refactor(audit): modularize audit system with JSON output and version normalization

Refactored monolithic cli_audit.py into modular cli_audit/ package:
- audit.py: Main entry point with routing logic
- cli_audit/catalog.py: Catalog loading and management
- cli_audit/collectors.py: Version collection with parallel execution
- cli_audit/detection.py: Local tool detection and version extraction
- cli_audit/render.py: Output formatting (table, JSON, colored text)
- cli_audit/snapshot.py: Snapshot caching and persistence
- cli_audit/tools.py: Tool model and enrichment logic

Key features added:
- CLI_AUDIT_JSON mode for structured JSON output to shell scripts
- normalize_version() function to handle leading/trailing zeros (7.28.00 vs 7.28.0)
- Per-tool fresh collection with CLI_AUDIT_COLLECT + CLI_AUDIT_MERGE
- Enhanced routing logic for collect/audit/install/upgrade modes

This enables:
- Shell scripts (guide.sh) to parse audit data reliably
- Proper version comparison regardless of zero-padding
- Selective snapshot updates without full collection overhead
- Integration with install/upgrade workflows

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: CybotTM

.serena/.gitignore

@@ -0,0 +1 @@
+/cache

.serena/memories/codebase_structure.md

@@ -0,0 +1,119 @@
+# Codebase Structure
+
+## Directory Layout
+
+```
+ai_cli_preparation/
+├── cli_audit.py          # Main audit engine (2,375 lines)
+├── cli_audit/            # Phase 2 modular codebase
+│   ├── __init__.py       # Public API exports
+│   ├── common.py         # Shared types and utilities
+│   ├── config.py         # Configuration management
+│   ├── environment.py    # Environment detection
+│   ├── package_managers.py # Package manager abstractions
+│   ├── installer.py      # Core installation logic
+│   ├── bulk.py           # Bulk operations
+│   ├── reconcile.py      # Installation reconciliation
+│   ├── upgrade.py        # Upgrade workflows
+│   ├── breaking_changes.py # Breaking change detection
+│   ├── install_plan.py   # Installation planning
+│   └── logging_config.py # Logging configuration
+├── smart_column.py       # ANSI/emoji-aware table formatter
+├── scripts/              # Installation and utility scripts
+│   ├── install_*.sh      # Language/tool installers (14 scripts)
+│   ├── auto_update.sh    # Package manager auto-update
+│   ├── guide.sh          # Interactive upgrade guidance
+│   ├── upgrade_all.sh    # Bulk upgrade orchestration
+│   ├── lib/              # Shared shell utilities
+│   ├── installers/       # Modular installer components
+│   └── AGENTS.md         # Agent-specific guidance for scripts
+├── docs/                 # Comprehensive documentation (12 files)
+│   ├── INDEX.md          # Documentation index by role/task
+│   ├── QUICK_REFERENCE.md # One-liner command reference
+│   ├── ARCHITECTURE.md   # System design and patterns
+│   ├── API_REFERENCE.md  # Python API documentation
+│   ├── DEVELOPER_GUIDE.md # Contribution guidelines
+│   ├── TROUBLESHOOTING.md # Common issues and solutions
+│   ├── PRD.md            # Product Requirements (Phase 2)
+│   ├── adr/              # Architecture Decision Records
+│   └── phase2_api/       # Phase 2 API specifications
+├── tests/                # Test suite (growing)
+├── config/               # Configuration examples
+├── Makefile              # Main task automation
+├── Makefile.d/           # Modular make includes
+│   ├── user.mk           # User-facing commands
+│   ├── dev.mk            # Development commands
+│   └── maint.mk          # Maintenance commands
+├── latest_versions.json  # Committed version cache (offline-first)
+├── tools_snapshot.json   # Snapshot from last collect
+├── pyproject.toml        # Python project metadata + tool config
+├── package.json          # Node dependencies (minimal)
+├── AGENTS.md             # Root agent guidance (thin, delegates to scoped)
+└── README.md             # Primary user documentation
+```
+
+## Key Files and Responsibilities
+
+### Core Audit Engine
+- **cli_audit.py**: Main entry point, 50+ tool definitions, parallel execution logic
+- **smart_column.py**: Table formatting with ANSI/emoji preservation
+- **TOOLS**: Tuple of Tool dataclasses defining name, candidates, upstream source
+
+### Phase 2 Modular Architecture
+- **cli_audit/__init__.py**: Public API surface for programmatic use
+- **cli_audit/common.py**: Shared types (InstallResult, Environment, etc.)
+- **cli_audit/config.py**: YAML config loading and validation
+- **cli_audit/installer.py**: Tool installation with package manager abstraction
+- **cli_audit/bulk.py**: Parallel bulk install/upgrade/reconcile operations
+- **cli_audit/upgrade.py**: Upgrade candidate detection and execution
+- **cli_audit/breaking_changes.py**: Semver analysis for breaking changes
+- **cli_audit/reconcile.py**: Duplicate installation cleanup
+
+### Installation Scripts
+- **scripts/install_python.sh**: Python via uv (preferred) or pyenv
+- **scripts/install_node.sh**: Node.js via nvm (preferred) or binary
+- **scripts/install_rust.sh**: Rust via rustup
+- **scripts/install_core.sh**: Core tools (fd, fzf, ripgrep, jq, yq, bat, delta, just)
+- **scripts/auto_update.sh**: Detect and update all package managers
+- **scripts/guide.sh**: Interactive upgrade wizard with remediation
+
+### Data Files
+- **latest_versions.json**: Committed cache with manual overrides + lookup hints
+- **tools_snapshot.json**: Generated by `make update`, consumed by `make audit`
+- **.env**: Local environment overrides (gitignored)
+- **.env.default**: Default environment variables (committed)
+
+## Code Organization Patterns
+
+### Tool Definition Pattern
+```python
+@dataclass(frozen=True)
+class Tool:
+    name: str                      # Display name
+    candidates: tuple[str, ...]    # Executable names to search
+    source_kind: str               # gh|pypi|crates|npm|gnu|skip
+    source_args: tuple[str, ...]   # (owner, repo) for gh, (package,) for pypi
+    category: str                  # For grouping (search, security, etc.)
+    homepage: str | None           # Documentation URL
+```
+
+### Parallel Execution Pattern
+```python
+with ThreadPoolExecutor(max_workers=MAX_WORKERS) as executor:
+    futures = [executor.submit(audit_tool, tool) for tool in TOOLS]
+    for future in as_completed(futures):
+        result = future.result()
+```
+
+### Lock Ordering Enforcement
+```python
+# Always acquire in this order to prevent deadlock:
+with MANUAL_LOCK:       # First: manual cache lock
+    with HINTS_LOCK:    # Second: hints cache lock
+        # Safe update logic
+```
+
+## Module Dependencies
+- cli_audit.py: Standalone, no internal imports
+- cli_audit/* modules: Import from cli_audit.common, avoid circular deps
+- scripts/*.sh: Source from scripts/lib/*.sh for shared utilities

