(
+        f"[green]Engine ready.[/green] runtime={state.get('runtime')} "
+        f"container={state.get('container_name')} profile={state.get('profile')} "
+        f"port={state.get('port')}"
+    )
+
+
+@app.command("down")
+def down() -> None:
+    """Stop the local engine container."""
+    state = read_engine_state()
+    runtime = str(state.get("runtime") or _resolve_engine_runtime())
+    ok, message = stop_engine(runtime=runtime, container_name=DEFAULT_ENGINE_CONTAINER)
+    color = "green" if ok else "yellow"
+    console.print(f"[{color}]engine[/{color}]: {message}")
+    if not ok:
+        raise typer.Exit(code=1)
+
+
+@app.command("status")
+def status() -> None:
+    """Show local engine status and runtime metadata."""
+    state = read_engine_state()
+    runtime = str(state.get("runtime") or _resolve_engine_runtime())
+    data = engine_status(runtime=runtime, container_name=DEFAULT_ENGINE_CONTAINER)
+    console.print(f"[bold]status[/bold]: {data.get('status')}")
+    console.print(f"[bold]runtime[/bold]: {data.get('runtime')}")
+    console.print(f"[bold]container[/bold]: {data.get('container_name')}")
+    console.print(f"[bold]profile[/bold]: {data.get('profile')}")
+    console.print(f"[bold]image[/bold]: {data.get('image')}")
+    console.print(f"[bold]bind[/bold]: 127.0.0.1:{data.get('port')}")
+    console.print(f"[bold]exists[/bold]: {'yes' if data.get('exists') else 'no'}")
+    console.print(f"[bold]running[/bold]: {'yes' if data.get('running') else 'no'}")
+    console.print(f"[bold]healthy[/bold]: {'yes' if data.get('healthy') else 'no'}")
+    console.print(f"[bold]updated at[/bold]: {data.get('updated_at') or '<never>'}")
+
+
+@app.command("logs")
+def logs(
+    follow: bool = typer.Option(False, "--follow", "-f", help="Follow log stream."),
+    tail: int = typer.Option(200, "--tail", help="Number of log lines to show."),
+) -> None:
+    """Show local engine container logs."""
+    state = read_engine_state()
+    runtime = str(state.get("runtime") or _resolve_engine_runtime())
+    exit_code = run_engine_logs(
+        runtime=runtime,
+        container_name=DEFAULT_ENGINE_CONTAINER,
+        follow=follow,
+        tail=tail,
+    )
+    if exit_code != 0:
+        raise typer.Exit(code=exit_code)
+
+
+@app.command("pull-model")
+def pull_model_cmd(
+    model_id: str = typer.Argument(..., help="Model id to pull inside the local engine container."),
+    force_policy_refresh: bool = typer.Option(False, "--force-policy-refresh", help="Refresh signed policy before enforcement."),
+) -> None:
+    """Pull a model in the engine container (requires model-capable image)."""
+    try:
+        bundle = get_policy_bundle(force_refresh=force_policy_refresh)
+    except RuntimeError as exc:
+        console.print(f"[red]Policy resolve failed:[/red] {exc}")
+        raise typer.Exit(code=1) from exc
+    profile_info = detect_machine_profile()
+    decision = evaluate_model(
+        model_id=model_id,
+        policy_bundle=bundle,
+        profile=str(profile_info["profile"]),
+    )
+    if not decision.allowed:
+        console.print(f"[red]Model blocked:[/red] {decision.message}")
+        if decision.suggested_model_id:
+            console.print(f"[yellow]Suggested model:[/yellow] {decision.suggested_model_id}")
+        raise typer.Exit(code=1)
+    if decision.override_applied:
+        console.print("[yellow]Policy override applied for this model.[/yellow]")
+    state = read_engine_state()
+    runtime = str(state.get("runtime") or _resolve_engine_runtime())
+    ok, message = pull_model(
+        runtime=runtime,
+        container_name=DEFAULT_ENGINE_CONTAINER,
+        model_id=model_id,
+    )
+    if not ok:
+        console.print(f"[red]Model pull failed:[/red] {message}")
+        raise typer.Exit(code=1)
+    console.print(f"[green]Model pull complete.[/green] {message}")

refactor_cli/commands/model_cmds.py

@@ -0,0 +1,121 @@
+"""Model policy commands (R15)."""
+
+from __future__ import annotations
+
+import typer
+from rich.console import Console
+from rich.table import Table
+
+from refactor_core.engine_runtime import DEFAULT_ENGINE_CONTAINER, probe_model, read_engine_state, resolve_runtime
+
+from refactor_cli.model_policy import (
+    detect_machine_profile,
+    evaluate_model,
+    get_policy_bundle,
+    list_model_entries,
+    recommended_model_id,
+)
+
+console = Console()
+app = typer.Typer(help="Inspect and enforce local model policy.")
+
+
+@app.command("policy")
+def policy(force_refresh: bool = typer.Option(False, "--force-refresh", help="Refresh from control plane.")) -> None:
+    """Show effective signed model policy metadata."""
