@akotliar/sitemap-qa 1.0.0-alpha.0 → 1.0.0-alpha.1

package/dist/index.js

@@ -1,27 +1,1721 @@
 #!/usr/bin/env node
-import"dotenv/config";import{Command as qe}from"commander";import{Command as Ne}from"commander";import{promises as re}from"fs";import C from"ora";import k from"chalk";import{readFile as I}from"fs/promises";import{existsSync as D}from"fs";import{join as N}from"path";import{homedir as se}from"os";var L={timeout:30,concurrency:10,outputFormat:"html",outputDir:"./sitemap-qa/report",verbose:!1,baseUrl:"https://example.com",acceptedPatterns:[]};async function F(e){let t={...L},r=N(se(),".sitemap-qa","config.json");if(D(r))try{let a=JSON.parse(await I(r,"utf-8"));t={...t,...a}}catch(a){console.warn(`Warning: Failed to load global config: ${a}`)}let s=N(process.cwd(),".sitemap-qa.config.json");if(D(s))try{let a=JSON.parse(await I(s,"utf-8"));t={...t,...a}}catch(a){console.warn(`Warning: Failed to load project config: ${a}`)}let n=ne();return t={...t,...n},t=ie(t,e),e.baseUrl&&(t.baseUrl=e.baseUrl),ae(t),t}function ne(){let e={};return process.env.SITEMAP_VERIFY_TIMEOUT&&(e.timeout=parseInt(process.env.SITEMAP_VERIFY_TIMEOUT,10)),e}function ie(e,t){let r={...e};return t.timeout&&t.timeout!=="30"&&(r.timeout=parseInt(t.timeout,10)),t.output&&(r.outputFormat=t.output),t.outputDir&&(r.outputDir=t.outputDir),t.verbose===!0&&(r.verbose=!0),t.acceptedPatterns&&(r.acceptedPatterns=t.acceptedPatterns.split(",").map(s=>s.trim()).filter(Boolean)),r}function ae(e){if(e.timeout<1||e.timeout>300)throw new Error("Timeout must be between 1 and 300 seconds");if(!["json","html"].includes(e.outputFormat))throw new Error("Output format must be json or html")}var U=class extends Error{constructor(r,s){super(`Network request failed for ${r}: ${s.message}`);this.url=r;this.originalError=s;this.name="NetworkError"}code="NETWORK_ERROR"},x=class extends Error{constructor(r,s,n){let a=`HTTP ${s} error for ${r}`;s===403&&(a+=`
-   Note: 403 Forbidden often indicates bot protection (Cloudflare, etc.) or access restrictions`);super(a);this.url=r;this.statusCode=s;this.statusText=n;this.name="HttpError"}code="HTTP_ERROR"};import{chromium as ce}from"playwright";async function le(e,t){let r;try{r=await ce.launch({headless:!0,args:["--disable-blink-features=AutomationControlled","--disable-dev-shm-usage","--no-sandbox"]});let n=await(await r.newContext({userAgent:"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",viewport:{width:1920,height:1080},locale:"en-US",timezoneId:"America/New_York",extraHTTPHeaders:{Accept:"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8","Accept-Language":"en-US,en;q=0.9","Accept-Encoding":"gzip, deflate, br",DNT:"1",Connection:"keep-alive","Upgrade-Insecure-Requests":"1"}})).newPage();await n.addInitScript(()=>{Object.defineProperty(navigator,"webdriver",{get:()=>!1}),window.chrome={runtime:{}};let m=window.navigator.permissions.query;window.navigator.permissions.query=l=>l.name==="notifications"?Promise.resolve({state:Notification.permission}):m(l)}),n.setDefaultTimeout(t*1e3);let a=await n.goto(e,{waitUntil:"domcontentloaded",timeout:t*1e3});if(!a)throw new Error("No response received from page");let c=a.status(),o=await n.content(),i=n.url();if(await r.close(),c>=200&&c<300)return{content:o,statusCode:c,url:i};throw new x(i,c)}catch(s){throw r&&await r.close(),s.code==="HTTP_ERROR"?s:new U(e,s)}}async function S(e,t={}){let{timeout:r=30,maxRetries:s=3,retryDelay:n=1e3,useBrowser:a=!1}=t;new URL(e);let c=[408,429,500,502,503,504],o=null,i=!1;for(let m=0;m<=s;m++){try{if(a||i)return await le(e,r);let l=new AbortController,d=setTimeout(()=>l.abort(),r*1e3),p=await fetch(e,{method:"GET",headers:{"User-Agent":"sitemap-qa/1.0.0",Accept:"text/xml,application/xml,text/plain,*/*"},signal:l.signal,redirect:"follow"});clearTimeout(d);let u=p.status,g=await p.text();if(u>=200&&u<300)return{content:g,statusCode:u,url:p.url};if(u===403&&!i){i=!0;continue}if(!c.includes(u))throw new x(p.url,u);o=new x(p.url,u)}catch(l){if(l.code==="HTTP_ERROR"){let d=l;if(!c.includes(d.statusCode))throw l;o=l}else o=new U(e,l);if(m===s)break}if(m<s){let l=n*Math.pow(2,m);await new Promise(d=>setTimeout(d,l))}}throw o}function me(e){return new URL(e).origin}async function ue(e,t){let r=new URL(e),n=r.hostname.startsWith("www.")?r.hostname.substring(4):`www.${r.hostname}`,a=`${r.protocol}//${n}/robots.txt`;try{let c=await S(a,{timeout:t.timeout,maxRetries:1});return c.statusCode===200||c.statusCode===404?n:r.hostname}catch(c){return c instanceof x&&c.statusCode===301,r.hostname}}async function M(e,t){let r=new URL(e).origin,s=[],n=["/sitemap.xml","/sitemap_index.xml","/sitemap-index.xml"],a=await Promise.allSettled(n.map(async c=>{let o=`${r}${c}`;try{return(await S(o,{timeout:t.timeout,maxRetries:1})).statusCode===200?(t.verbose&&console.log(`\u2713 Found sitemap at: ${o}`),{found:!0,url:o}):{found:!1}}catch(i){return i instanceof x?i.statusCode===401||i.statusCode===403?(s.push({url:o,statusCode:i.statusCode,error:i.statusCode===401?"Unauthorized":"Access Denied"}),t.verbose&&console.log(`\u26A0 Access denied: ${o} (${i.statusCode})`)):t.verbose&&console.log(`\u2717 Not found: ${o} (${i.statusCode})`):t.verbose&&console.log(`\u2717 Not found: ${o}`),{found:!1}}}));for(let c of a)if(c.status==="fulfilled"&&c.value.found)return{sitemaps:[c.value.url],issues:s};return t.verbose&&console.log("No sitemap found at standard paths"),{sitemaps:[],issues:s}}async function z(e,t){let r=`${new URL(e).origin}/robots.txt`;try{let n=(await S(r,{timeout:t.timeout,maxRetries:1})).content.split(`
-`),a=[];for(let c of n){let o=c.match(/^Sitemap:\s*(.+)$/i);if(o){let i=o[1].trim();try{new URL(i),a.push(i)}catch{t.verbose&&console.warn(`Invalid sitemap URL in robots.txt: ${i}`)}}}return t.verbose&&a.length>0&&console.log(`Found ${a.length} sitemap(s) in robots.txt`),a}catch{return t.verbose&&console.log(`No robots.txt found at ${r}`),[]}}function de(e){if(e.includes("<sitemapindex"))return!0;if(e.includes("<urlset")){let t=/<url[^>]*>.*?<loc>([^<]+)<\/loc>.*?<\/url>/gs,r=Array.from(e.matchAll(t)),s=Math.min(5,r.length),n=0;for(let a=0;a<s;a++){let c=r[a][1].trim().toLowerCase();(c.includes("sitemap")||c.endsWith(".xml"))&&n++}return n>s/2}return!1}function pe(e){let t=[];if(e.includes("<sitemapindex")){let r=/<sitemap[^>]*>(.*?)<\/sitemap>/gs,s;for(;(s=r.exec(e))!==null;){let n=/<loc>([^<]+)<\/loc>/i.exec(s[1]);if(n){let a=n[1].trim();try{new URL(a),t.push(a)}catch{}}}}else{let r=/<url[^>]*>(.*?)<\/url>/gs,s;for(;(s=r.exec(e))!==null;){let n=/<loc>([^<]+)<\/loc>/i.exec(s[1]);if(n){let a=n[1].trim();if(a.toLowerCase().includes("sitemap")||a.toLowerCase().endsWith(".xml"))try{new URL(a),t.push(a)}catch{}}}}return t}async function $(e,t,r,s,n=10){let a=[],c=[...e],o=new Set,i=new Set,m=new Set,l=s,d=5;for(;c.length>0;){let w=c.splice(0,Math.min(d,c.length));if(await Promise.all(w.map(async h=>{if(o.has(h)){t.verbose&&console.warn(`Skipping duplicate sitemap: ${h}`);return}o.add(h);try{let y=await S(h,{timeout:t.timeout,maxRetries:2});if(de(y.content)){t.verbose&&console.log(`Found sitemap index: ${h}`);let R=pe(y.content);c.push(...R),t.verbose&&console.log(`  \u2514\u2500 Contains ${R.length} child sitemap(s)`)}else a.push(h),t.verbose&&console.log(`\u2713 Discovered sitemap: ${h}`)}catch(y){if(y instanceof x&&y.statusCode===301?m.add(h):i.add(h),t.verbose){let R=y instanceof Error?y.message:String(y);if(y instanceof x&&y.statusCode===301){l||(l=await ue(r,t),t.verbose&&console.log(`Canonical domain detected: ${l}`));try{let T=new URL(h);T.hostname!==l?(console.warn(`\u26A0\uFE0F  Sitemap URL redirects (301): ${h}`),console.warn("   Problem: The sitemap index contains a URL that redirects."),console.warn(`   Likely issue: Domain mismatch - expected "${l}" but got "${T.hostname}"`),console.warn(`   Fix: Update sitemap index to use "https://${l}${T.pathname}"`)):(console.warn(`\u26A0\uFE0F  Sitemap URL redirects (301): ${h}`),console.warn("   Fix: Update the sitemap index to reference the final URL after redirect."))}catch{console.warn(`Failed to fetch sitemap ${h}: ${R}`)}}else console.warn(`Failed to fetch sitemap ${h}: ${R}`)}}})),o.size>1e3){console.warn("\u26A0\uFE0F  Processed over 1000 sitemap URLs. Stopping to prevent excessive requests.");break}}let p=o.size,u=i.size,g=m.size,f=p-a.length-u-g;return a.length===0&&p>0&&(console.warn(`
