vibeguard-cli 1.0.0__py3-none-any.whl → 1.0.5__py3-none-any.whl

vibeguard/__init__.py

@@ -1,3 +1,3 @@
 """VibeGuard CLI - Unified security scanner orchestrator."""
 
-__version__ = "1.0.0"
+__version__ = "1.0.5"

vibeguard/cli/apply.py

@@ -11,9 +11,14 @@ import typer
 from rich.panel import Panel
 from rich.syntax import Syntax
 
+from vibeguard.cli.banners import show_expiry_banner
 from vibeguard.cli.display import get_console
 from vibeguard.core.exit_codes import ExitCode
-from vibeguard.core.license import ProFeatureError, require_pro_license
+from vibeguard.core.license import (
+    ProFeatureError,
+    get_license_status_with_grace,
+    require_pro_license,
+)
 from vibeguard.models.patch import validate_unified_diff
 
 console = get_console()
@@ -90,6 +95,11 @@ def apply(
         console.print(f"[red]Error:[/red] {e}")
         raise typer.Exit(ExitCode.CONFIG_ERROR)
 
+    # Show expiry/grace period banner if license is expiring soon
+    license_status = get_license_status_with_grace()
+    if license_status.get("valid"):
+        show_expiry_banner(license_status)
+
     # Verify patch file exists and is readable
     patch_content = _read_patch_file(patch_file)
     if patch_content is None:

vibeguard/cli/auth_cmd.py

@@ -4,7 +4,6 @@ from __future__ import annotations
 
 import asyncio
 import threading
-from datetime import UTC, datetime
 
 import typer
 from rich.live import Live
@@ -15,7 +14,6 @@ from rich.text import Text
 
 from vibeguard.cli.display import BRAND_COLOR, VIBEGUARD_SPINNER_NAME, get_console
 from vibeguard.core.auth import (
-    AuthError,
     LicenseError,
     NetworkError,
     activate_license,

vibeguard/cli/banners.py

@@ -0,0 +1,98 @@
+"""Expiry and grace period banners for CLI commands.
+
+Displays warning banners based on license/token status to alert users
+about upcoming expiration or grace period status.
+"""
+
+from __future__ import annotations
+
+from typing import Any
+
+from rich.panel import Panel
+
+from vibeguard.cli.display import get_console
+
+console = get_console()
+
+# Banner thresholds
+CRITICAL_HOURS = 24  # Red banner when < 24 hours
+APPROACHING_DAYS = 7  # Yellow banner when < 7 days
+
+
+def show_expiry_banner(license_status: dict[str, Any]) -> None:
+    """Show warning banner based on license/token status.
+
+    Banner zones (in priority order):
+    1. Grace period (license expired, in 48h grace): Yellow urgent
+    2. Critical (< 24 hours until expiry): Red
+    3. Approaching (< 7 days until expiry): Yellow notice
+
+    Args:
+        license_status: Dictionary from get_license_status_with_grace() with:
+            - valid: bool - whether license is currently valid
+            - in_grace: bool - whether in grace period
+            - hours_left: int - hours remaining (if in grace)
+            - days_left: int - days remaining (if not in grace)
+    """
+    if not license_status.get("valid"):
+        # Don't show banner if fully expired (auth will fail anyway)
+        return
+
+    in_grace = license_status.get("in_grace", False)
+    hours_left = license_status.get("hours_left", 0)
+    days_left = license_status.get("days_left", 999)
+
+    if in_grace:
+        # Grace period - yellow/urgent messaging
+        _show_grace_period_banner(hours_left)
+    elif days_left * 24 + hours_left <= CRITICAL_HOURS:
+        # Critical - less than 24 hours
+        total_hours = days_left * 24 + hours_left
+        _show_critical_banner(total_hours)
+    elif days_left <= APPROACHING_DAYS:
+        # Approaching - 1-7 days remaining
+        _show_approaching_banner(days_left)
+    # else: No banner for healthy licenses (> 7 days remaining)
+
+
+def _show_grace_period_banner(hours_left: int) -> None:
+    """Show grace period warning banner (yellow, urgent)."""
+    console.print(
+        Panel(
+            f"[yellow bold]Your license expired. "
+            f"Grace period: {hours_left} hours remaining.[/yellow bold]\n"
+            "Renew now to avoid service interruption.\n"
+            "[dim]https://app.vibeguard.co/billing[/dim]",
+            title="[yellow]Grace Period Active[/yellow]",
+            border_style="yellow",
+        )
+    )
+    console.print()  # Add spacing after banner
+
+
+def _show_critical_banner(hours_left: int) -> None:
+    """Show critical expiry warning banner (red)."""
+    time_str = f"{hours_left} hour{'s' if hours_left != 1 else ''}"
+    console.print(
+        Panel(
+            f"[red bold]Your license expires in {time_str}![/red bold]\n"
+            "Renew at: [dim]https://app.vibeguard.co/billing[/dim]",
+            title="[red]License Expiring Soon[/red]",
+            border_style="red",
+        )
+    )
+    console.print()
+
+
+def _show_approaching_banner(days_left: int) -> None:
+    """Show approaching expiry notice banner (yellow, informational)."""
+    day_str = f"{days_left} day{'s' if days_left != 1 else ''}"
+    console.print(
+        Panel(
+            f"[yellow]Your license expires in {day_str}.[/yellow]\n"
+            "Renew at: [dim]https://app.vibeguard.co/billing[/dim]",
+            title="Renewal Reminder",
+            border_style="yellow",
+        )
+    )
+    console.print()

vibeguard/cli/config_cmd.py

@@ -10,7 +10,7 @@ from questionary import Style
 from rich.table import Table
 
 from vibeguard.cli.display import get_console
-from vibeguard.core.config import VibeGuardConfig, find_config_file, load_config, save_config
+from vibeguard.core.config import find_config_file, load_config, save_config
 
 app = typer.Typer(
     name="config",
@@ -114,7 +114,7 @@ def set_config(
     # Parse the key path
     parts = key.split(".")
     if len(parts) != 2:
-        console.print(f"[red]Error:[/red] Invalid key format. Use section.setting (e.g., report.format)")
+        console.print("[red]Error:[/red] Invalid key format. Use section.setting (e.g., report.format)")
         raise typer.Exit(1)
 