.serena/memories/known_issues_and_notes.md

@@ -0,0 +1,225 @@
+# Known Issues and Notes
+
+## Version Discrepancies
+
+### glab (GitLab CLI)
+**Issue**: Cached latest version may be outdated
+**Details**: 
+- User reported latest version is 1.74.0 (from https://gitlab.com/gitlab-org/cli/-/releases)
+- Cache may have older version (1.22 mentioned)
+- **Action needed**: Update cache entry for glab when running `make update`
+
+**Resolution:**
+```bash
+# Manual update in latest_versions.json
+# Or run update to fetch latest from GitHub releases
+make update
+
+# Verify
+make audit-glab
+```
+
+## System-Specific Notes
+
+### Operating System
+- **Platform**: Linux
+- **System**: WSL2 (Windows Subsystem for Linux)
+- **Kernel**: 6.6.87.2-microsoft-standard-WSL2
+- **Current Date**: 2025-10-23
+
+### Python Environment
+- **Version**: Python 3.10+ required (Python 3.14.0rc2 currently available)
+- **Package Management**: uv preferred over pipx/pip
+- **Virtual Environments**: Optional, not required for core audit
+
+### Git Configuration
+- **Current Branch**: main
+- **Default Branch**: main (for PRs)
+- **Commit Style**: Conventional Commits (type(scope): description)
+
+## WSL2-Specific Considerations
+
+### File System
+- **Line Endings**: LF enforced (EditorConfig)
+- **Git Config**: May need `git config --global core.autocrlf input`
+- **Permissions**: chmod may behave differently than native Linux
+
+### Network
+- **WSL2 uses NAT**: May affect network detection
+- **DNS**: Sometimes needs manual configuration
+- **Proxy**: Check if corporate proxy affects GitHub/PyPI access
+
+### Tool Availability
+- **Some tools may need manual install**: Not all package managers work identically in WSL2
+- **Docker**: May need Docker Desktop with WSL2 integration
+- **Snap**: May not work in WSL2, prefer apt/brew alternatives
+
+## Cache Management Notes
+
+### Lock Ordering
+**Critical**: Always acquire locks in this order to prevent deadlock:
+1. MANUAL_LOCK (manual cache updates)
+2. HINTS_LOCK (lookup hints updates)
+
+**Never acquire in reverse order!**
+
+### Atomic Writes
+All cache updates use atomic file operations:
+1. Write to temporary file
+2. Rename to final location
+3. Prevents corruption from interrupted writes
+
+### Lookup Hints
+`latest_versions.json` contains `__hints__` key with working upstream methods:
+- Speeds up subsequent runs
+- Safe to edit or remove (will rebuild)
+- Format: `"tool_name": "gh"` or `"tool_name": "pypi"`, etc.
+
+## Common Troubleshooting
+
+### Version Detection Fails
+**Symptoms**: Tool shows as NOT INSTALLED but is in PATH
+**Causes**:
+- Non-standard version flag
+- Tool doesn't support --version or -v
+- Version output parsing fails
+
+**Solution**:
+```bash
+# Debug single tool
+CLI_AUDIT_DEBUG=1 python3 cli_audit.py --only <tool>
+
+# Check manually
+which <tool>
+<tool> --version
+<tool> -v
+<tool> version
+```
+
+### Network Timeouts
+**Symptoms**: Empty upstream versions, slow updates
+**Causes**:
+- Slow network connection
+- GitHub rate limiting
+- Upstream service temporarily down
+
+**Solutions**:
+```bash
+# Increase timeout
+CLI_AUDIT_TIMEOUT_SECONDS=10 make update
+
+# Use offline mode
+make audit-offline
+
+# Check rate limit