-\u26A0\uFE0F  SITEMAP DISCOVERY ISSUE`),f>0&&(u>0||g>0)?(console.warn(`Found ${f} sitemap index(es) containing ${u+g} child sitemap(s):`),g>0&&console.warn(`  - ${g} sitemap(s) return 301 redirects (content not accessible without following redirect)`),u>0&&console.warn(`  - ${u} sitemap(s) returned errors (404, 403, 500, or network issues)`)):g>0?console.warn(`All ${g} sitemap(s) return 301 redirects.`):u>0?(console.warn(`All ${u} sitemap(s) returned errors.`),console.warn(`
-Common causes:`),console.warn("  - 403 Forbidden: Bot protection (Cloudflare, etc.) or IP blocking"),console.warn("  - 404 Not Found: Sitemaps don't exist at these URLs"),console.warn("  - 500/502/503: Server errors or maintenance"),console.warn(`
-If sitemaps work in your browser but not here, the site likely has bot protection.`),console.warn("Try: Check if sitemaps load without JavaScript, or contact site administrator.")):console.warn(`Processed ${p} URL(s) but found no accessible sitemaps.`),console.warn(`
-Note: This tool does not follow redirects for sitemap URLs.`),g>0&&(console.warn(`
-Possible causes of redirects:`),console.warn("  - Sitemap index uses non-canonical domain (e.g., missing 'www' or vice versa)"),console.warn("  - Sitemap URLs redirect from HTTP to HTTPS"),console.warn("  - Intentional redirects in your site configuration"),console.warn(`
-Recommendation: Update sitemap index URLs to match the final destination (no redirects).`)),console.warn("")),{sitemaps:a,canonicalDomain:l}}async function O(e,t){let r=me(e),s=[],n;t.verbose&&console.log("Strategy 1: Checking robots.txt for sitemap directives...");let a=await z(r,t);if(a.length>0){let{sitemaps:m,canonicalDomain:l}=await $(a,t,r,n);return n=l,{sitemaps:m,source:"robots-txt",accessIssues:[],canonicalDomain:n}}t.verbose&&console.log("Strategy 2: Trying standard sitemap paths...");let{sitemaps:c,issues:o,redirectedToCanonical:i}=await M(r,t);if(s=o,c.length>0){let{sitemaps:m,canonicalDomain:l}=await $(c,t,r,n);return n=l,{sitemaps:m,source:"standard-path",accessIssues:[],canonicalDomain:n}}if(i){let m=`https://${i}`;console.log(`
-\u{1F4A1} All requests redirected. Retrying with canonical domain: ${i}
-`);let l=await z(m,t);if(l.length>0){let{sitemaps:p,canonicalDomain:u}=await $(l,t,m,i);return{sitemaps:p,source:"robots-txt",accessIssues:[],canonicalDomain:u||i}}let{sitemaps:d}=await M(m,t);if(d.length>0){let{sitemaps:p,canonicalDomain:u}=await $(d,t,m,i);return{sitemaps:p,source:"standard-path",accessIssues:[],canonicalDomain:u||i}}}return{sitemaps:[],source:"none",accessIssues:s,canonicalDomain:n}}import{XMLParser as ge,XMLValidator as fe}from"fast-xml-parser";var he=new ge({ignoreAttributes:!1,attributeNamePrefix:"@_",textNodeName:"_text",parseAttributeValue:!0,trimValues:!0,allowBooleanAttributes:!0,parseTagValue:!1});function ye(e,t){let r=[];if(e.urlset){let s=Array.isArray(e.urlset.url)?e.urlset.url:[e.urlset.url];for(let n of s)!n||!n.loc||r.push({loc:n.loc,lastmod:n.lastmod,changefreq:n.changefreq,priority:n.priority?parseFloat(n.priority):void 0,source:t})}return r}async function G(e,t){let r=[];try{let s=fe.validate(e);if(s!==!0){let o=typeof s=="object"?s.err.msg:"Invalid XML";return{urls:[],errors:[`[${t}] XML parsing failed: ${o}`],totalCount:0,sitemapUrl:t}}let n=he.parse(e),a=ye(n,t),c=[];for(let o of a)try{new URL(o.loc),o.priority!==void 0&&(o.priority<0||o.priority>1)&&(r.push(`Invalid priority ${o.priority} for ${o.loc} - clamping to 0-1`),o.priority=Math.max(0,Math.min(1,o.priority))),o.changefreq&&(["always","hourly","daily","weekly","monthly","yearly","never"].includes(o.changefreq.toLowerCase())||(r.push(`Invalid changefreq "${o.changefreq}" for ${o.loc}`),o.changefreq=void 0)),c.push(o)}catch{r.push(`Invalid URL format: ${o.loc}`)}return{urls:c,errors:r,totalCount:c.length,sitemapUrl:t}}catch(s){let n=s instanceof Error?s.message:String(s);return{urls:[],errors:[`[${t}] XML parsing failed: ${n}`],totalCount:0,sitemapUrl:t}}}async function q(e,t){let r=[],s=[],n=0,a=0;t.verbose&&console.log(`
-Extracting URLs from ${e.length} sitemap(s)...`);let o=await ve(e,10,async i=>{try{t.verbose&&console.log(`Extracting URLs from: ${i}`);let m=await S(i,{timeout:t.timeout,maxRetries:2}),l=await G(m.content,i),d=l.urls.map(p=>({...p,extractedAt:new Date().toISOString()}));return t.verbose&&console.log(`  \u2713 Extracted ${l.urls.length} URLs from ${i}`),{success:!0,urls:d,errors:l.errors}}catch(m){let l=`Failed to process ${i}: ${m instanceof Error?m.message:String(m)}`;return t.verbose&&console.error(`  \u2717 ${l}`),{success:!1,urls:[],errors:[l]}}});for(let i of o)i.success?(n++,r.push(...i.urls)):a++,s.push(...i.errors);return t.verbose&&(console.log(`
-Extraction complete:`),console.log(`  - Sitemaps processed: ${n}`),console.log(`  - Sitemaps failed: ${a}`),console.log(`  - Total URLs: ${r.length}`),console.log(`  - Errors: ${s.length}`)),{allUrls:r,sitemapsProcessed:n,sitemapsFailed:a,totalUrls:r.length,errors:s}}async function ve(e,t,r){let s=[];for(let n=0;n<e.length;n+=t){let a=e.slice(n,n+t),c=await Promise.all(a.map(r));s.push(...c)}return s}function be(e){try{let t=new URL(e),r=t.pathname;r.endsWith("/")&&r!=="/"&&(r=r.slice(0,-1));let s=Array.from(t.searchParams.entries()).sort(([a],[c])=>a.localeCompare(c)),n=new URLSearchParams(s);return`${t.protocol}//${t.host}${r}${n.toString()?"?"+n.toString():""}${t.hash}`}catch{return e}}function we(e){if(e.length===1)return e[0];let t={...e[0]},r=e.map(o=>o.source);t.source=r.join(", ");let s=e.map(o=>o.lastmod).filter(o=>!!o).map(o=>new Date(o).getTime()).sort((o,i)=>i-o);s.length>0&&(t.lastmod=new Date(s[0]).toISOString());let n=e.map(o=>o.priority).filter(o=>o!==void 0);n.length>0&&(t.priority=Math.max(...n));let a=e.map(o=>o.changefreq).filter(o=>!!o);if(a.length>0){let o=new Map;for(let m of a)o.set(m,(o.get(m)||0)+1);let i=Array.from(o.entries()).sort((m,l)=>l[1]-m[1]);t.changefreq=i[0][0]}let c=e.map(o=>o.extractedAt).filter(o=>!!o).map(o=>new Date(o).getTime()).sort((o,i)=>i-o);return c.length>0&&(t.extractedAt=new Date(c[0]).toISOString()),t}function j(e,t=!1){let r=e.length;t&&console.log(`
-Consolidating ${e.length} URL(s)...`);let s=new Map;for(let c of e){let o=be(c.loc);s.has(o)||s.set(o,[]),s.get(o).push(c)}let n=[],a=[];for(let[c,o]of s.entries()){let i=we(o);n.push(i),o.length>1&&a.push({url:c,count:o.length,sources:o.map(m=>m.source)})}if(t&&(console.log("Consolidation complete:"),console.log(`  - Input URLs: ${r}`),console.log(`  - Unique URLs: ${n.length}`),console.log(`  - Duplicates removed: ${r-n.length}`),a.length>0)){console.log(`
