feat: clean CLI output with SARIF and gate thresholds

package.json

@@ -92,7 +92,6 @@
   "dependencies": {
     "chalk": "^5.3.0",
     "commander": "^12.1.0",
-"handlebars": "^4.7.8",
     "ignore": "^6.0.2",
     "ora": "^8.1.0",
     "yaml": "^2.5.0",
@@ -107,11 +106,11 @@
   },
   "optionalDependencies": {
     "tree-sitter": "0.21.1",
-    "tree-sitter-python": "0.23.4",
-    "tree-sitter-typescript": "0.23.2",
-    "tree-sitter-javascript": "0.23.1",
+    "tree-sitter-go": "0.23.4",
     "tree-sitter-java": "0.23.4",
-    "tree-sitter-go": "0.23.4"
+    "tree-sitter-javascript": "0.23.1",
+    "tree-sitter-python": "0.23.4",
+    "tree-sitter-typescript": "0.23.2"
   },
   "engines": {
     "node": ">=20.0.0"

src/cli/commands/endpoint.ts

@@ -4,6 +4,7 @@ import { Command } from 'commander';
 import { loadDaemonConfig } from '../../daemon/config.js';
 import { readPid } from '../../daemon/process.js';
 import { getMachineId } from '../../platform/machine-id.js';
+// v2: Platform auth/upload removed — g0 is offline-first
 import { listMCPServers } from '../../mcp/analyzer.js';
 import { scanEndpoint } from '../../endpoint/scanner.js';
 import { reportEndpointTerminal } from '../../reporters/endpoint-terminal.js';
@@ -38,6 +39,8 @@ async function runEndpointScan(options: {
   } else {
     reportEndpointTerminal(result);
   }
+
+  // v2: Upload removed — use Guard0 Platform for cloud features
 }
 
 // ─── Shared options ─────────────────────────────────────────────────────────
@@ -99,7 +102,7 @@ const statusSubcommand = new Command('status')
     const machineId = getMachineId();
     const config = loadDaemonConfig();
     const pid = readPid(config.pidFile);
-    const authed = false;
+    const authed = false; // v2: auth removed, g0 is offline-first
 
     let mcpServerCount = 0;
     try {

src/cli/commands/gate.ts

@@ -18,7 +18,6 @@ export const gateCommand = new Command('gate')
   .option('-o, --output <file>', 'Write JSON report to file')
   .option('--config <file>', 'Path to config file (default: .g0.yaml)')
   .option('--sarif [file]', 'Also output SARIF report')
-  .option('--upload', 'Upload results to Guard0 platform')
   .action(async (targetPath: string, options: {
     minScore?: string;
     minGrade?: string;
@@ -27,7 +26,6 @@ export const gateCommand = new Command('gate')
     output?: string;
     config?: string;
     sarif?: string | boolean;
-    upload?: boolean;
   }) => {
     const resolvedPath = path.resolve(targetPath);
 

src/cli/commands/inventory.ts

@@ -6,7 +6,7 @@ import { buildInventory } from '../../inventory/builder.js';
 import { reportInventoryTerminal } from '../../reporters/inventory-terminal.js';
 import { reportInventoryJson } from '../../reporters/inventory-json.js';
 import { reportInventoryMarkdown } from '../../reporters/inventory-markdown.js';
-import { reportInventoryCycloneDX } from '../../reporters/inventory-cyclonedx.js';
+// v2: CycloneDX export removed — available via Guard0 Platform
 import { diffInventory } from '../../inventory/differ.js';
 import { reportInventoryDiffTerminal } from '../../reporters/inventory-diff-terminal.js';
 import { reportInventoryDiffMarkdown } from '../../reporters/inventory-diff-markdown.js';
@@ -20,10 +20,11 @@ export const inventoryCommand = new Command('inventory')
   .argument('[path]', 'Path to the agent project or remote URL', '.')
   .option('--json', 'Output as JSON')
   .option('--markdown', 'Output as Markdown')
-  .option('--cyclonedx [file]', 'Output as CycloneDX 1.6 SBOM')
+  // v2: --cyclonedx removed — available via Guard0 Platform
   .option('--diff <baseline>', 'Diff against a baseline inventory JSON')
   .option('-o, --output <file>', 'Write output to file')
   .option('--config <file>', 'Path to config file (default: .g0.yaml)')
+  // v2: --upload removed — use Guard0 Platform for platform integration
   .option('--no-banner', 'Suppress the g0 banner')
   .action(async (targetPath: string, options: {
     json?: boolean;
@@ -32,6 +33,7 @@ export const inventoryCommand = new Command('inventory')
     diff?: string;
     output?: string;
     config?: string;
+    upload?: boolean;
     banner?: boolean;
   }) => {
     let resolvedPath: string;
@@ -107,17 +109,7 @@ export const inventoryCommand = new Command('inventory')
         return;
       }
 
-      // CycloneDX mode
-      if (options.cyclonedx !== undefined) {
-        const outFile = typeof options.cyclonedx === 'string' ? options.cyclonedx : options.output;
-        const json = reportInventoryCycloneDX(inventory, outFile ?? undefined);
-        if (!outFile) {
-          console.log(json);
-        } else {
-          console.log(`CycloneDX SBOM written to: ${outFile}`);
-        }
-        return;
-      }
+      // v2: CycloneDX mode removed — available via Guard0 Platform
 
       if (options.json) {
         const json = reportInventoryJson(inventory, options.output);
@@ -141,6 +133,7 @@ export const inventoryCommand = new Command('inventory')
         }
       }
 