     section, setting = parts
@@ -126,7 +126,7 @@ def set_config(
                 config.report.auto_generate = value.lower() in ("true", "yes", "1", "on")
             elif setting == "format":
                 if value not in ("html", "json", "sarif"):
-                    console.print(f"[red]Error:[/red] Invalid format. Choose: html, json, sarif")
+                    console.print("[red]Error:[/red] Invalid format. Choose: html, json, sarif")
                     raise typer.Exit(1)
                 config.report.format = value  # type: ignore
             elif setting == "output_dir":
@@ -139,14 +139,14 @@ def set_config(
         elif section == "scan":
             if setting == "pack":
                 if value not in ("core", "ecosystem", "full"):
-                    console.print(f"[red]Error:[/red] Invalid pack. Choose: core, ecosystem, full")
+                    console.print("[red]Error:[/red] Invalid pack. Choose: core, ecosystem, full")
                     raise typer.Exit(1)
                 config.scan.pack = value  # type: ignore
             elif setting == "timeout":
                 config.scan.timeout = int(value)
             elif setting == "min_severity":
                 if value not in ("critical", "high", "medium", "low", "info"):
-                    console.print(f"[red]Error:[/red] Invalid severity. Choose: critical, high, medium, low, info")
+                    console.print("[red]Error:[/red] Invalid severity. Choose: critical, high, medium, low, info")
                     raise typer.Exit(1)
                 config.scan.min_severity = value  # type: ignore
             else:
@@ -155,7 +155,7 @@ def set_config(
         elif section == "output":
             if setting == "format":
                 if value not in ("terminal", "json", "sarif", "html"):
-                    console.print(f"[red]Error:[/red] Invalid format. Choose: terminal, json, sarif, html")
+                    console.print("[red]Error:[/red] Invalid format. Choose: terminal, json, sarif, html")
                     raise typer.Exit(1)
                 config.output.format = value  # type: ignore
             else:
@@ -248,5 +248,5 @@ def edit_config_interactive(
 
     # Save
     save_config(config, config_path)
-    console.print(f"\n[green]Settings saved![/green]")
+    console.print("\n[green]Settings saved![/green]")
     console.print(f"[dim]Config file: {config_path}[/dim]")

vibeguard/cli/fix.py

@@ -15,6 +15,7 @@ from rich.table import Table
 from vibeguard.cli.display import get_console
 from vibeguard.core.cache import load_latest_scan
 from vibeguard.core.exit_codes import ExitCode
+from vibeguard.models.auth import Bundle
 from vibeguard.models.finding import Finding, Severity
 
 console = get_console()
@@ -38,8 +39,8 @@ SEVERITY_COLORS = {
     Severity.INFO: "dim",
 }
 
-# Prompt template for security fixes
-FIX_PROMPT_TEMPLATE = """\
+# Prompt template for security fixes (hardcoded fallback)
+_DEFAULT_FIX_PROMPT = """\
 You are a security expert helping fix a vulnerability in code.
 
 ## Finding Details
@@ -133,6 +134,11 @@ def fix(
     """
     target = path.resolve()
 
+    # Load cached bundle for prompt templates (no fetch - fix is FREE tier)
+    from vibeguard.core.bundles import load_cached_bundle
+
+    bundle = load_cached_bundle()
+
     # Load latest scan
     scan_result = load_latest_scan(target)
 
@@ -172,7 +178,7 @@ def fix(
 
     if use_interactive:
         # Interactive mode - main loop
-        _interactive_fix_loop(findings, target, bulk)
+        _interactive_fix_loop(findings, target, bulk, bundle=bundle)
         raise typer.Exit(ExitCode.SUCCESS)
 
     # Non-interactive mode - use provided finding_id
@@ -199,7 +205,7 @@ def fix(
         raise typer.Exit(ExitCode.CONFIG_ERROR)
 
     # Generate prompt for the single finding
-    prompt = build_fix_prompt(finding, target)
+    prompt = build_fix_prompt(finding, target, bundle=bundle)
 
     # In non-interactive mode (finding_id provided), just display and exit
     # Check if we're in a TTY for action menu
@@ -218,13 +224,20 @@ def fix(
     raise typer.Exit(ExitCode.SUCCESS)
 
 
-def _interactive_fix_loop(findings: list[Finding], target: Path, bulk: bool) -> None:
+def _interactive_fix_loop(
+    findings: list[Finding],
+    target: Path,
+    bulk: bool,
+    *,
+    bundle: Bundle | None = None,
+) -> None:
     """Main interactive loop for fix command.
 
     Args:
         findings: List of findings to choose from
         target: Repository root path
         bulk: Whether bulk mode is enabled
+        bundle: Optional policy bundle for prompt templates
     """
     while True:
         console.print()
@@ -243,7 +256,7 @@ def _interactive_fix_loop(findings: list[Finding], target: Path, bulk: bool) ->
 
         # Generate and display prompts
         prompts = [
-            (f, build_fix_prompt(f, target))
+            (f, build_fix_prompt(f, target, bundle=bundle))
             for f in selected_findings
         ]
         _display_prompts(prompts)
@@ -904,16 +917,32 @@ def _find_finding(findings: list[Finding], finding_id: str) -> Finding | None:
     return None
 
 
-def build_fix_prompt(finding: Finding, repo_root: Path) -> str:
+def build_fix_prompt(
+    finding: Finding,
+    repo_root: Path,
+    *,
+    bundle: Bundle | None = None,
+) -> str:
     """Build the fix prompt from a finding.
 
+    Uses bundle-sourced prompt template if available,
+    falling back to hardcoded template.
+
     Args:
         finding: The finding to generate a prompt for
         repo_root: Repository root path
+        bundle: Optional policy bundle for prompt templates
 
     Returns:
         Complete prompt string
     """
+    from vibeguard.core.bundles import get_prompt
+
+    # Select template: bundle-sourced or hardcoded fallback
+    template = _DEFAULT_FIX_PROMPT
+    if bundle is not None:
+        template = get_prompt(bundle, "fix_prompt", _DEFAULT_FIX_PROMPT)
+
     # Build optional sections
     has_range = finding.line_end and finding.line_end != finding.line_start
     line_end_str = f"-{finding.line_end}" if has_range else ""
@@ -933,7 +962,7 @@ def build_fix_prompt(finding: Finding, repo_root: Path) -> str:
     if not code_snippet:
         code_snippet = "(Code snippet not available)"
 
-    return FIX_PROMPT_TEMPLATE.format(
+    return template.format(
         scanner=finding.scanner,
         rule_id=finding.rule_id,
         severity=finding.severity.value.upper(),

vibeguard/cli/main.py

@@ -309,6 +309,7 @@ def show_baseline_submenu() -> list[str]:
     if selected in ("show", "delete"):
         # List available baselines for selection
         from pathlib import Path
+
         from vibeguard.core.baseline import list_baselines
 
         baselines = list_baselines(Path("."))

vibeguard/cli/patch.py

@@ -14,6 +14,7 @@ from rich.progress import Progress, SpinnerColumn, TextColumn
 from rich.syntax import Syntax
 from rich.table import Table
 