-Top duplicates:`);let c=a.sort((o,i)=>i.count-o.count).slice(0,5);for(let o of c)console.log(`  - ${o.url} (${o.count} times)`)}return{uniqueUrls:n,totalInputUrls:r,duplicatesRemoved:r-n.length,duplicateGroups:a}}var H=[{name:"Authentication Parameter",category:"sensitive_params",severity:"high",regex:/[?&](token|auth|key|password|secret|apikey|session|credentials)=/i,description:"Query parameter may contain sensitive authentication data"},{name:"Debug Parameter",category:"sensitive_params",severity:"medium",regex:/[?&](debug|trace|verbose|test_mode)=/i,description:"Query parameter may contain debug or diagnostic flag"},{name:"HTTP in HTTPS Site",category:"protocol_inconsistency",severity:"medium",regex:/^http:\/\//,description:"HTTP URL in HTTPS sitemap (potential mixed content)"},{name:"Test Content Path",category:"test_content",severity:"medium",regex:/\/(?:test-|demo-|sample-|temp-|temporary-|placeholder-)|\/(test|demo|sample|temp|temporary|placeholder)(?:\/|$)/i,description:"URL path suggests test, demo, or unfinished content that may not be intended for indexing"}];function E(e){return e.replace(/[.*+?^${}()|[\]\\]/g,"\\$&")}function xe(e){let t=e.split(".");return t.length>=2?t.slice(-2).join("."):e}function V(e,t){let r=new URL(e).hostname,s=xe(r);if(t?.allowedSubdomains&&t.allowedSubdomains.length>0){let c=E(s),i=`^https?://(?!(?:(?:${t.allowedSubdomains.map(E).join("|")})\\.)?${c}(?:/|$))`;return{name:"Domain Mismatch",category:"domain_mismatch",severity:"high",regex:new RegExp(i),description:"URL does not match expected domain or allowed subdomains"}}let a=`^https?://(?!(?:www\\.)?${E(s)}(?:/|$))`;return{name:"Domain Mismatch",category:"domain_mismatch",severity:"high",regex:new RegExp(a),description:`URL does not match expected domain: ${s} (including www variant)`}}var B=[{name:"Staging Subdomain",category:"environment_leakage",severity:"high",regex:/^https?:\/\/(staging|stg)\./i,description:"URL uses staging subdomain"},{name:"Development Subdomain",category:"environment_leakage",severity:"high",regex:/^https?:\/\/(dev|development)\./i,description:"URL uses development subdomain"},{name:"QA/Test Subdomain",category:"environment_leakage",severity:"high",regex:/^https?:\/\/(qa|test|uat|preprod)\./i,description:"URL uses test environment subdomain"},{name:"Localhost URL",category:"environment_leakage",severity:"high",regex:/^https?:\/\/(localhost|127\.0\.0\.1|0\.0\.0\.0)/,description:"URL points to localhost (development environment)"},{name:"Environment in Path",category:"environment_leakage",severity:"high",regex:/^https?:\/\/[^/]+\/(staging|dev|qa|uat|preprod)\//i,description:"URL path contains environment identifier at root level"}];var W=[{name:"Admin Path",category:"admin_paths",severity:"high",regex:/\/(admin|administrator)(?:\/|$|\?)/i,description:"URL contains /admin or /administrator as a path segment"},{name:"Dashboard Path",category:"admin_paths",severity:"high",regex:/\/dashboard(?:\/|$|\?)/i,description:"URL contains /dashboard as a path segment"},{name:"Config Path",category:"admin_paths",severity:"high",regex:/\/(config|configuration)(?:\/|$|\?)/i,description:"URL contains /config or /configuration as a path segment"},{name:"Console Path",category:"admin_paths",severity:"high",regex:/\/console(?:\/|$|\?)/i,description:"URL contains /console as a path segment"},{name:"Control Panel Path",category:"admin_paths",severity:"high",regex:/\/(cpanel|control-panel)(?:\/|$|\?)/i,description:"URL contains control panel as a path segment"}],J=[{name:"Internal Content Path",category:"internal_content",severity:"medium",regex:/\/internal\b/i,description:"URL contains /internal path segment - may be internal-only content not intended for public indexing"}],Q=[{name:"Authentication Token Parameter",category:"sensitive_params",severity:"high",regex:/[?&](token|auth_token|access_token|api_token)=/i,description:"Query parameter may contain authentication token"},{name:"API Key Parameter",category:"sensitive_params",severity:"high",regex:/[?&](apikey|api_key|key)=/i,description:"Query parameter may contain API key"},{name:"Password Parameter",category:"sensitive_params",severity:"high",regex:/[?&](password|passwd|pwd)=/i,description:"Query parameter may contain password"},{name:"Secret Parameter",category:"sensitive_params",severity:"high",regex:/[?&](secret|client_secret)=/i,description:"Query parameter may contain secret value"},{name:"Session Parameter",category:"sensitive_params",severity:"high",regex:/[?&](session|sessionid|sid)=/i,description:"Query parameter may contain session identifier"},{name:"Credentials Parameter",category:"sensitive_params",severity:"high",regex:/[?&]credentials=/i,description:"Query parameter may contain credentials"},{name:"Debug Parameter",category:"sensitive_params",severity:"medium",regex:/[?&](debug|trace|verbose)=/i,description:"Query parameter contains debug or diagnostic flag"},{name:"Test Mode Parameter",category:"sensitive_params",severity:"medium",regex:/[?&](test_mode|test|testing)=/i,description:"Query parameter indicates test mode"}];function K(e){try{let t=new URL(e),r=["token","auth","auth_token","access_token","api_token","apikey","api_key","key","password","passwd","pwd","secret","client_secret","session","sessionid","sid","credentials"];for(let s of r)t.searchParams.has(s)&&t.searchParams.set(s,"[REDACTED]");return t.toString()}catch{return e}}function Re(e,t,r){switch(e){case"environment_leakage":return{rationale:`Production sitemap contains ${r} URL(s) from non-production environments (staging, dev, QA, test). This indicates configuration errors or environment leakage.`,recommendedAction:"Verify sitemap generation excludes non-production environments. Review deployment configuration and environment filtering rules."};case"admin_paths":return{rationale:`${r} administrative path(s) detected in public sitemap (admin, dashboard, config). These paths may expose privileged access points.`,recommendedAction:"Confirm if admin paths should be publicly indexed. Consider excluding via robots.txt or removing from sitemap. Verify access controls."};case"internal_content":return{rationale:`${r} URL(s) contain "internal" in the path. These may be internal-facing content not intended for public indexing.`,recommendedAction:"Review URLs to determine if they should be publicly accessible. Consider excluding internal content from sitemap or adding noindex meta tags."};case"test_content":return{rationale:`${r} URL(s) contain test/demo/sample identifiers. These may be placeholder or unfinished content not intended for indexing.`,recommendedAction:"Review and remove test content from production sitemaps. Verify content is production-ready before including in sitemap."};case"sensitive_params":return{rationale:`${r} URL(s) contain sensitive query parameters (token, auth, key, password, session). This may expose authentication credentials or debugging flags.`,recommendedAction:"Review why sensitive parameters are in sitemap URLs. Remove authentication tokens from URLs. Consider POST requests for sensitive data."};case"protocol_inconsistency":return{rationale:`${r} URL(s) use HTTP protocol in HTTPS sitemap. This creates mixed content warnings and potential security issues.`,recommendedAction:"Update URLs to use HTTPS consistently. Verify SSL certificate coverage. Check for hardcoded HTTP URLs in content."};case"domain_mismatch":return{rationale:`${r} URL(s) do not match expected base domain. This may indicate external links, CDN URLs, or configuration errors.`,recommendedAction:"Verify if external domains are intentional. Review sitemap generation logic. Confirm CDN or subdomain configuration is correct."};default:return{rationale:`${r} URL(s) flagged in category: ${e}`,recommendedAction:"Review flagged URLs and determine appropriate action."}}}function P(e,t=5){let r=new Map;for(let i of e)r.has(i.category)||r.set(i.category,[]),r.get(i.category).push(i);let s=[];for(let[i,m]of r.entries()){let l=Array.from(new Set(m.map(f=>f.url))),d=m.reduce((f,w)=>{let h=["low","medium","high"];return h.indexOf(w.severity)>h.indexOf(f)?w.severity:f},"low"),p=l.slice(0,t),{rationale:u,recommendedAction:g}=Re(i,d,l.length);s.push({category:i,severity:d,count:l.length,rationale:u,sampleUrls:p,recommendedAction:g,allUrls:l})}s.sort((i,m)=>{let l=["high","medium","low"];return l.indexOf(i.severity)-l.indexOf(m.severity)});let n=new Set(e.map(i=>i.url)).size,a=s.filter(i=>i.severity==="high").reduce((i,m)=>i+m.count,0),c=s.filter(i=>i.severity==="medium").reduce((i,m)=>i+m.count,0),o=s.filter(i=>i.severity==="low").reduce((i,m)=>i+m.count,0);return{groups:s,totalRiskUrls:n,highSeverityCount:a,mediumSeverityCount:c,lowSeverityCount:o}}async function Y(e,t,r){let s=Date.now(),n=[],a=V(t),c=[...H,...B,...W,...Q,...J,a],o=[];if(r.acceptedPatterns&&r.acceptedPatterns.length>0)for(let p of r.acceptedPatterns)try{let u=p.replace(/[.+?^${}()|[\]\\]/g,"\\$&").replace(/\*/g,"[^/]*");!u.endsWith("$")&&!u.includes("(?:")&&(u=u+"(?:/|$|\\?|#)"),o.push(new RegExp(u,"i"))}catch{r.verbose&&console.warn(`Invalid accepted pattern: ${p}`)}if(r.verbose){console.log(`