+curl -I https://api.github.com/rate_limit
+
+# Use GitHub token to increase rate limit
+export GITHUB_TOKEN=ghp_...
+make update
+```
+
+### Cache Corruption
+**Symptoms**: Invalid JSON errors, wrong versions
+**Solution**:
+```bash
+# Nuclear option: delete and regenerate
+rm latest_versions.json tools_snapshot.json
+make update
+make audit
+```
+
+### Parallel Execution Issues
+**Symptoms**: Deadlocks, race conditions, inconsistent results
+**Solutions**:
+```bash
+# Reduce workers
+CLI_AUDIT_MAX_WORKERS=4 make update
+
+# Sequential execution for debugging
+CLI_AUDIT_MAX_WORKERS=1 make update
+
+# Check lock ordering in code changes
+```
+
+## Performance Notes
+
+### Benchmark Targets
+- **make update**: 3-10s for 50+ tools (parallel, MAX_WORKERS=16)
+- **make audit**: <100ms (snapshot render)
+- **make audit-offline**: <200ms (with hints)
+- **Single tool**: <50ms
+
+### Optimization Tips
+- Use snapshot-based workflow (separate collect/render)
+- Enable FAST_MODE for development: `CLI_AUDIT_FAST=1`
+- Disable unnecessary features: `CLI_AUDIT_TIMINGS=0`, `CLI_AUDIT_PROGRESS=0`
+- Increase MAX_WORKERS if more CPU cores: `CLI_AUDIT_MAX_WORKERS=32`
+
+## Development Environment
+
+### Recommended Tools for Development
+- **pyflakes**: Linting (make lint)
+- **mypy**: Type checking (optional, make lint-types)
+- **black**: Formatting (optional, make format)
+- **isort**: Import sorting (optional, make format)
+- **shellcheck**: Shell script linting
+- **jq**: JSON manipulation and validation
+
+### Optional Setup
+```bash
+# Install development dependencies
+pip install -e ".[dev]"
+
+# Or with uv
+uv pip install -e ".[dev]"
+
+# Enable direnv (optional)
+direnv allow
+```
+
+### Editor Configuration
+- **EditorConfig**: .editorconfig present (4 spaces, LF, UTF-8, trim trailing)
+- **VSCode**: Respect EditorConfig, install Python extension
+- **Vim/Neovim**: Use editorconfig plugin
+- **IntelliJ/PyCharm**: EditorConfig support built-in
+
+## Future Work (Phase 2 Complete, Phase 3 Planned)
+
+### Phase 2 Status (Complete)
+- [x] Context-aware installation management
+- [x] Breaking change detection
+- [x] Installation reconciliation
+- [x] Bulk operations
+- [x] Configuration file support
+- [x] Upgrade workflows
+
+### Phase 3 (Planned)
+- [ ] Advanced dependency resolution
+- [ ] Rollback mechanisms
+- [ ] Integration tests
+- [ ] CI/CD pipeline
+- [ ] Performance benchmarks
+- [ ] Additional package managers
+
+See [docs/PRD.md](docs/PRD.md) for comprehensive Phase 2 specifications.
+
+## Contributing Notes
+
+### PR Size Guidelines
+- **Ideal**: ~≤300 net LOC changed
+- **Rationale**: Easier to review, faster to merge, lower risk
+- **Large changes**: Break into multiple PRs when possible
+
+### Review Process
+1. Self-review checklist (see task_completion_checklist.md)
+2. CI checks pass (when added)
+3. Documentation updated in same PR
+4. No secrets or credentials committed
+5. Conventional commit messages
+6. Linked to issue/ticket if applicable
+
+### Communication
+- **Issues**: GitHub Issues for bugs, features, discussions
+- **PRs**: Clear description, link to issue, changelog section
+- **Commits**: Self-documenting with Conventional Commits format