+from vibeguard.cli.banners import show_expiry_banner
 from vibeguard.cli.display import (
     BRAND_COLOR,
     VIBEGUARD_SPINNER_NAME,
@@ -23,8 +24,13 @@ from vibeguard.cli.display import (
 from vibeguard.cli.fix import _find_finding, build_fix_prompt
 from vibeguard.core.cache import load_latest_scan
 from vibeguard.core.exit_codes import ExitCode
-from vibeguard.core.license import ProFeatureError, require_patch_capability
+from vibeguard.core.license import (
+    ProFeatureError,
+    get_license_status_with_grace,
+    require_patch_capability,
+)
 from vibeguard.core.llm import LLMError, LLMResponse, generate
+from vibeguard.models.auth import Bundle
 from vibeguard.models.finding import Finding, Severity
 from vibeguard.models.patch import (
     PatchArtifact,
@@ -135,6 +141,14 @@ def patch(
         console.print(f"[red]Error:[/red] {e}")
         raise typer.Exit(ExitCode.CONFIG_ERROR)
 
+    # Show expiry/grace period banner if license is expiring soon
+    license_status = get_license_status_with_grace()
+    if license_status.get("valid"):
+        show_expiry_banner(license_status)
+
+    # Load bundle for prompt templates (Pro users can fetch from server)
+    bundle = _load_bundle_for_patch()
+
     # Load latest scan
     scan_result = load_latest_scan(target)
     if scan_result is None:
@@ -196,7 +210,8 @@ def patch(
                 console.print(f"[dim]Patch {i + 1} of {total}[/dim]")
 
             result = _generate_and_save_patch(
-                selected_finding, target, provider, model, output, dry_run
+                selected_finding, target, provider, model, output, dry_run,
+                bundle=bundle,
             )
             if result:
                 success_count += 1
@@ -249,10 +264,35 @@ def patch(
         raise typer.Exit(ExitCode.CONFIG_ERROR)
 
     # Generate patch for the single finding
-    result = _generate_and_save_patch(finding, target, provider, model, output, dry_run)
+    result = _generate_and_save_patch(
+        finding, target, provider, model, output, dry_run, bundle=bundle,
+    )
     raise typer.Exit(ExitCode.SUCCESS if result else ExitCode.SCAN_ERROR)
 
 
+def _load_bundle_for_patch() -> Bundle | None:
+    """Load bundle for patch command, fetching if Pro licensed.
+
+    Pro users can fetch from the server; falls back to cache or hardcoded.
+    Never raises -- bundle failure should never block patching.
+    """
+    from vibeguard.core.auth import get_cached_token
+    from vibeguard.core.bundles import (
+        ensure_bundle,
+        get_hardcoded_fallback,
+        load_cached_bundle,
+    )
+
+    token = get_cached_token()
+    token_str = token.token if token else None
+
+    try:
+        return asyncio.run(ensure_bundle(token_str))
+    except Exception:
+        # Bundle fetch failure should never block patching
+        return load_cached_bundle() or get_hardcoded_fallback()
+
+
 def _parse_severity(severity_str: str) -> Severity | None:
     """Parse severity string to Severity enum."""
     severity_map = {
@@ -553,13 +593,15 @@ def _generate_and_save_patch(
     model: str | None,
     output: Path | None,
     dry_run: bool,
+    *,
+    bundle: Bundle | None = None,
 ) -> bool:
     """Generate and save a patch for a single finding.
 
     Returns True on success, False on failure.
     """
-    # Build prompt
-    prompt = build_fix_prompt(finding, target)
+    # Build prompt (uses bundle template if available)
+    prompt = build_fix_prompt(finding, target, bundle=bundle)
 
     # Generate patch using LLM
     console.print(
@@ -579,7 +621,9 @@ def _generate_and_save_patch(
             msg = get_patching_message()
             task = progress.add_task(f"{msg}...", total=None)
 
-            response = asyncio.run(_generate_patch_async(prompt, provider, model))
+            response = asyncio.run(
+                _generate_patch_async(prompt, provider, model, bundle=bundle)
+            )
 
             progress.remove_task(task)
 
@@ -785,6 +829,8 @@ async def _generate_patch_async(
     prompt: str,
     provider: str | None,
     model: str | None,
+    *,
+    bundle: Bundle | None = None,
 ) -> LLMResponse:
     """Generate patch using LLM.
 
@@ -792,14 +838,20 @@ async def _generate_patch_async(
         prompt: The prompt to send
         provider: Optional provider override
         model: Optional model override
+        bundle: Optional policy bundle for LLM configuration
 
     Returns:
         LLMResponse with generated content
     """
+    from vibeguard.core.bundles import get_patch_rule
+
+    max_tokens = get_patch_rule(bundle, "max_tokens", 4096) if bundle else 4096
+    temperature = get_patch_rule(bundle, "temperature", 0.2) if bundle else 0.2
+
     return await generate(
         prompt,
         provider=provider,
         model=model,
-        max_tokens=4096,
-        temperature=0.2,  # Low temperature for deterministic output
+        max_tokens=max_tokens,
+        temperature=temperature,
     )

vibeguard/cli/scan.py

@@ -862,6 +862,13 @@ async def _run_scan(
             if not quiet:
                 console.print(f"[yellow]Warning:[/yellow] Failed to cache results: {e}")
 
+    # Fire-and-forget scan submission for Pro users
+    try:
+        from vibeguard.core.telemetry import submit_scan
+        submit_scan(result)
+    except Exception:
+        pass  # Never block on telemetry
+
     return result
 
 

vibeguard/core/bootstrap.py

@@ -6,6 +6,7 @@ import subprocess  # nosec B404  # noqa: S404  # needed for pip install
 import sys
 from dataclasses import dataclass
 from enum import Enum
+from pathlib import Path
 
 from vibeguard.core.downloader import DownloadConfig, download_binary, get_cached_binary
 from vibeguard.scanners import ScannerManifest, load_manifest
@@ -68,8 +69,19 @@ class BootstrapSummary:
 
 
 def _is_binary_available(binary_name: str) -> bool:
-    """Check if a binary is available in PATH."""
-    return shutil.which(binary_name) is not None
+    """Check if a binary is available in PATH or the current venv's bin directory."""
+    if shutil.which(binary_name) is not None:
+        return True
+
+    # Check current Python environment's bin directory (handles pipx installs)
+    prefix = Path(sys.prefix)
+    bin_dir = prefix / ("Scripts" if sys.platform == "win32" else "bin")
+    if bin_dir.is_dir():
+        for ext in ("", ".exe"):
+            if (bin_dir / f"{binary_name}{ext}").is_file():
+                return True
+
+    return False
 
 
 def _is_docker_available() -> bool:
@@ -102,6 +114,8 @@ async def _try_download(manifest: ScannerManifest) -> bool:
         archive_type=manifest.download_config.archive_type,
         windows_archive_type=manifest.download_config.windows_archive_type,
         windows_arch=manifest.download_config.windows_arch,
+        os_map=manifest.download_config.os_map,
+        arch_map=manifest.download_config.arch_map,
     )
 
     binary_path = await download_binary(dl_config)