-Analyzing ${e.length} URLs for risk patterns...`);try{console.log(`Base domain: ${new URL(t).hostname}`)}catch{console.log(`Base URL: ${t}`)}o.length>0&&console.log(`Accepted patterns: ${o.length}`)}let i;try{i=new URL(t).protocol}catch{r.verbose&&console.warn(`Invalid base URL: ${t}, defaulting to https:`),i="https:"}let m=0;for(let p of e){let u=p.loc;m++,(m%1e4===0||m===e.length)&&process.stdout.write(`\r\x1B[K  Analyzing: ${m.toLocaleString()}/${e.length.toLocaleString()} URLs...`);let g=!1;for(let f of o)if(f.test(u)){g=!0;break}if(!g)for(let f of c)if(f.category==="protocol_inconsistency")try{let w=new URL(u).protocol;i==="https:"&&w==="http:"&&n.push({url:u,category:f.category,severity:f.severity,pattern:f.name,rationale:f.description,matchedValue:"http://"})}catch{r.verbose&&console.warn(`Skipping invalid URL: ${u}`);continue}else try{let w=u.match(f.regex);w&&n.push({url:f.category==="sensitive_params"?K(u):u,category:f.category,severity:f.severity,pattern:f.name,rationale:f.description,matchedValue:w[0]})}catch(w){r.verbose&&console.error(`Pattern matching failed for ${f.name}: ${w instanceof Error?w.message:String(w)}`);continue}}e.length>=1e4&&process.stdout.write("\r\x1B[K");let l=P(n),d=Date.now()-s;if(r.verbose&&(console.log(`
-Risk Summary:`),console.log(`  - Total URLs analyzed: ${e.length}`),console.log(`  - Risk URLs found: ${l.totalRiskUrls}`),console.log(`  - HIGH severity: ${l.highSeverityCount}`),console.log(`  - MEDIUM severity: ${l.mediumSeverityCount}`),console.log(`  - LOW severity: ${l.lowSeverityCount}`),console.log(`  - Processing time: ${d}ms`),l.groups.length>0)){console.log(`
-Risk Categories Found:`);for(let p of l.groups)console.log(`  - ${p.category}: ${p.count} URLs (${p.severity.toUpperCase()})`)}return{findings:n,groups:l.groups,totalUrlsAnalyzed:e.length,riskUrlCount:l.totalRiskUrls,cleanUrlCount:e.length-l.totalRiskUrls,highSeverityCount:l.highSeverityCount,mediumSeverityCount:l.mediumSeverityCount,lowSeverityCount:l.lowSeverityCount,processingTimeMs:d}}function X(e){let t={high:0,medium:0,low:0},r=e.riskGroups.map(c=>{t[c.severity]+=c.count;let o=c.allUrls||c.sampleUrls;return{category:c.category,count:c.count,severity:c.severity,summary:c.rationale,examples:o.slice(0,3),allUrls:o}}),s=e.riskGroups.reduce((c,o)=>c+o.count,0),n=s>0?`Found ${s} potentially risky URLs across ${e.riskGroups.length} categories in ${e.totalUrls} total URLs.`:`Analyzed ${e.totalUrls} URLs. No suspicious patterns detected.`,a=[];return t.high>0&&a.push(`${t.high} high-severity issues require immediate attention`),t.medium>0&&a.push(`${t.medium} medium-severity issues should be reviewed`),t.low>0&&a.push(`${t.low} low-severity items flagged for awareness`),{overview:n,keyFindings:a,categoryInsights:r,severityBreakdown:t,recommendations:[],generatedBy:"rule-based analysis",metadata:{tokensUsed:0,processingTime:e.processingTime||0,model:"pattern-matching"}}}var Se="1.0.0-alpha.0";function Z(e,t,r,s,n,a,c={}){let{pretty:o=!0,indent:i=2}=c,m=ke(e,t,r,s,n,a),l=$e(m);return o?JSON.stringify(l,null,i):JSON.stringify(l)}function ke(e,t,r,s,n,a){let c=Ue(n.baseUrl||"unknown",a,e),o=s.map(d=>({category:d.category,severity:d.severity,count:d.count,pattern:d.category,rationale:d.rationale,sampleUrls:d.sampleUrls.slice(0,5),recommendedAction:d.recommendedAction})),i={highSeverityCount:e.severityBreakdown.high,mediumSeverityCount:e.severityBreakdown.medium,lowSeverityCount:e.severityBreakdown.low,totalRiskyUrls:s.reduce((d,p)=>d+p.count,0),overallStatus:Ce(e.severityBreakdown,r.errors)},m={overview:e.overview,keyFindings:e.keyFindings,recommendations:e.recommendations},l=r.errors.map(Ae);return{analysisMetadata:c,sitemapsDiscovered:t.sitemaps,totalUrlCount:r.totalCount,urlsAnalyzed:r.totalCount,suspiciousGroups:o,riskSummary:m,summary:i,errors:l}}function Ue(e,t,r){return{baseUrl:e,analysisTimestamp:new Date().toISOString(),toolVersion:Se,executionTimeMs:Date.now()-t,analysisType:r.generatedBy}}function Ce(e,t){return t.length>0?"errors":e.high+e.medium+e.low>0?"issues_found":"clean"}function $e(e){return{analysis_metadata:Pe(e.analysisMetadata),sitemaps_discovered:e.sitemapsDiscovered,total_url_count:e.totalUrlCount,urls_analyzed:e.urlsAnalyzed,suspicious_groups:e.suspiciousGroups.map(Te),risk_summary:Ee(e.riskSummary),summary:_e(e.summary),errors:e.errors}}function Pe(e){return{base_url:e.baseUrl,analysis_timestamp:e.analysisTimestamp,tool_version:e.toolVersion,execution_time_ms:e.executionTimeMs,analysis_type:e.analysisType}}function Te(e){return{category:e.category,severity:e.severity,count:e.count,pattern:e.pattern,rationale:e.rationale,sample_urls:e.sampleUrls,recommended_action:e.recommendedAction}}function Ee(e){return{overview:e.overview,key_findings:e.keyFindings,recommendations:e.recommendations}}function _e(e){return{high_severity_count:e.highSeverityCount,medium_severity_count:e.mediumSeverityCount,low_severity_count:e.lowSeverityCount,total_risky_urls:e.totalRiskyUrls,overall_status:e.overallStatus}}function Ae(e){if("code"in e){let t=e,r={code:t.code||"UNKNOWN_ERROR",message:e.message};return"attemptedPaths"in t?r.context={attempted_paths:t.attemptedPaths}:"sitemapUrl"in t&&"lineNumber"in t?r.context={sitemap_url:t.sitemapUrl,line_number:t.lineNumber}:"url"in t&&(r.context={url:t.url}),r}return{code:"UNKNOWN_ERROR",message:e.message}}import{promises as Le}from"fs";var Ie="1.0.0-alpha.0";function De(e,t,r,s,n,a={}){let c=a.maxUrlsPerGroup??10,o=new Date().toISOString(),i=e.categoryInsights.reduce((u,g)=>u+g.count,0),m=e.categoryInsights.filter(u=>u.severity==="high"),l=e.categoryInsights.filter(u=>u.severity==="medium"),d=e.categoryInsights.filter(u=>u.severity==="low");return`<!DOCTYPE html>
+
+// src/index.ts
+import "dotenv/config";
+import { Command as Command2 } from "commander";
+
+// src/commands/analyze.ts
+import { Command } from "commander";
+import { promises as fs2 } from "fs";
+import ora from "ora";
+import chalk from "chalk";
+import cliProgress from "cli-progress";
+import os2 from "os";
+
+// src/config/config-loader.ts
+import { readFile } from "fs/promises";
+import { existsSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+
+// src/types/config.ts
+var DEFAULT_CONFIG = {
+  timeout: 30,
+  concurrency: 10,
+  parsingConcurrency: 50,
+  // Optimized for network-bound parallel parsing
+  discoveryConcurrency: 50,
+  // Optimized for recursive sitemap index discovery
+  outputFormat: "html",
+  outputDir: "./sitemap-qa/report",
+  verbose: false,
+  baseUrl: "https://example.com",
+  // Default for tests
+  acceptedPatterns: [],
+  riskDetectionBatchSize: 1e4,
+  riskDetectionConcurrency: void 0,
+  // Auto-detect in risk-detector.ts
+  progressBar: void 0,
+  // Auto-detect TTY
+  silent: false,
+  benchmark: false
+};
+
+// src/config/config-loader.ts
+async function loadConfig(cliOptions) {
+  let config = { ...DEFAULT_CONFIG };
+  const globalConfigPath = join(homedir(), ".sitemap-qa", "config.json");
+  if (existsSync(globalConfigPath)) {
+    try {
+      const globalConfig = JSON.parse(await readFile(globalConfigPath, "utf-8"));
+      config = { ...config, ...globalConfig };
+    } catch (error) {
+      console.warn(`Warning: Failed to load global config: ${error}`);
+    }
+  }
+  const projectConfigPath = join(process.cwd(), ".sitemap-qa.config.json");
+  if (existsSync(projectConfigPath)) {
+    try {
+      const projectConfig = JSON.parse(await readFile(projectConfigPath, "utf-8"));
+      config = { ...config, ...projectConfig };
+    } catch (error) {
+      console.warn(`Warning: Failed to load project config: ${error}`);
+    }
+  }
+  const envConfig = loadFromEnv();
+  config = { ...config, ...envConfig };
+  config = mergeCliOptions(config, cliOptions);
+  if (cliOptions.baseUrl) {
+    config.baseUrl = cliOptions.baseUrl;
+  }
+  validateConfig(config);
+  return config;
+}
+function loadFromEnv() {
+  const env = {};
+  if (process.env.SITEMAP_VERIFY_TIMEOUT) {
+    env.timeout = parseInt(process.env.SITEMAP_VERIFY_TIMEOUT, 10);
+  }
+  return env;
+}