.serena/memories/project_overview.md

@@ -0,0 +1,47 @@
+# Project Overview
+
+## Project Purpose
+AI CLI Preparation is a tool version auditing and installation management utility specifically designed for AI coding agents (like Claude Code). It ensures AI agents have access to 50+ essential developer CLI tools with up-to-date versions.
+
+**Core Functionality:**
+- Detects installed versions of developer tools across PATH
+- Compares local versions against latest upstream releases (GitHub, PyPI, crates.io, npm)
+- Reports version status with actionable remediation hints
+- Provides installation/upgrade scripts for missing or outdated tools
+- Supports offline-first operation with committed version caches
+
+**Architecture Phases:**
+- **Phase 1 (Complete)**: Tool detection, version auditing, offline-first caching, snapshot-based workflows
+- **Phase 2 (Complete)**: Context-aware installation/upgrade management, breaking change detection, reconciliation
+- **Phase 3 (Future)**: Advanced dependency resolution, rollback mechanisms
+
+## Key Characteristics
+- **Agent-focused**: Tool selection optimized for AI coding agent needs (ripgrep, fd, jq, ast-grep, etc.)
+- **Offline-capable**: Committed cache (`latest_versions.json`) enables offline audits
+- **Snapshot-based**: Separate collect (`make update`) and render (`make audit`) phases
+- **Parallel execution**: ThreadPoolExecutor with 16 workers for fast collection (~3-10s for 50+ tools)
+- **Zero dependencies**: Core audit uses Python standard library only (no pip install needed)
+- **Comprehensive**: Covers 50+ tools across multiple categories (runtimes, search, security, formatters, cloud/infra)
+
+## Primary Use Cases
+1. **AI agent readiness verification**: Confirm coding agents have necessary tools before starting work
+2. **Development environment setup**: Bootstrap new machines with agent-optimized toolchains
+3. **Version compliance checking**: Ensure tools meet minimum version requirements
+4. **Automated toolchain updates**: Keep development tools current via upgrade workflows
+5. **Installation method reconciliation**: Identify and resolve duplicate tool installations
+
+## Tech Stack
+- **Language**: Python 3.9+ (primary language, standard library only for core)
+- **Task Automation**: GNU Make (Makefile + modular includes in Makefile.d/)
+- **Installation Scripts**: Bash (with set -euo pipefail, shellcheck-compliant)
+- **Data Formats**: JSON for caching (latest_versions.json, tools_snapshot.json)
+- **Dependencies**: 
+  - Core: Python standard library only
+  - Optional: packaging, PyYAML (for Phase 2 config support)
+  - Dev: pytest, flake8, mypy, black, isort (listed in pyproject.toml)
+
+## Project Status
+- **Production-ready**: Phase 1 detection/audit fully functional and tested in production
+- **Beta**: Phase 2 installation management (2.0.0-alpha.6)
+- **Documentation**: Comprehensive (12 docs files, 189KB, including architecture, API reference, troubleshooting)
+- **Testing**: Smoke tests exist (test_smoke.sh), formal test suite acknowledged as needed in README