vibeguard/core/bundles.py

@@ -0,0 +1,303 @@
+"""Policy bundle fetching, caching, and loading.
+
+Bundles contain server-managed prompts, patch rules, and defaults
+that can be updated without releasing a new CLI version.
+"""
+
+from __future__ import annotations
+
+import hashlib
+import json
+from datetime import UTC, datetime
+from pathlib import Path
+from typing import Any
+
+import httpx
+
+from vibeguard.core.auth import API_BASE_URL, API_TIMEOUT
+from vibeguard.models.auth import Bundle, BundleMetadata
+
+# Storage locations
+BUNDLES_DIR = Path.home() / ".vibeguard" / "bundles"
+BUNDLE_FILE = BUNDLES_DIR / "current.json"
+BUNDLE_META_FILE = BUNDLES_DIR / "meta.json"
+
+
+class BundleError(Exception):
+    """Raised when bundle operations fail."""
+
+
+# ---------------------------------------------------------------------------
+# Hardcoded fallback (mirrors fix.py FIX_PROMPT_TEMPLATE)
+# ---------------------------------------------------------------------------
+
+_DEFAULT_FIX_PROMPT = """\
+You are a security expert helping fix a vulnerability in code.
+
+## Finding Details
+- **Scanner**: {scanner}
+- **Rule**: {rule_id}
+- **Severity**: {severity}
+- **File**: {file_path}
+- **Line**: {line_start}{line_end_str}
+{cwe_section}
+## Issue Description
+{message}
+
+## Affected Code
+```
+{code_snippet}
+```
+
+## Your Task
+Generate a minimal, safe fix for this security issue. Follow these rules:
+
+### Patch Safety Rules
+1. Make minimal changes only - fix the vulnerability, nothing else
+2. Do not add new dependencies unless absolutely required
+3. Do not include any secrets, tokens, or credentials in your response
+4. Preserve the existing code style and formatting
+5. Output ONLY a valid unified diff (starting with --- and +++)
+6. If you are uncertain about the fix, include a comment: # MANUAL_REVIEW_REQUIRED
+
+### Expected Output Format
+```diff
+--- a/{file_path}
++++ b/{file_path}
+@@ -line,count +line,count @@
+ context line
+-removed line
++added line
+ context line
+```
+
+Generate the patch now:
+"""
+
+
+def _ensure_bundles_dir() -> None:
+    """Ensure the bundles directory exists."""
+    BUNDLES_DIR.mkdir(parents=True, exist_ok=True)
+
+
+# ---------------------------------------------------------------------------
+# Load / Save
+# ---------------------------------------------------------------------------
+
+
+def load_cached_bundle() -> Bundle | None:
+    """Load bundle from local cache (~/.vibeguard/bundles/current.json).
+
+    Returns:
+        Bundle if cached and valid, None otherwise.
+    """
+    if not BUNDLE_FILE.exists():
+        return None
+    try:
+        data = json.loads(BUNDLE_FILE.read_text(encoding="utf-8"))
+        return Bundle(**data)
+    except (json.JSONDecodeError, KeyError, TypeError, ValueError):
+        return None
+
+
+def load_bundle_metadata() -> BundleMetadata | None:
+    """Load bundle metadata from local cache.
+
+    Returns:
+        BundleMetadata if exists, None otherwise.
+    """
+    if not BUNDLE_META_FILE.exists():
+        return None
+    try:
+        data = json.loads(BUNDLE_META_FILE.read_text(encoding="utf-8"))
+        return BundleMetadata(**data)
+    except (json.JSONDecodeError, KeyError, TypeError, ValueError):
+        return None
+
+
+def save_bundle(bundle: Bundle, sha256: str | None = None) -> None:
+    """Save bundle and metadata to local cache.
+
+    Args:
+        bundle: The Bundle object to cache.
+        sha256: Optional SHA-256 hash for integrity verification.
+    """
+    _ensure_bundles_dir()
+
+    # Write bundle content
+    content = bundle.model_dump_json(indent=2)
+    BUNDLE_FILE.write_text(content, encoding="utf-8")
+
+    # Write metadata
+    meta = BundleMetadata(
+        version=bundle.version,
+        downloaded_at=datetime.now(UTC),
+        sha256=sha256,
+        is_current=True,
+    )
+    BUNDLE_META_FILE.write_text(meta.model_dump_json(indent=2), encoding="utf-8")
+
+
+def get_cached_version() -> str | None:
+    """Get version of the currently cached bundle.
+
+    Returns:
+        Version string or None if no bundle cached.
+    """
+    meta = load_bundle_metadata()
+    return meta.version if meta else None
+
+
+# ---------------------------------------------------------------------------
+# Fetch
+# ---------------------------------------------------------------------------
+
+
+async def fetch_bundle(token: str) -> Bundle | None:
+    """Fetch latest bundle from API server.
+
+    Uses conditional fetching: sends cached version as
+    If-None-Match header. If server returns 304 (Not Modified),
+    returns None (no update needed).
+
+    Args:
+        token: Auth token for the API.
+
+    Returns:
+        New Bundle if updated, None if already current.
+
+    Raises:
+        BundleError: If fetch fails (caller should fall back to cache).
+    """
+    headers: dict[str, str] = {"Authorization": f"Bearer {token}"}
+
+    cached_version = get_cached_version()
+    if cached_version:
+        headers["If-None-Match"] = cached_version
+
+    try:
+        async with httpx.AsyncClient(timeout=API_TIMEOUT) as client:
+            resp = await client.get(
+                f"{API_BASE_URL}/v1/bundles/latest",
+                headers=headers,
+            )
+
+        if resp.status_code == 304:
+            return None  # Already up to date
+
+        if resp.status_code == 401:
+            raise BundleError("Unauthorized: invalid or expired token")
+
+        if resp.status_code != 200:
+            raise BundleError(f"Unexpected status {resp.status_code}")
+
+        data = resp.json()
+        bundle = Bundle(**data)
+
+        # Compute SHA-256 of the raw response body
+        sha256 = hashlib.sha256(resp.content).hexdigest()
+
+        # Cache the new bundle
+        save_bundle(bundle, sha256=sha256)
+
+        return bundle
+
+    except httpx.HTTPError as exc:
+        raise BundleError(f"Network error fetching bundle: {exc}") from exc
+    except (json.JSONDecodeError, KeyError, TypeError, ValueError) as exc:
+        raise BundleError(f"Invalid bundle response: {exc}") from exc
+
+
+# ---------------------------------------------------------------------------
+# Main entry point
+# ---------------------------------------------------------------------------
+
+
+async def ensure_bundle(token: str | None = None) -> Bundle:
+    """Get the current bundle, fetching if needed.
+
+    Priority order:
+    1. If online + token: Try fetch (with version check)
+    2. If cached bundle exists: Use it
+    3. Fall back to hardcoded defaults
+
+    This is the main entry point that other modules should call.
+    Never raises -- always returns a usable Bundle.
+
+    Args:
+        token: Optional auth token (skips fetch if None).
+
+    Returns:
+        Bundle (from server, cache, or hardcoded fallback).
+    """
+    # Try fetching from server if we have a token
+    if token:
+        try:
+            fetched = await fetch_bundle(token)
+            if fetched is not None:
+                return fetched
+        except BundleError:
+            pass  # Fall through to cache
+
+    # Try cached bundle
+    cached = load_cached_bundle()
+    if cached is not None:
+        return cached
+
+    # Final fallback: hardcoded defaults
+    return get_hardcoded_fallback()
+
+
+# ---------------------------------------------------------------------------
+# Fallback & helpers
+# ---------------------------------------------------------------------------
+
+
+def get_hardcoded_fallback() -> Bundle:
+    """Get the hardcoded fallback bundle.
+
+    This contains the same prompts/rules that are currently
+    hardcoded in fix.py, ensuring backwards compatibility.
+
+    Returns:
+        Bundle with hardcoded defaults.
+    """
+    return Bundle(
+        version="0.0.0-builtin",
+        prompts={
+            "fix_prompt": _DEFAULT_FIX_PROMPT,
+        },
+        patch_rules={
+            "max_tokens": 4096,
+            "temperature": 0.2,
+        },
+        defaults={},
+    )
+
+
+def get_prompt(bundle: Bundle, key: str, fallback: str) -> str:
+    """Get a prompt template from bundle with fallback.
+
+    Args:
+        bundle: The bundle to look up.
+        key: Prompt key (e.g., "fix_prompt", "patch_system").
+        fallback: Default template if key not in bundle.
+
+    Returns:
+        Prompt template string.
+    """
+    return bundle.prompts.get(key, fallback)
+
+
+def get_patch_rule(bundle: Bundle, key: str, fallback: Any = None) -> Any:
+    """Get a patch rule from bundle with fallback.
+
+    Args:
+        bundle: The bundle to look up.
+        key: Rule key (e.g., "max_tokens", "temperature").
+        fallback: Default value if key not in bundle.
+
+    Returns:
+        Rule value.
+    """
+    return bundle.patch_rules.get(key, fallback)