+function mergeCliOptions(config, cliOptions) {
+  const merged = { ...config };
+  if (cliOptions.timeout && cliOptions.timeout !== "30") {
+    merged.timeout = parseInt(cliOptions.timeout, 10);
+  }
+  if (cliOptions.output) {
+    merged.outputFormat = cliOptions.output;
+  }
+  if (cliOptions.outputDir) {
+    merged.outputDir = cliOptions.outputDir;
+  }
+  if (cliOptions.verbose === true) {
+    merged.verbose = true;
+  }
+  if (cliOptions.acceptedPatterns) {
+    merged.acceptedPatterns = cliOptions.acceptedPatterns.split(",").map((p) => p.trim()).filter(Boolean);
+  }
+  return merged;
+}
+function validateConfig(config) {
+  if (config.timeout < 1 || config.timeout > 300) {
+    throw new Error("Timeout must be between 1 and 300 seconds");
+  }
+  if (!["json", "html"].includes(config.outputFormat)) {
+    throw new Error("Output format must be json or html");
+  }
+}
+
+// src/errors/network-errors.ts
+var NetworkError = class extends Error {
+  constructor(url, originalError) {
+    super(`Network request failed for ${url}: ${originalError.message}`);
+    this.url = url;
+    this.originalError = originalError;
+    this.name = "NetworkError";
+  }
+  code = "NETWORK_ERROR";
+};
+var HttpError = class extends Error {
+  constructor(url, statusCode, statusText) {
+    let message = `HTTP ${statusCode} error for ${url}`;
+    if (statusCode === 403) {
+      message += "\n   Note: 403 Forbidden often indicates bot protection (Cloudflare, etc.) or access restrictions";
+    }
+    super(message);
+    this.url = url;
+    this.statusCode = statusCode;
+    this.statusText = statusText;
+    this.name = "HttpError";
+  }
+  code = "HTTP_ERROR";
+};
+
+// src/utils/http-client.ts
+import { chromium } from "playwright";
+import axios from "axios";
+import { Agent as HttpAgent } from "http";
+import { Agent as HttpsAgent } from "https";
+var httpAgent = new HttpAgent({
+  keepAlive: true,
+  maxSockets: 200,
+  // Allow many concurrent connections
+  maxFreeSockets: 50,
+  timeout: 15e3
+});
+var httpsAgent = new HttpsAgent({
+  keepAlive: true,
+  maxSockets: 200,
+  maxFreeSockets: 50,
+  timeout: 15e3
+});
+var axiosInstance = axios.create({
+  httpAgent,
+  httpsAgent,
+  maxRedirects: 5,
+  validateStatus: () => true
+  // Don't throw on any status code
+});
+async function fetchUrlWithBrowser(url, timeout) {
+  let browser;
+  try {
+    browser = await chromium.launch({
+      headless: true,
+      args: [
+        "--disable-blink-features=AutomationControlled",
+        // Hide automation flags
+        "--disable-dev-shm-usage",
+        "--no-sandbox"
+      ]
+    });
+    const context = await browser.newContext({
+      userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
+      viewport: { width: 1920, height: 1080 },
+      locale: "en-US",
+      timezoneId: "America/New_York",
+      extraHTTPHeaders: {
+        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
+        "Accept-Language": "en-US,en;q=0.9",
+        "Accept-Encoding": "gzip, deflate, br",
+        "DNT": "1",
+        "Connection": "keep-alive",
+        "Upgrade-Insecure-Requests": "1"
+      }
+    });
+    const page = await context.newPage();
+    await page.addInitScript(() => {
+      Object.defineProperty(navigator, "webdriver", {
+        get: () => false
+      });
+      window.chrome = {
+        runtime: {}
+      };
+      const originalQuery = window.navigator.permissions.query;
+      window.navigator.permissions.query = (parameters) => parameters.name === "notifications" ? Promise.resolve({ state: Notification.permission }) : originalQuery(parameters);
+    });
+    page.setDefaultTimeout(timeout * 1e3);
+    const response = await page.goto(url, {
+      waitUntil: "domcontentloaded",
+      // Changed from networkidle - faster for simple XML
+      timeout: timeout * 1e3
+    });
+    if (!response) {
+      throw new Error("No response received from page");
+    }
+    const statusCode = response.status();
+    const content = await page.content();
+    const finalUrl = page.url();
+    await browser.close();
+    if (statusCode >= 200 && statusCode < 300) {
+      return {
+        content,
+        statusCode,
+        url: finalUrl
+      };
+    }
+    throw new HttpError(finalUrl, statusCode);
+  } catch (error) {
+    if (browser) {
+      await browser.close();
+    }
+    if (error.code === "HTTP_ERROR") {
+      throw error;
+    }
+    throw new NetworkError(url, error);
+  }
+}
+async function fetchUrl(url, options = {}) {
+  const {
+    timeout = 30,
+    maxRetries = 3,
+    retryDelay = 1e3,
+    useBrowser = false,
+    disableBrowserFallback = false
+  } = options;
+  new URL(url);
+  const retryableStatuses = [408, 429, 500, 502, 503, 504];
+  let lastError = null;
+  let attemptedBrowser = false;
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
+    try {
+      if (useBrowser || attemptedBrowser) {
+        return await fetchUrlWithBrowser(url, timeout);
+      }
+      const response = await axiosInstance.get(url, {
+        timeout: timeout * 1e3,
+        headers: {
+          "User-Agent": "sitemap-qa/1.0.0 (compatible; +https://github.com/Akotliar/sitemap-qa)",
+          "Accept": "text/xml,application/xml,text/plain,*/*",
+          "Accept-Encoding": "gzip, deflate",
+          "Connection": "keep-alive"
+        }
+      });
+      const statusCode = response.status;
+      const body = response.data;
+      if (statusCode >= 200 && statusCode < 300) {
+        return {
+          content: typeof body === "string" ? body : JSON.stringify(body),
+          statusCode,
+          url: response.request?.res?.responseUrl || url
+          // Final URL after redirects
+        };
+      }
+      if (statusCode === 403 && !attemptedBrowser && !disableBrowserFallback) {
+        attemptedBrowser = true;
+        continue;
+      }
+      if (!retryableStatuses.includes(statusCode)) {
+        throw new HttpError(response.request?.res?.responseUrl || url, statusCode);
+      }
+      lastError = new HttpError(response.request?.res?.responseUrl || url, statusCode);
+    } catch (error) {
+      if (error.code === "HTTP_ERROR") {
+        const httpError = error;
+        if (!retryableStatuses.includes(httpError.statusCode)) {
+          throw error;
+        }
+        lastError = error;
+      } else {
+        lastError = new NetworkError(url, error);
+      }
+      if (attempt === maxRetries) break;
+    }
+    if (attempt < maxRetries) {
+      const delay = retryDelay * Math.pow(2, attempt);
+      await new Promise((resolve) => setTimeout(resolve, delay));
+    }
+  }
+  throw lastError;
+}
+
+// src/core/discovery.ts
+function normalizeBaseUrl(url) {
+  const parsed = new URL(url);
+  return parsed.origin;
+}
+async function detectCanonicalDomain(baseUrl, config) {
+  const urlObj = new URL(baseUrl);
+  const hasWww = urlObj.hostname.startsWith("www.");
+  const alternateHostname = hasWww ? urlObj.hostname.substring(4) : `www.${urlObj.hostname}`;
+  const alternateUrl = `${urlObj.protocol}//${alternateHostname}/robots.txt`;
+  try {
+    const result = await fetchUrl(alternateUrl, {
+      timeout: config.timeout,
+      maxRetries: 1
+    });
+    if (result.statusCode === 200 || result.statusCode === 404) {
+      return alternateHostname;
+    }
+    return urlObj.hostname;
+  } catch (error) {
+    if (error instanceof HttpError && error.statusCode === 301) {
+      return urlObj.hostname;
+    }
+    return urlObj.hostname;
+  }
+}
+async function tryStandardPaths(baseUrl, config) {
+  const baseDomain = new URL(baseUrl).origin;
+  const accessIssues = [];
+  const standardPaths = [
+    "/sitemap.xml",
+    "/sitemap_index.xml",
+    "/sitemap-index.xml"
+  ];
+  const results = await Promise.allSettled(
+    standardPaths.map(async (path) => {
+      const sitemapUrl = `${baseDomain}${path}`;
+      try {
+        const result = await fetchUrl(sitemapUrl, {
+          timeout: config.timeout,
+          maxRetries: 0
+          // Don't retry on standard paths - fail fast