+    try:
+        bundle = get_policy_bundle(force_refresh=force_refresh)
+    except RuntimeError as exc:
+        console.print(f"[red]Policy resolve failed:[/red] {exc}")
+        raise typer.Exit(code=1) from exc
+    inner = dict(bundle.get("bundle") or {})
+    revision = str(inner.get("revision_id") or "<unknown>")
+    signature = str(bundle.get("signature") or "<missing>")
+    policy = dict(inner.get("model_policy") or {})
+    console.print(f"[bold]policy revision[/bold]: {revision}")
+    console.print(f"[bold]signature[/bold]: {signature}")
+    console.print(f"[bold]allowlist entries[/bold]: {len(policy.get('allowlist') or [])}")
+    console.print(f"[bold]blocklist entries[/bold]: {len(policy.get('blocklist') or [])}")
+    console.print(f"[bold]override entries[/bold]: {len(policy.get('overrides') or [])}")
+
+
+@app.command("list")
+def list_models(force_refresh: bool = typer.Option(False, "--force-refresh", help="Refresh from control plane.")) -> None:
+    """List allowed/blocked models from signed policy."""
+    try:
+        bundle = get_policy_bundle(force_refresh=force_refresh)
+    except RuntimeError as exc:
+        console.print(f"[red]Policy resolve failed:[/red] {exc}")
+        raise typer.Exit(code=1) from exc
+    entries = list_model_entries(bundle)
+    if not entries:
+        console.print("[yellow]No model entries found in current policy.[/yellow]")
+        return
+    table = Table(title="Model policy entries")
+    table.add_column("model_id")
+    table.add_column("status")
+    table.add_column("license")
+    table.add_column("commercial")
+    table.add_column("gpu")
+    for item in entries:
+        table.add_row(
+            str(item.get("model_id") or ""),
+            str(item.get("status") or ""),
+            str(item.get("license_class") or ""),
+            "yes" if bool(item.get("commercial_allowed", False)) else "no",
+            "yes" if bool(item.get("requires_gpu", False)) else "no",
+        )
+    console.print(table)
+
+
+@app.command("recommend")
+def recommend(force_refresh: bool = typer.Option(False, "--force-refresh", help="Refresh from control plane.")) -> None:
+    """Recommend a default model for this machine profile."""
+    profile_info = detect_machine_profile()
+    try:
+        bundle = get_policy_bundle(force_refresh=force_refresh)
+    except RuntimeError as exc:
+        console.print(f"[red]Policy resolve failed:[/red] {exc}")
+        raise typer.Exit(code=1) from exc
+    recommended = recommended_model_id(bundle, profile=profile_info["profile"])
+    if not recommended:
+        console.print("[yellow]No recommended model configured for this profile.[/yellow]")
+        raise typer.Exit(code=1)
+    console.print(f"[bold]machine profile[/bold]: {profile_info['profile']}")
+    console.print(f"[bold]memory (MB)[/bold]: {profile_info['memory_mb']}")
+    console.print(f"[bold]gpu detected[/bold]: {'yes' if profile_info['has_gpu'] else 'no'}")
+    console.print(f"[green]recommended model[/green]: {recommended}")
+
+
+@app.command("doctor")
+def doctor(
+    model_id: str | None = typer.Option(None, "--model-id", help="Model id to validate against policy."),
+    force_refresh: bool = typer.Option(False, "--force-refresh", help="Refresh from control plane."),
+) -> None:
+    """Validate model selection policy and local availability hints."""
+    profile_info = detect_machine_profile()
+    try:
+        bundle = get_policy_bundle(force_refresh=force_refresh)
+    except RuntimeError as exc:
+        console.print(f"[red]Policy resolve failed:[/red] {exc}")
+        raise typer.Exit(code=1) from exc
+    chosen = str(model_id or recommended_model_id(bundle, profile=profile_info["profile"])).strip()
+    if not chosen:
+        console.print("[red]No model id provided and no recommendation available.[/red]")
+        raise typer.Exit(code=1)
+    decision = evaluate_model(model_id=chosen, policy_bundle=bundle, profile=profile_info["profile"])
+    console.print(f"[bold]model[/bold]: {chosen}")
+    console.print(f"[bold]decision[/bold]: {decision.reason_code}")
+    console.print(decision.message)
+    if decision.suggested_model_id:
+        console.print(f"[bold]suggested[/bold]: {decision.suggested_model_id}")
+    if not decision.allowed:
+        raise typer.Exit(code=1)
+    state = read_engine_state()
+    runtime, reason = resolve_runtime(str(state.get("runtime") or "podman"))
+    if not runtime:
+        console.print(f"[yellow]local availability[/yellow]: {reason}")
+        raise typer.Exit(code=1)
+    ok, detail = probe_model(runtime=runtime, container_name=DEFAULT_ENGINE_CONTAINER, model_id=chosen)
+    color = "green" if ok else "yellow"
+    console.print(f"[{color}]local availability[/{color}]: {detail}")

refactor_cli/commands/rules_cmds.py

@@ -0,0 +1,131 @@
+"""Rule policy introspection commands (R12)."""