vibeguard/core/downloader.py

@@ -82,6 +82,8 @@ class DownloadConfig(BaseModel):
     archive_type: str = "tar.gz"
     windows_archive_type: str | None = None  # Override for Windows
     windows_arch: str | None = None  # Override arch for Windows (e.g., "x64" instead of "amd64")
+    os_map: dict[str, str] | None = None  # Custom OS name mapping (e.g., {"darwin": "macOS"})
+    arch_map: dict[str, str] | None = None  # Custom arch name mapping (e.g., {"amd64": "64bit"})
 
 
 class PlatformInfo(NamedTuple):
@@ -148,6 +150,14 @@ async def download_binary(config: DownloadConfig) -> Path | None:
     # Determine archive type and arch (Windows may use different values)
     archive_type = config.archive_type
     arch = platform_info.arch
+    os_name = platform_info.os
+
+    # Apply custom OS/arch mappings if provided (e.g., Trivy uses "macOS" not "darwin")
+    if config.os_map:
+        os_name = config.os_map.get(os_name, os_name)
+    if config.arch_map:
+        arch = config.arch_map.get(arch, arch)
+
     if platform_info.os == "windows":
         if config.windows_archive_type:
             archive_type = config.windows_archive_type
@@ -157,7 +167,7 @@ async def download_binary(config: DownloadConfig) -> Path | None:
     # Build download URL
     url = config.url_template.format(
         version=config.version,
-        os=platform_info.os,
+        os=os_name,
         arch=arch,
     )
     # Handle Windows archive type in URL if different from default

vibeguard/core/license.py

@@ -6,7 +6,6 @@ BYOK LLM keys are separately required for patch generation.
 
 from __future__ import annotations
 
-from datetime import UTC, datetime
 from typing import Any
 
 from vibeguard.core.keyring import get_configured_providers
@@ -164,3 +163,82 @@ def get_token_expiry_message() -> str | None:
     else:
         minutes = remaining.seconds // 60
         return f"Token expires in {minutes} minutes"
+
+
+def get_license_status_with_grace() -> dict[str, Any]:
+    """Get detailed license status including grace period information.
+
+    This function calculates the license status for displaying expiry
+    banners in CLI commands. It returns information about:
+    - Whether the license is valid (including grace period)
+    - Whether currently in grace period
+    - Time remaining until expiry
+
+    The grace period is 48 hours after license expiration. During grace,
+    the license is still valid but users should be warned to renew.
+
+    Returns:
+        Dictionary with:
+        - valid: bool - True if license is currently usable
+        - in_grace: bool - True if in grace period (expired but within 48h)
+        - hours_left: int - Hours remaining (in grace period)
+        - days_left: int - Days remaining until expiry (when not in grace)
+        - license_expires_at: datetime | None - When license expires
+        - grace_end: datetime | None - When grace period ends
+    """
+    from vibeguard.core.auth import get_cached_token, get_token_time_remaining
+
+    token = get_cached_token()
+    if token is None:
+        return {
+            "valid": False,
+            "in_grace": False,
+            "hours_left": 0,
+            "days_left": 0,
+            "license_expires_at": None,
+            "grace_end": None,
+        }
+
+    remaining = get_token_time_remaining(token)
+    total_seconds = remaining.total_seconds()
+
+    if total_seconds <= 0:
+        # Token has fully expired (past grace period)
+        return {
+            "valid": False,
+            "in_grace": False,
+            "hours_left": 0,
+            "days_left": 0,
+            "license_expires_at": token.expires_at,
+            "grace_end": token.expires_at,
+        }
+
+    # Token is still valid
+    # Calculate days and hours
+    days_left = remaining.days
+    hours_left = remaining.seconds // 3600
+
+    # Check if we're likely in grace period
+    # Grace period detection heuristic: If token has < 48 hours AND
+    # the token has specific grace indicators (will be enhanced when
+    # backend adds explicit fields)
+    #
+    # For now, we detect grace by checking if the entitlements include
+    # a grace marker OR if we're in the last 48 hours (conservative approach)
+    #
+    # TODO: When backend adds explicit in_grace field, use that instead
+    in_grace = False
+
+    # Check for explicit grace indicator in entitlements
+    # Backend can add "grace.active" entitlement during grace period
+    if token.entitlements and "grace.active" in token.entitlements:
+        in_grace = True
+
+    return {
+        "valid": True,
+        "in_grace": in_grace,
+        "hours_left": hours_left if in_grace else 0,
+        "days_left": days_left,
+        "license_expires_at": token.expires_at,
+        "grace_end": token.expires_at,  # Token expiry = grace end when bounded
+    }