+        });
+        if (result.statusCode === 200) {
+          if (config.verbose) {
+            console.log(`\u2713 Found sitemap at: ${sitemapUrl}`);
+          }
+          return { found: true, url: sitemapUrl };
+        }
+        return { found: false };
+      } catch (error) {
+        if (error instanceof HttpError) {
+          if (error.statusCode === 401 || error.statusCode === 403) {
+            accessIssues.push({
+              url: sitemapUrl,
+              statusCode: error.statusCode,
+              error: error.statusCode === 401 ? "Unauthorized" : "Access Denied"
+            });
+            if (config.verbose) {
+              console.log(`\u26A0 Access denied: ${sitemapUrl} (${error.statusCode})`);
+            }
+          } else if (config.verbose) {
+            console.log(`\u2717 Not found: ${sitemapUrl} (${error.statusCode})`);
+          }
+        } else if (config.verbose) {
+          console.log(`\u2717 Not found: ${sitemapUrl}`);
+        }
+        return { found: false };
+      }
+    })
+  );
+  for (const result of results) {
+    if (result.status === "fulfilled" && result.value.found) {
+      return { sitemaps: [result.value.url], issues: accessIssues };
+    }
+  }
+  if (config.verbose) {
+    console.log("No sitemap found at standard paths");
+  }
+  return { sitemaps: [], issues: accessIssues };
+}
+async function parseRobotsTxt(baseUrl, config) {
+  const robotsUrl = `${new URL(baseUrl).origin}/robots.txt`;
+  try {
+    const result = await fetchUrl(robotsUrl, {
+      timeout: config.timeout,
+      maxRetries: 1
+    });
+    const lines = result.content.split("\n");
+    const sitemaps = [];
+    for (const line of lines) {
+      const match = line.match(/^Sitemap:\s*(.+)$/i);
+      if (match) {
+        const sitemapUrl = match[1].trim();
+        try {
+          new URL(sitemapUrl);
+          sitemaps.push(sitemapUrl);
+        } catch {
+          if (config.verbose) {
+            console.warn(`Invalid sitemap URL in robots.txt: ${sitemapUrl}`);
+          }
+        }
+      }
+    }
+    if (config.verbose && sitemaps.length > 0) {
+      console.log(`Found ${sitemaps.length} sitemap(s) in robots.txt`);
+    }
+    return sitemaps;
+  } catch (error) {
+    if (config.verbose) {
+      console.log(`No robots.txt found at ${robotsUrl}`);
+    }
+    return [];
+  }
+}
+function isSitemapIndex(xmlContent) {
+  if (xmlContent.includes("<sitemapindex")) {
+    return true;
+  }
+  if (xmlContent.includes("<urlset")) {
+    const urlBlockRegex = /<url[^>]*>.*?<loc>([^<]+)<\/loc>.*?<\/url>/gs;
+    const matches = Array.from(xmlContent.matchAll(urlBlockRegex));
+    const samplesToCheck = Math.min(5, matches.length);
+    let sitemapLikeCount = 0;
+    for (let i = 0; i < samplesToCheck; i++) {
+      const url = matches[i][1].trim().toLowerCase();
+      if (url.includes("sitemap") || url.endsWith(".xml")) {
+        sitemapLikeCount++;
+      }
+    }
+    return sitemapLikeCount > samplesToCheck / 2;
+  }
+  return false;
+}
+function extractSitemapIndexUrls(xmlContent) {
+  const urls = [];
+  if (xmlContent.includes("<sitemapindex")) {
+    const sitemapBlockRegex = /<sitemap[^>]*>(.*?)<\/sitemap>/gs;
+    let sitemapMatch;
+    while ((sitemapMatch = sitemapBlockRegex.exec(xmlContent)) !== null) {
+      const locMatch = /<loc>([^<]+)<\/loc>/i.exec(sitemapMatch[1]);
+      if (locMatch) {
+        const url = locMatch[1].trim();
+        try {
+          new URL(url);
+          urls.push(url);
+        } catch {
+        }
+      }
+    }
+  } else {
+    const urlBlockRegex = /<url[^>]*>(.*?)<\/url>/gs;
+    let urlMatch;
+    while ((urlMatch = urlBlockRegex.exec(xmlContent)) !== null) {
+      const locMatch = /<loc>([^<]+)<\/loc>/i.exec(urlMatch[1]);
+      if (locMatch) {
+        const url = locMatch[1].trim();
+        if (url.toLowerCase().includes("sitemap") || url.toLowerCase().endsWith(".xml")) {
+          try {
+            new URL(url);
+            urls.push(url);
+          } catch {
+          }
+        }
+      }
+    }
+  }
+  return urls;
+}
+async function discoverAllSitemaps(initialSitemaps, config, baseUrl, canonicalDomain, _maxDepth = 10) {
+  const finalSitemaps = [];
+  const toProcess = [...initialSitemaps];
+  const processed = /* @__PURE__ */ new Set();
+  const failed = /* @__PURE__ */ new Set();
+  const redirected = /* @__PURE__ */ new Set();
+  let detectedCanonical = canonicalDomain;
+  const BATCH_SIZE = config.discoveryConcurrency || 50;
+  while (toProcess.length > 0) {
+    const batch = toProcess.splice(0, Math.min(BATCH_SIZE, toProcess.length));
+    const batchResults = await Promise.all(batch.map(async (sitemapUrl) => {
+      if (processed.has(sitemapUrl)) {
+        if (config.verbose) {
+          console.warn(`Skipping duplicate sitemap: ${sitemapUrl}`);
+        }
+        return { type: "skip" };
+      }
+      processed.add(sitemapUrl);
+      try {
+        const result = await fetchUrl(sitemapUrl, {
+          timeout: config.timeout,
+          maxRetries: 2
+        });
+        if (isSitemapIndex(result.content)) {
+          if (config.verbose) {
+            console.log(`Found sitemap index: ${sitemapUrl}`);
+          }
+          const childUrls = extractSitemapIndexUrls(result.content);
+          if (config.verbose) {
+            console.log(`  \u2514\u2500 Contains ${childUrls.length} child sitemap(s)`);
+          }
+          return { type: "index", childUrls };
+        } else {
+          if (config.verbose) {
+            console.log(`\u2713 Discovered sitemap: ${sitemapUrl}`);
+          }
+          return { type: "sitemap", url: sitemapUrl };
+        }
+      } catch (error) {
+        if (error instanceof HttpError && error.statusCode === 301) {
+          redirected.add(sitemapUrl);
+          if (config.verbose) {
+            if (!detectedCanonical) {
+              detectedCanonical = await detectCanonicalDomain(baseUrl, config);
+              if (config.verbose) {
+                console.log(`Canonical domain detected: ${detectedCanonical}`);
+              }
+            }
+            try {
+              const sitemapUrlObj = new URL(sitemapUrl);
+              if (sitemapUrlObj.hostname !== detectedCanonical) {
+                console.warn(`\u26A0\uFE0F  Sitemap URL redirects (301): ${sitemapUrl}`);
+                console.warn(`   Problem: The sitemap index contains a URL that redirects.`);
+                console.warn(`   Likely issue: Domain mismatch - expected "${detectedCanonical}" but got "${sitemapUrlObj.hostname}"`);
+                console.warn(`   Fix: Update sitemap index to use "https://${detectedCanonical}${sitemapUrlObj.pathname}"`);
+              } else {
+                console.warn(`\u26A0\uFE0F  Sitemap URL redirects (301): ${sitemapUrl}`);
+                console.warn(`   Fix: Update the sitemap index to reference the final URL after redirect.`);
+              }
+            } catch {
+              const message = error instanceof Error ? error.message : String(error);
+              console.warn(`Failed to fetch sitemap ${sitemapUrl}: ${message}`);
+            }
+          }
+          return { type: "redirect" };
+        } else {
+          failed.add(sitemapUrl);
+          if (config.verbose) {
+            const message = error instanceof Error ? error.message : String(error);
+            console.warn(`Failed to fetch sitemap ${sitemapUrl}: ${message}`);
+          }
+          return { type: "failed" };
+        }
+      }
+    }));
+    for (const result of batchResults) {
+      if (result.type === "index") {
+        toProcess.push(...result.childUrls);
+      } else if (result.type === "sitemap") {
+        finalSitemaps.push(result.url);
+      }
+    }
+    if (processed.size > 1e3) {
+      console.warn(`\u26A0\uFE0F  Processed over 1000 sitemap URLs. Stopping to prevent excessive requests.`);
+      break;
+    }
+  }
+  const totalProcessed = processed.size;