+      // v2: Upload removed — use Guard0 Platform for cloud features
     } catch (error) {
       spinner.stop();
       console.error('Inventory failed:', error instanceof Error ? error.message : error);

src/cli/commands/scan.ts

@@ -4,9 +4,8 @@ import { Command } from 'commander';
 import { runScan } from '../../pipeline.js';
 import { reportTerminal } from '../../reporters/terminal.js';
 import { reportJson } from '../../reporters/json.js';
-import { reportHtml } from '../../reporters/html.js';
 import { reportSarif } from '../../reporters/sarif.js';
-import { reportComplianceHtml, SUPPORTED_STANDARDS } from '../../reporters/compliance-html.js';
+// v2: HTML and compliance reporters removed — available via Guard0 Platform
 import { loadConfig } from '../../config/loader.js';
 import { createSpinner } from '../ui.js';
 import { isRemoteUrl, parseTarget, cloneRepo } from '../../remote/clone.js';
@@ -17,8 +16,8 @@ export const scanCommand = new Command('scan')
   .description('Assess an AI agent project for security issues')
   .argument('[path]', 'Path to the agent project or remote URL', '.')
   .option('--json', 'Output as JSON')
-  .option('--html [file]', 'Output as HTML report')
   .option('--sarif [file]', 'Output as SARIF 2.1.0')
+  // v2: --html removed — available via Guard0 Platform
   .option('-o, --output <file>', 'Write JSON output to file')
   .option('-q, --quiet', 'Suppress terminal output')
   .option('--severity <level>', 'Minimum severity to report (critical|high|medium|low)')
@@ -29,7 +28,7 @@ export const scanCommand = new Command('scan')
   .option('--min-confidence <level>', 'Minimum confidence to report (high|medium|low)')
   .option('--ai', 'Enable AI-powered analysis (requires ANTHROPIC_API_KEY, OPENAI_API_KEY, or GOOGLE_API_KEY)')
   .option('--model <model>', 'AI model to use (e.g., claude-sonnet-4-5-20250929, gpt-5-mini, gemini-2.5-flash)')
-  .option('--report <standard>', `Generate compliance report (${SUPPORTED_STANDARDS.join('|')})`)
+  // v2: --report and --upload removed — available via Guard0 Platform
   .option('--include-tests', 'Include test files in agent graph (normally excluded)')
   .option('--show-all', 'Show all findings including suppressed utility-code ones')
   .option('--ruleset <tier>', 'Rule pack tier: recommended (~200 high-signal), extended (~800), or all (default)')
@@ -44,7 +43,6 @@ export const scanCommand = new Command('scan')
   .option('--no-banner', 'Suppress the g0 banner')
   .action(async (targetPath: string, options: {
     json?: boolean;
-    html?: string | boolean;
     sarif?: string | boolean;
     output?: string;
     quiet?: boolean;
@@ -56,7 +54,7 @@ export const scanCommand = new Command('scan')
     minConfidence?: string;
     ai?: boolean;
     model?: string;
-    report?: string;
+    // v2: report, upload removed
     includeTests?: boolean;
     showAll?: boolean;
     ruleset?: string;
@@ -210,9 +208,7 @@ export const scanCommand = new Command('scan')
       const hiddenLowConfidence = allFindings.length - result.findings.length;
 
       if (options.sarif) {
-        const sarifPath = typeof options.sarif === 'string'
-          ? options.sarif
-          : undefined;
+        const sarifPath = typeof options.sarif === 'string' ? options.sarif : undefined;
         const sarif = reportSarif(result, sarifPath);
         if (!sarifPath) {
           console.log(sarif);
@@ -224,36 +220,17 @@ export const scanCommand = new Command('scan')
         if (!options.output) {
           console.log(json);
         }
-      } else if (options.html) {
-        const htmlPath = typeof options.html === 'string'
-          ? options.html
-          : path.join(resolvedPath, 'g0-report.html');
-        reportHtml(result, htmlPath);
-        if (!options.quiet) {
-          console.log(`HTML report written to: ${htmlPath}`);
-        }
       } else {
-        reportTerminal(result, { showBanner: options.banner !== false, hiddenLowConfidence });
+        reportTerminal(result, { showBanner: options.banner !== false, showUploadNudge: true, hiddenLowConfidence });
       }
 
       // Also write JSON if --output specified alongside terminal
       if (options.output && !options.json) {
         reportJson(result, options.output);
       }
 
-      // Generate compliance report
-      if (options.report) {
-        const reportPath = path.join(resolvedPath, `g0-${options.report}-report.html`);
-        try {
-          reportComplianceHtml(result, options.report, reportPath);
-          if (!options.quiet) {
-            console.log(`\n  Compliance report (${options.report}) written to: ${reportPath}`);
-          }
-        } catch (err) {
-          console.error(`  Report generation failed: ${err instanceof Error ? err.message : err}`);
-        }
-      }
-
+      // v2: Compliance reports and platform upload removed
+      // Available via Guard0 Platform (guard0.ai/early-access)
       // CI gate evaluation
       if (options.ci) {
         try {

src/index.ts

@@ -9,7 +9,8 @@ export type { Rule } from './types/control.js';
 export { getAllRules, getRuleById, getRulesByDomain } from './analyzers/rules/index.js';
 export { calculateScore } from './scoring/engine.js';
 export { reportJson } from './reporters/json.js';
-export { reportHtml } from './reporters/html.js';
+export { reportSarif } from './reporters/sarif.js';
+// v2: reportHtml removed — available via Guard0 Platform
 
 // Endpoint types
 export type {