vibeguard/core/telemetry.py

@@ -0,0 +1,73 @@
+"""Scan telemetry submission.
+
+Fire-and-forget scan metadata submission to the API for Pro users.
+Only sends aggregated counts, never individual findings.
+"""
+
+from __future__ import annotations
+
+import logging
+from datetime import UTC, datetime
+from typing import TYPE_CHECKING
+
+import httpx
+
+from vibeguard.core.auth import API_BASE_URL, API_TIMEOUT
+
+if TYPE_CHECKING:
+    from vibeguard.models.scan_result import ScanResult
+
+logger = logging.getLogger(__name__)
+
+
+def submit_scan(result: ScanResult, repo_name: str | None = None) -> None:
+    """Fire-and-forget scan submission. Never raises, never blocks the user.
+
+    Only submits if the user has a valid Pro token cached.
+    Uses synchronous httpx to avoid event loop conflicts.
+
+    Args:
+        result: The completed scan result.
+        repo_name: Optional repo name (only if user opted in via settings).
+    """
+    try:
+        from vibeguard.core.auth import get_cached_token
+
+        token_obj = get_cached_token()
+        if not token_obj:
+            return  # No Pro license, skip
+
+        token_str = token_obj.token
+
+        # Calculate duration in milliseconds
+        duration_ms = None
+        if result.started_at and result.finished_at:
+            delta = result.finished_at - result.started_at
+            duration_ms = int(delta.total_seconds() * 1000)
+
+        payload = {
+            "score": result.score,
+            "grade": result.grade,
+            "critical_count": result.counts.get("critical", 0),
+            "high_count": result.counts.get("high", 0),
+            "medium_count": result.counts.get("medium", 0),
+            "low_count": result.counts.get("low", 0),
+            "total_findings": len(result.findings),
+            "scanners_run": result.scanners_run,
+            "scan_duration_ms": duration_ms,
+            "partial": result.partial,
+            "repo_name": repo_name,
+            "scanned_at": (result.finished_at or datetime.now(UTC)).isoformat(),
+        }
+
+        # Use sync client to avoid event loop conflicts in test/async contexts
+        with httpx.Client(timeout=API_TIMEOUT) as client:
+            resp = client.post(
+                f"{API_BASE_URL}/v1/scans",
+                json=payload,
+                headers={"Authorization": f"Bearer {token_str}"},
+            )
+            resp.raise_for_status()
+    except Exception:
+        # Never block user flow on telemetry failure
+        logger.debug("Scan submission failed (ignored)", exc_info=True)

vibeguard/scanners/__init__.py

@@ -24,6 +24,8 @@ class DownloadConfig(BaseModel):
     archive_type: str = "tar.gz"
     windows_archive_type: str | None = None  # Override for Windows
     windows_arch: str | None = None  # Override arch for Windows (e.g., "x64")
+    os_map: dict[str, str] | None = None  # Custom OS name mapping (e.g., darwin → macOS)
+    arch_map: dict[str, str] | None = None  # Custom arch name mapping (e.g., amd64 → 64bit)
 
 
 class PipConfig(BaseModel):
@@ -89,6 +91,8 @@ def load_manifest(name: str) -> ScannerManifest:
             archive_type=download_data.get("archive_type", "tar.gz"),
             windows_archive_type=download_data.get("windows_archive_type"),
             windows_arch=download_data.get("windows_arch"),
+            os_map=download_data.get("os_map"),
+            arch_map=download_data.get("arch_map"),
         )
 
     # Parse pip config if present

vibeguard/scanners/manifests/trivy.toml

@@ -4,7 +4,7 @@
 [scanner]
 name = "trivy"
 display_name = "Trivy"
-version = "0.50.4"
+version = "0.69.1"
 tier = "core"
 categories = ["vulnerability", "sca"]
 languages = ["*"]
@@ -20,13 +20,23 @@ binary_name = "trivy"
 
 [install.download]
 # Auto-download binary from GitHub releases
-# Note: Trivy uses non-standard naming (Linux-64bit, windows-64bit)
-# TODO: Add per-scanner OS/arch mapping for full platform support
-url_template = "https://github.com/aquasecurity/trivy/releases/download/v{version}/trivy_{version}_{os}-64bit.tar.gz"
+# Trivy naming: trivy_{version}_{os}-{arch}.tar.gz
+# e.g., trivy_0.69.1_macOS-ARM64.tar.gz, trivy_0.69.1_Linux-64bit.tar.gz
+url_template = "https://github.com/aquasecurity/trivy/releases/download/v{version}/trivy_{version}_{os}-{arch}.tar.gz"
 binary_name = "trivy"
 archive_type = "tar.gz"
 windows_archive_type = "zip"
 
+# Trivy uses non-standard platform names
+[install.download.os_map]
+linux = "Linux"
+darwin = "macOS"
+windows = "windows"
+
+[install.download.arch_map]
+amd64 = "64bit"
+arm64 = "ARM64"
+
 [install.docker]
 image = "aquasec/trivy:latest"
 mount_mode = "ro"

vibeguard/scanners/runners/local.py

@@ -10,6 +10,22 @@ from vibeguard.core.downloader import VIBEGUARD_BIN_DIR
 from vibeguard.scanners.runners.base import BaseRunner, RunResult
 
 
+def _get_venv_bin_dir() -> Path | None:
+    """Get the bin/Scripts directory of the current Python environment.
+
+    This handles pipx installs where pip-installed tools end up in the
+    isolated venv's bin directory, not on the system PATH.
+    """
+    prefix = Path(sys.prefix)
+    if sys.platform == "win32":
+        bin_dir = prefix / "Scripts"
+    else:
+        bin_dir = prefix / "bin"
+    if bin_dir.is_dir():
+        return bin_dir
+    return None
+
+
 class LocalRunner(BaseRunner):
     """Run scanners using locally installed binaries."""
 
@@ -29,12 +45,21 @@ class LocalRunner(BaseRunner):
         return "local"
 
     def is_available(self) -> bool:
-        """Check if binary is available in PATH or downloaded cache."""
+        """Check if binary is available in PATH, venv bin, or downloaded cache."""
         # First check system PATH
         self._binary_path = shutil.which(self.binary_name)
         if self._binary_path:
             return True
 
+        # Check current Python environment's bin directory (handles pipx installs)
+        venv_bin = _get_venv_bin_dir()
+        if venv_bin:
+            for ext in ("", ".exe"):
+                candidate = venv_bin / f"{self.binary_name}{ext}"
+                if candidate.is_file():
+                    self._binary_path = str(candidate)
+                    return True
+
         # Check downloaded binaries in ~/.vibeguard/bin/
         if self.version:
             downloaded = self._find_downloaded_binary()

{vibeguard_cli-1.0.0.dist-info → vibeguard_cli-1.0.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: vibeguard-cli
-Version: 1.0.0
+Version: 1.0.5
 Summary: Unified security scanner orchestrator for local repos
 Author: VibeGuard Team
 License: MIT