+  const totalFailed = failed.size;
+  const totalRedirected = redirected.size;
+  const sitemapIndexCount = totalProcessed - finalSitemaps.length - totalFailed - totalRedirected;
+  if (finalSitemaps.length === 0 && totalProcessed > 0) {
+    console.warn(`
+\u26A0\uFE0F  SITEMAP DISCOVERY ISSUE`);
+    if (sitemapIndexCount > 0 && (totalFailed > 0 || totalRedirected > 0)) {
+      console.warn(`Found ${sitemapIndexCount} sitemap index(es) containing ${totalFailed + totalRedirected} child sitemap(s):`);
+      if (totalRedirected > 0) {
+        console.warn(`  - ${totalRedirected} sitemap(s) return 301 redirects (content not accessible without following redirect)`);
+      }
+      if (totalFailed > 0) {
+        console.warn(`  - ${totalFailed} sitemap(s) returned errors (404, 403, 500, or network issues)`);
+      }
+    } else if (totalRedirected > 0) {
+      console.warn(`All ${totalRedirected} sitemap(s) return 301 redirects.`);
+    } else if (totalFailed > 0) {
+      console.warn(`All ${totalFailed} sitemap(s) returned errors.`);
+      console.warn(`
+Common causes:`);
+      console.warn(`  - 403 Forbidden: Bot protection (Cloudflare, etc.) or IP blocking`);
+      console.warn(`  - 404 Not Found: Sitemaps don't exist at these URLs`);
+      console.warn(`  - 500/502/503: Server errors or maintenance`);
+      console.warn(`
+If sitemaps work in your browser but not here, the site likely has bot protection.`);
+      console.warn(`Try: Check if sitemaps load without JavaScript, or contact site administrator.`);
+    } else {
+      console.warn(`Processed ${totalProcessed} URL(s) but found no accessible sitemaps.`);
+    }
+    console.warn(`
+Note: This tool does not follow redirects for sitemap URLs.`);
+    if (totalRedirected > 0) {
+      console.warn(`
+Possible causes of redirects:`);
+      console.warn(`  - Sitemap index uses non-canonical domain (e.g., missing 'www' or vice versa)`);
+      console.warn(`  - Sitemap URLs redirect from HTTP to HTTPS`);
+      console.warn(`  - Intentional redirects in your site configuration`);
+      console.warn(`
+Recommendation: Update sitemap index URLs to match the final destination (no redirects).`);
+    }
+    console.warn(``);
+  }
+  return { sitemaps: finalSitemaps, canonicalDomain: detectedCanonical };
+}
+async function discoverSitemaps(baseUrl, config) {
+  const normalizedUrl = normalizeBaseUrl(baseUrl);
+  let allAccessIssues = [];
+  let canonicalDomain;
+  if (config.verbose) {
+    console.log("Strategy 1: Checking robots.txt for sitemap directives...");
+  }
+  const robotsSitemaps = await parseRobotsTxt(normalizedUrl, config);
+  if (robotsSitemaps.length > 0) {
+    const { sitemaps: allSitemaps, canonicalDomain: detected } = await discoverAllSitemaps(robotsSitemaps, config, normalizedUrl, canonicalDomain);
+    canonicalDomain = detected;
+    return {
+      sitemaps: allSitemaps,
+      source: "robots-txt",
+      accessIssues: [],
+      // Clear access issues since we found working sitemaps
+      canonicalDomain
+    };
+  }
+  if (config.verbose) {
+    console.log("Strategy 2: Trying standard sitemap paths...");
+  }
+  const { sitemaps: standardSitemaps, issues, redirectedToCanonical } = await tryStandardPaths(normalizedUrl, config);
+  allAccessIssues = issues;
+  if (standardSitemaps.length > 0) {
+    const { sitemaps: allSitemaps, canonicalDomain: detected } = await discoverAllSitemaps(standardSitemaps, config, normalizedUrl, canonicalDomain);
+    canonicalDomain = detected;
+    return {
+      sitemaps: allSitemaps,
+      source: "standard-path",
+      accessIssues: [],
+      // Clear access issues since we found working sitemaps
+      canonicalDomain
+    };
+  }
+  if (redirectedToCanonical) {
+    const canonicalUrl = `https://${redirectedToCanonical}`;
+    console.log(`
+\u{1F4A1} All requests redirected. Retrying with canonical domain: ${redirectedToCanonical}
+`);
+    const canonicalRobotsSitemaps = await parseRobotsTxt(canonicalUrl, config);
+    if (canonicalRobotsSitemaps.length > 0) {
+      const { sitemaps: allSitemaps, canonicalDomain: detected } = await discoverAllSitemaps(canonicalRobotsSitemaps, config, canonicalUrl, redirectedToCanonical);
+      return {
+        sitemaps: allSitemaps,
+        source: "robots-txt",
+        accessIssues: [],
+        canonicalDomain: detected || redirectedToCanonical
+      };
+    }
+    const { sitemaps: canonicalStandardSitemaps } = await tryStandardPaths(canonicalUrl, config);
+    if (canonicalStandardSitemaps.length > 0) {
+      const { sitemaps: allSitemaps, canonicalDomain: detected } = await discoverAllSitemaps(canonicalStandardSitemaps, config, canonicalUrl, redirectedToCanonical);
+      return {
+        sitemaps: allSitemaps,
+        source: "standard-path",
+        accessIssues: [],
+        canonicalDomain: detected || redirectedToCanonical
+      };
+    }
+  }
+  return {
+    sitemaps: [],
+    source: "none",
+    accessIssues: allAccessIssues,
+    canonicalDomain
+  };
+}
+
+// src/core/parser.ts
+import { XMLParser, XMLValidator } from "fast-xml-parser";
+var VALID_CHANGEFREQ = /* @__PURE__ */ new Set([
+  "always",
+  "hourly",
+  "daily",
+  "weekly",
+  "monthly",
+  "yearly",
+  "never"
+]);
+var parser = new XMLParser({
+  ignoreAttributes: false,
+  attributeNamePrefix: "@_",
+  textNodeName: "_text",
+  parseAttributeValue: true,
+  trimValues: true,
+  allowBooleanAttributes: true,
+  parseTagValue: false
+  // Keep values as strings for validation
+});
+function extractUrls(parsedXml, sitemapUrl) {
+  const urls = [];
+  if (parsedXml.urlset) {
+    const urlNodes = Array.isArray(parsedXml.urlset.url) ? parsedXml.urlset.url : [parsedXml.urlset.url];
+    for (let i = 0; i < urlNodes.length; i++) {
+      const node = urlNodes[i];
+      if (!node || !node.loc) {
+        continue;
+      }
+      urls.push({
+        loc: node.loc,
+        lastmod: node.lastmod,
+        changefreq: node.changefreq,
+        priority: node.priority ? parseFloat(node.priority) : void 0,
+        source: sitemapUrl
+      });
+    }
+  }
+  return urls;
+}
+async function parseSitemap(xml, sitemapUrl) {
+  const errors = [];
+  try {
+    const validationResult = XMLValidator.validate(xml);
+    if (validationResult !== true) {
+      const validationError = typeof validationResult === "object" ? validationResult.err.msg : "Invalid XML";
+      return {
+        urls: [],
+        errors: [
+          `[${sitemapUrl}] XML parsing failed: ${validationError}`
+        ],
+        totalCount: 0,
+        sitemapUrl
+      };
+    }
+    const parsed = parser.parse(xml);
+    const urls = extractUrls(parsed, sitemapUrl);
+    const validUrls = [];
+    for (const entry of urls) {
+      try {
+        new URL(entry.loc);
+        if (entry.priority !== void 0) {
+          if (entry.priority < 0 || entry.priority > 1) {
+            errors.push(
+              `Invalid priority ${entry.priority} for ${entry.loc} - clamping to 0-1`
+            );
+            entry.priority = Math.max(0, Math.min(1, entry.priority));
+          }
+        }
+        if (entry.changefreq) {
+          if (!VALID_CHANGEFREQ.has(entry.changefreq.toLowerCase())) {
+            errors.push(
+              `Invalid changefreq "${entry.changefreq}" for ${entry.loc}`
+            );
+            entry.changefreq = void 0;
+          }
+        }
+        validUrls.push(entry);
+      } catch (urlError) {
+        errors.push(`Invalid URL format: ${entry.loc}`);
+      }
+    }
+    return {
+      urls: validUrls,
+      errors,
+      totalCount: validUrls.length,
+      sitemapUrl
+    };
+  } catch (parseError) {
+    const errorMsg = parseError instanceof Error ? parseError.message : String(parseError);
+    return {
+      urls: [],
+      errors: [
+        `[${sitemapUrl}] XML parsing failed: ${errorMsg}`
+      ],
+      totalCount: 0,
+      sitemapUrl
+    };
+  }
+}
+
+// src/utils/batch-processor.ts
+function chunkArray(array, chunkSize) {
+  const chunks = [];