+
+from __future__ import annotations
+
+from pathlib import Path
+
+import typer
+from rich.console import Console
+
+from refactor_core.rules import RuleLoadError, resolve_filter_for_path, resolve_rule_for_path
+from refactor_core.rules.loader import load_rule_file, load_system_rules
+
+console = Console()
+app = typer.Typer(help="Inspect deterministic review rule resolution.")
+
+
+@app.command("check")
+def check(
+    file_path: str = typer.Argument(..., help="Project-relative file path to inspect."),
+    rule: str | None = typer.Option(
+        None,
+        "--rule",
+        help="Path to a custom rule JSON file (highest precedence for this command).",
+    ),
+    repo: str = typer.Option(
+        ".",
+        "--repo",
+        help="Project root directory (defaults to current working directory).",
+    ),
+) -> None:
+    """Show which rule applies to a file path and why."""
+    project_root = Path(repo).resolve()
+    custom_rule_path = Path(rule).resolve() if rule else None
+    try:
+        scope = resolve_filter_for_path(
+            file_path,
+            project_root=project_root,
+            custom_rule_path=custom_rule_path,
+        )
+        detail = resolve_rule_for_path(
+            file_path,
+            project_root=project_root,
+            custom_rule_path=custom_rule_path,
+        )
+    except RuleLoadError as exc:
+        console.print(f"[red]Rule resolution failed:[/red] {exc}")
+        raise typer.Exit(code=1) from exc
+
+    source_label = {
+        "custom": "Custom (--rule)",
+        "project": "Project (.refactor/rules.json)",
+        "global": "Global (~/.refactor/rules.json)",
+        "system": "System built-in",
+    }.get(detail.source, detail.source)
+
+    console.print(f"File: {file_path}")
+    console.print(f"Scope: {'included' if scope.included else 'excluded'}")
+    console.print(f"Scope Source: {scope.source}")
+    console.print(f"Scope Pattern: {scope.pattern}")
+    console.print(f"Source: {source_label}")
+    console.print(f"Pattern: {detail.pattern}")
+    console.print("Rule:")
+    console.print("-" * 40)
+    console.print(detail.rule)
+    console.print("-" * 40)
+
+
+def _warn_if_shadowed(patterns: list[str], *, idx: int) -> bool:
+    """Best-effort shadow check: earlier catch-all can mask later rules."""
+    current = (patterns[idx] or "").strip().lower()
+    if not current:
+        return False
+    for prior in patterns[:idx]:
+        p = (prior or "").strip().lower()
+        if p in {"**", "**/*", "*"}:
+            return True
+        if p == current:
+            return True
+    return False
+
+
+@app.command("lint")
+def lint(
+    rule: str = typer.Argument(..., help="Path to a rule JSON file to lint."),
+) -> None:
+    """Lint one rule file for broad and likely-shadowed patterns."""
+    rule_path = Path(rule).resolve()
+    try:
+        rule_file = load_rule_file(rule_path)
+    except RuleLoadError as exc:
+        console.print(f"[red]Rule lint failed:[/red] {exc}")
+        raise typer.Exit(code=1) from exc
+
+    warnings: list[str] = []
+    patterns = [entry.path for entry in rule_file.rules]
+    for i, pattern in enumerate(patterns):
+        pat = pattern.strip().lower()
+        if pat in {"**", "**/*", "*"}:
+            warnings.append(
+                f"rules[{i}] '{pattern}' is a broad catch-all and can mask later rules."
+            )
+        if _warn_if_shadowed(patterns, idx=i):
+            warnings.append(
+                f"rules[{i}] '{pattern}' may be shadowed by an earlier broad/same pattern."
+            )
+
+    if warnings:
+        console.print(f"[yellow]Lint warnings[/yellow] ({len(warnings)}):")
+        for item in warnings:
+            console.print(f"  - {item}")
+        raise typer.Exit(code=1)
+
+    console.print("[green]OK[/green]: no obvious broad/shadowed rule pattern issues found.")
+
+
+@app.command("catalog")
+def catalog() -> None:
+    """Show built-in system rule catalog for governance/audit."""
+    try:
+        rule_file = load_system_rules()
+    except RuleLoadError as exc:
+        console.print(f"[red]Could not load built-in catalog:[/red] {exc}")
+        raise typer.Exit(code=1) from exc
+
+    console.print("Built-in system rule catalog")
+    console.print(f"Rules: {len(rule_file.rules)}")
+    console.print(f"Has default: {'yes' if bool(rule_file.default_rule) else 'no'}")
+    console.print("")
+    for idx, entry in enumerate(rule_file.rules, start=1):
+        console.print(f"{idx:02d}. Pattern: {entry.path}")
+        console.print(f"    Rule: {entry.rule}")