{vibeguard_cli-1.0.0.dist-info → vibeguard_cli-1.0.5.dist-info}/RECORD

@@ -1,37 +1,40 @@
-vibeguard/__init__.py,sha256=4CX7CNi5oeMgILXscJgjJ9vOhEdg7OTFb8wR5YgC1Vo,84
+vibeguard/__init__.py,sha256=U2ZQxvmERYmQeVNYZCIq_nk5sXB4e1HB0YKIbfKgnKY,84
 vibeguard/cli/__init__.py,sha256=Q7Z9SD1h5tJ_09RzUml6y8D3CKTYVEq_eOympr1F6tg,34
-vibeguard/cli/apply.py,sha256=OCLOZXvpVr7PnI_tWVM-yhMICo9IBZ46V_4F-4dCWRg,13537
-vibeguard/cli/auth_cmd.py,sha256=AXyN1vQNEJOoR-FtcDMqBYn6YinzuKfcEZeI-XyA5jA,10764
+vibeguard/cli/apply.py,sha256=9Nz5qrHZX9l9Vjbgzt1N9o1nzmdSkchwn7AMTo-mJOY,13837
+vibeguard/cli/auth_cmd.py,sha256=IViIeWFF5Qs5yDIxs93UwiRz4BEjre0xYLoloELVjZA,10714
+vibeguard/cli/banners.py,sha256=HaKPD9YTIKn6voH5VNF9OesasuyGigY5wekOSuW67F4,3416
 vibeguard/cli/baseline_cmd.py,sha256=zPDkWQbYTlglVtloHjod2z2CsJ5E5yEXctl6QuCCaOM,8978
-vibeguard/cli/config_cmd.py,sha256=9Ua2FXolcGVH17B7YpYwhMv8Wu5BSOk4c5vhEcFXcd8,8213
+vibeguard/cli/config_cmd.py,sha256=JTRB8oINLr9CnN-KovHbUS_QO4_xueaxIqFJf_Qr_Nw,8190
 vibeguard/cli/display.py,sha256=dzaubid56iJXHknwHsXhPRrbgjPnOA1s_IX2O-aYeUQ,11575
 vibeguard/cli/doctor.py,sha256=sTAZS7FrQ3_D5ghf7-FgJKpwNW-WKXVbHHn80kshCA0,7456
-vibeguard/cli/fix.py,sha256=gaVqN_n_F7Nb-C7WG2hEdDP6X6WwVsFoTHhRAhp4tOA,29407
+vibeguard/cli/fix.py,sha256=SffSjheEONeJnHz-EbwkfNAMAVzyQkG0rtOBY4ygYxw,30243
 vibeguard/cli/import_cmd.py,sha256=JBlC8Hl3SqZhuIRzFM2YoJ6QY3LNTmD0eewnazB0n9M,5869
 vibeguard/cli/init_cmd.py,sha256=cbcFcvvkQn6C8Brz6755iBhiMHGXcFGqcE1iieXDYkU,2653
 vibeguard/cli/keys.py,sha256=dgPa4-1hQUEiCP3eK5-M0StnFafrJAjzbHLoMwYeFkk,6153
 vibeguard/cli/live_cmd.py,sha256=ItY1YgASC1bY2tw_UF6AgSo85exoOkDrXjHgRmAmALo,17733
-vibeguard/cli/main.py,sha256=p6pzPd2ErrrQ7Kl-eR59X-KvcPYteFh-hskReaopQto,21121
-vibeguard/cli/patch.py,sha256=cIJqdMkPbOTo7PgU_OSJqJ0y5HRgsRXN5Nyl9e79Q3Y,25437
+vibeguard/cli/main.py,sha256=_tzU_FbY_9vxPdvDm9DTmQouQUTq5r1fD7Kju8pz-u8,21122
+vibeguard/cli/patch.py,sha256=UraKIHdMH5VurNq-kVh4HNk2EtPrPZ9km4_uFJn_6dE,27108
 vibeguard/cli/report.py,sha256=6yWfXeQ2AP_LfcjxnqzIT-iYcS-dPQEIdl1qbnn6mus,3183
-vibeguard/cli/scan.py,sha256=pw3hGN-VMmzKwmp0kou3XS_xggcg3sWjG1rW6PgbOP8,44875
+vibeguard/cli/scan.py,sha256=-jbZ9okgG41xPC2zjtYfcu4iJ6IgLcT2hdbKF0BpppM,45085
 vibeguard/core/__init__.py,sha256=SsrlJh9tgUlZaUKdOt0UYAie6S05YTcVEc3Txc-gvWM,36
 vibeguard/core/auth.py,sha256=0e9HwI78df4sbLI5WWFGI1k5fllkdlN-e94pCAtdT9c,11199
 vibeguard/core/baseline.py,sha256=Cf9mieZlQJ7cRUU6GvHomK4cxMJLN-cv5_TwmQageQM,6028
-vibeguard/core/bootstrap.py,sha256=4d2aFL6SYzyfIjA-8Jow4hU1jQDEGRiU1zDtXPtEsdo,9501
+vibeguard/core/bootstrap.py,sha256=drtTmQsec77yd1tW6Iy_L-owivzszb4CJKd2sKwvxvc,10026
+vibeguard/core/bundles.py,sha256=ylEYCvJa4EcfMXpBZwBn23WB4nxrP2f7koXj7cgNZbQ,8518
 vibeguard/core/cache.py,sha256=Ot5lwbpQsKyqx2fxEfGhKb58KdqBG8BCcEwhYmTYhCY,2131
 vibeguard/core/config.py,sha256=wFmT_7vMIqqpQiph-_pusNUBU84CHT543spS30A2NzA,2816
 vibeguard/core/dedup.py,sha256=ogykWvMEbjO7w90eXfy-DMVubLhIXlabxswde9pMqNk,5315
-vibeguard/core/downloader.py,sha256=sQAnVLpVAfl2c5iMUOEz-5FgtFqRQl_pGTt27gMiVz4,6872
+vibeguard/core/downloader.py,sha256=aAhIOqBZT7qag178Ld0HQVttIUre8zh2AmN5GoFudTI,7324
 vibeguard/core/example_detector.py,sha256=rF2uytuFwvTHvmCBleyvAi6zzoOfiRCLSeEWaidZ62g,5655
 vibeguard/core/exit_codes.py,sha256=usThcg44B_fSeg2ioLqwXmpwKswzJjj6_QIPHHYzFxs,603
 vibeguard/core/ignore.py,sha256=YsYGzY8LPFMz9USGJqPQW_llYZ8F9Ma7wfRnDnvNe_Q,6227
 vibeguard/core/keyring.py,sha256=YnvgP9AteOyo3wtagAfklx4iC6L7WNErdmHEk05C94o,4586
-vibeguard/core/license.py,sha256=JBFx_C_dMIXocKzBMw2WRUR5o-A8xLLLrWkhH_50TWY,4886
+vibeguard/core/license.py,sha256=iLuBvtb1-b4MXH7NQocNxmSnq3m4nR1S40fLBRAH-5s,7708
 vibeguard/core/llm.py,sha256=hJBCgavfH-_ibQ7p54dP7vf9bz8XgWYEE_rViHgRT9o,5748
 vibeguard/core/path_classifier.py,sha256=oHpZVYfxEtnUDyeCUGoC_900Xtc6vOUW9f3JwOqaAxI,6918
 vibeguard/core/repo_detector.py,sha256=osz0cfJaRiT9msf9n1aa5zTG2EduCbVfWJJFqFx5ySc,4879
 vibeguard/core/sarif_import.py,sha256=VCunb98gYnrg0jvIsb0SEW3wWYpY093TQdZU2RmAYTE,10734
+vibeguard/core/telemetry.py,sha256=QELZuJtOtAFztVFIeTpDh3wTTV-isctOfutMZTmTg0U,2476
 vibeguard/core/triage.py,sha256=nprMedHXtd_h3WDKAFX2bPvHrCNu3aLC4_WBGYqo-QY,7371
 vibeguard/core/url_validator.py,sha256=NTu3G8viY_da225IXXDI24mj-XhY_zO-LR_6gghFFkY,6996
 vibeguard/core/validate.py,sha256=AZ7i8170Mho4OZM3H0mFI9PV-dlu3rw4TQcewTijmqA,5503
@@ -46,7 +49,7 @@ vibeguard/reporters/__init__.py,sha256=hc4Biet907VqQK9uywFzTzWYvHEd2IrnYbjo6jACB
 vibeguard/reporters/badge.py,sha256=N8bzgZLRyl85rSzEjO6PpLnaGWo9AxO--HZbMyYsVR0,3433
 vibeguard/reporters/html.py,sha256=y6EHP3WHT2wx3PAGsXM-A6nvEOqrKq33SxVqKeFFXJU,25476
 vibeguard/reporters/sarif.py,sha256=eMU79cDusbrw1kfG5ZMDbnqBTN-Sx4slErFA_4KRmy0,5862
-vibeguard/scanners/__init__.py,sha256=eqy_uVWvlIK0JBvM-sO9j8mzcZXtg_R5S83YqAGCFYA,4199
+vibeguard/scanners/__init__.py,sha256=RDuoMtspPEj8Inf7ZCvMM7VRSwd6NHezcz5ckafSj8g,4486
 vibeguard/scanners/manifests/bandit.toml,sha256=FWQtr8Yngp5688YdHmGUyPV327pT6o_YikSreJb57Do,918
 vibeguard/scanners/manifests/cargo_audit.toml,sha256=yhBIIUhSulhmVygDzDPqZO6WK1KcrEH2Egvd1pPf7tI,748
 vibeguard/scanners/manifests/checkov.toml,sha256=ofQqcb31dqhE2k6pP3UAktO2FgbKBOSNRJ78hIlNJrA,1010
@@ -56,7 +59,7 @@ vibeguard/scanners/manifests/npm_audit.toml,sha256=BKYbSkjOPdFwLPNBSnvwAp9aDcZSq
 vibeguard/scanners/manifests/nuclei.toml,sha256=RODBwsPF0vS9KT7iq1jIIHTXHrtOPbN6422xu6iUlOA,1864
 vibeguard/scanners/manifests/pip_audit.toml,sha256=My250Nw9KxaZivQCOnsQPVa1mDKpMN0dok51wUy_wlY,897
 vibeguard/scanners/manifests/semgrep.toml,sha256=ESfthvQRG0-ZFpsZOPTfJUBjIw1Uhubf3iQ8BrDibcY,1087
-vibeguard/scanners/manifests/trivy.toml,sha256=j3pEOnDP6iLhCZYTeEXLWrozC1gR15NQEixv6X5FT8A,1332
+vibeguard/scanners/manifests/trivy.toml,sha256=4rfoRCIacIH-8yMkrQcssPIW0gd6orT5-8Qr3drRwTY,1505
 vibeguard/scanners/manifests/trufflehog.toml,sha256=W2XjiCR6x8tTRuXlGFJHkSH17bpGLhFmkpWorLH7gGQ,1303
 vibeguard/scanners/parsers/__init__.py,sha256=1I6ViSBxgmtJnEbLiVLYilU8YjuiTdzKqrzIb8nnRn4,44
 vibeguard/scanners/parsers/bandit.py,sha256=25auwnWoItnhQ8Cp_IsCm8oj4UU7aEPT1NPITB-q1-s,3071
@@ -73,9 +76,9 @@ vibeguard/scanners/parsers/trufflehog.py,sha256=lBhPuEzanvCG7HzKfnB1Xg_6Zmdkvsic
 vibeguard/scanners/runners/__init__.py,sha256=649hAu1aQ9qg0Sz7O-k6INGnZZSpVPFmIcgczw0Gzco,290
 vibeguard/scanners/runners/base.py,sha256=Vz1LXQO2iMSugYUdL3lShfZ1MLF7-O7PKRsaAmylZ3s,827
 vibeguard/scanners/runners/docker.py,sha256=fOpdECU06msT3sTXy6JYyFv2a9KRBEFOxTR2TiA0iNo,2287
-vibeguard/scanners/runners/local.py,sha256=5Lu0yJ1H4fjRDY2aB-AxMihIDlNyHAgpKa01v3qQa3I,4608
-vibeguard_cli-1.0.0.dist-info/METADATA,sha256=HKBJUmIsuE3N1uHh_tlyS7ZpVeMjU76wzcRDHMlcipE,6082
-vibeguard_cli-1.0.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-vibeguard_cli-1.0.0.dist-info/entry_points.txt,sha256=BdJMlHcuuC-RbYLBsHevmOAxNw6t7wBH64KsWOOacAk,53
-vibeguard_cli-1.0.0.dist-info/licenses/LICENSE,sha256=oh_spsv2IyABL-cLsv0tOLGHf0qU1Sx6EHJzJMCpXrU,1071
-vibeguard_cli-1.0.0.dist-info/RECORD,,
+vibeguard/scanners/runners/local.py,sha256=Gr0w5C7gkqYINOb5fqdpMDVJb_UK-alhjJIb2JJJe9U,5452
+vibeguard_cli-1.0.5.dist-info/METADATA,sha256=rGnSLwT_pUv_fbJmjr5A8le5EoL2RvM6KoHOmMAHH9c,6082
+vibeguard_cli-1.0.5.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+vibeguard_cli-1.0.5.dist-info/entry_points.txt,sha256=BdJMlHcuuC-RbYLBsHevmOAxNw6t7wBH64KsWOOacAk,53
+vibeguard_cli-1.0.5.dist-info/licenses/LICENSE,sha256=oh_spsv2IyABL-cLsv0tOLGHf0qU1Sx6EHJzJMCpXrU,1071
+vibeguard_cli-1.0.5.dist-info/RECORD,,