+  for (let i = 0; i < array.length; i += chunkSize) {
+    chunks.push(array.slice(i, i + chunkSize));
+  }
+  return chunks;
+}
+async function processInBatches(items, concurrency, processor, onProgress) {
+  const results = new Array(items.length);
+  let completed = 0;
+  let currentIndex = 0;
+  const errors = [];
+  const workers = Array(Math.min(concurrency, items.length)).fill(null).map(async () => {
+    while (currentIndex < items.length) {
+      const index = currentIndex++;
+      const item = items[index];
+      try {
+        results[index] = await processor(item);
+      } catch (error) {
+        errors.push({ index, error });
+        results[index] = null;
+      }
+      completed++;
+      if (onProgress) {
+        onProgress(completed, items.length);
+      }
+    }
+  });
+  await Promise.all(workers);
+  if (errors.length > 0) {
+    console.warn(`Processed ${items.length} items with ${errors.length} errors`);
+  }
+  return results;
+}
+
+// src/core/extractor.ts
+async function extractAllUrls(sitemapUrls, config, onProgress) {
+  const allUrls = [];
+  const allErrors = [];
+  let sitemapsProcessed = 0;
+  let sitemapsFailed = 0;
+  if (config.verbose) {
+    console.log(`
+Extracting URLs from ${sitemapUrls.length} sitemap(s)...`);
+  }
+  const CONCURRENCY = config.parsingConcurrency || 50;
+  if (!config.silent && config.verbose) {
+    console.log(`Using parsing concurrency: ${CONCURRENCY}`);
+  }
+  const results = await processInBatches(
+    sitemapUrls,
+    CONCURRENCY,
+    async (sitemapUrl) => {
+      try {
+        if (config.verbose) {
+          console.log(`Extracting URLs from: ${sitemapUrl}`);
+        }
+        const response = await fetchUrl(sitemapUrl, {
+          timeout: 10,
+          // Fast timeout for sitemaps
+          maxRetries: 0,
+          // No retries - fail fast
+          disableBrowserFallback: true
+          // Don't use browser for bulk parsing
+        });
+        const parseResult = await parseSitemap(response.content, sitemapUrl);
+        const extractedAt = (/* @__PURE__ */ new Date()).toISOString();
+        parseResult.urls.forEach((url) => {
+          url.extractedAt = extractedAt;
+        });
+        if (config.verbose) {
+          console.log(`  \u2713 Extracted ${parseResult.urls.length} URLs from ${sitemapUrl}`);
+        }
+        return {
+          success: true,
+          urls: parseResult.urls,
+          errors: parseResult.errors
+        };
+      } catch (error) {
+        const errorMsg = `Failed to process ${sitemapUrl}: ${error instanceof Error ? error.message : String(error)}`;
+        if (config.verbose) {
+          console.error(`  \u2717 ${errorMsg}`);
+        }
+        return {
+          success: false,
+          urls: [],
+          errors: [errorMsg]
+        };
+      }
+    },
+    onProgress
+    // Pass progress callback to batch processor
+  );
+  for (const result of results) {
+    if (result.success) {
+      sitemapsProcessed++;
+      allUrls.push(...result.urls);
+    } else {
+      sitemapsFailed++;
+    }
+    allErrors.push(...result.errors);
+  }
+  if (config.verbose) {
+    console.log(`
+Extraction complete:`);
+    console.log(`  - Sitemaps processed: ${sitemapsProcessed}`);
+    console.log(`  - Sitemaps failed: ${sitemapsFailed}`);
+    console.log(`  - Total URLs: ${allUrls.length}`);
+    console.log(`  - Errors: ${allErrors.length}`);
+  }
+  return {
+    allUrls,
+    sitemapsProcessed,
+    sitemapsFailed,
+    totalUrls: allUrls.length,
+    errors: allErrors
+  };
+}
+
+// src/core/consolidator.ts
+function normalizeUrl(url) {
+  try {
+    const parsed = new URL(url);
+    let pathname = parsed.pathname;
+    if (pathname.endsWith("/") && pathname !== "/") {
+      pathname = pathname.slice(0, -1);
+    }
+    const params = Array.from(parsed.searchParams.entries()).sort(
+      ([a], [b]) => a.localeCompare(b)
+    );
+    const sortedParams = new URLSearchParams(params);
+    return `${parsed.protocol}//${parsed.host}${pathname}${sortedParams.toString() ? "?" + sortedParams.toString() : ""}${parsed.hash}`;
+  } catch {
+    return url;
+  }
+}
+function mergeUrlEntries(entries) {
+  if (entries.length === 1) return entries[0];
+  const merged = { ...entries[0] };
+  const sources = entries.map((e) => e.source);
+  merged.source = sources.join(", ");
+  const lastmods = entries.map((e) => e.lastmod).filter((lm) => !!lm).map((lm) => new Date(lm).getTime()).sort((a, b) => b - a);
+  if (lastmods.length > 0) {
+    merged.lastmod = new Date(lastmods[0]).toISOString();
+  }
+  const priorities = entries.map((e) => e.priority).filter((p) => p !== void 0);
+  if (priorities.length > 0) {
+    merged.priority = Math.max(...priorities);
+  }
+  const changefreqs = entries.map((e) => e.changefreq).filter((cf) => !!cf);
+  if (changefreqs.length > 0) {
+    const counts = /* @__PURE__ */ new Map();
+    for (const cf of changefreqs) {
+      counts.set(cf, (counts.get(cf) || 0) + 1);
+    }
+    const sorted = Array.from(counts.entries()).sort((a, b) => b[1] - a[1]);
+    merged.changefreq = sorted[0][0];
+  }
+  const extractedAts = entries.map((e) => e.extractedAt).filter((ea) => !!ea).map((ea) => new Date(ea).getTime()).sort((a, b) => b - a);
+  if (extractedAts.length > 0) {
+    merged.extractedAt = new Date(extractedAts[0]).toISOString();
+  }
+  return merged;
+}
+function consolidateUrls(urls, verbose = false) {
+  const totalInputUrls = urls.length;
+  if (verbose) {
+    console.log(`
+Consolidating ${urls.length} URL(s)...`);
+  }
+  const urlMap = /* @__PURE__ */ new Map();
+  for (const entry of urls) {
+    const normalized = normalizeUrl(entry.loc);
+    if (!urlMap.has(normalized)) {
+      urlMap.set(normalized, []);
+    }
+    urlMap.get(normalized).push(entry);
+  }
+  const uniqueUrls = [];
+  const duplicateGroups = [];
+  for (const [normalized, entries] of urlMap.entries()) {
+    const merged = mergeUrlEntries(entries);
+    uniqueUrls.push(merged);
+    if (entries.length > 1) {
+      duplicateGroups.push({
+        url: normalized,
+        count: entries.length,
+        sources: entries.map((e) => e.source)
+      });
+    }
+  }
+  if (verbose) {
+    console.log(`Consolidation complete:`);
+    console.log(`  - Input URLs: ${totalInputUrls}`);
+    console.log(`  - Unique URLs: ${uniqueUrls.length}`);
+    console.log(`  - Duplicates removed: ${totalInputUrls - uniqueUrls.length}`);
+    if (duplicateGroups.length > 0) {
+      console.log(`
+Top duplicates:`);
+      const top5 = duplicateGroups.sort((a, b) => b.count - a.count).slice(0, 5);
+      for (const group of top5) {
+        console.log(`  - ${group.url} (${group.count} times)`);
+      }
+    }
+  }
+  return {
+    uniqueUrls,
+    totalInputUrls,
+    duplicatesRemoved: totalInputUrls - uniqueUrls.length,
+    duplicateGroups
+  };
+}
+
+// src/core/patterns/risk-patterns.ts
+var RISK_PATTERNS = [
+  // Note: Environment leakage patterns moved to domain-patterns.ts
+  // Note: Admin path patterns moved to admin-patterns.ts
+  // to avoid duplication and improve maintainability
+  // Sensitive Parameter Patterns (HIGH)
+  {
+    name: "Authentication Parameter",
+    category: "sensitive_params",
+    severity: "high",
+    regex: /[?&](token|auth|key|password|secret|apikey|session|credentials)=/i,
+    description: "Query parameter may contain sensitive authentication data"
+  },
+  {
+    name: "Debug Parameter",
+    category: "sensitive_params",
+    severity: "medium",
+    regex: /[?&](debug|trace|verbose|test_mode)=/i,
+    description: "Query parameter may contain debug or diagnostic flag"
+  },
+  // Protocol Inconsistency Patterns (MEDIUM)
+  {
+    name: "HTTP in HTTPS Site",
+    category: "protocol_inconsistency",
+    severity: "medium",
+    regex: /^http:\/\//,
+    description: "HTTP URL in HTTPS sitemap (potential mixed content)"
+  },
+  // Test/Unfinished Content Patterns (MEDIUM)
+  // Focuses on obvious test/placeholder patterns, avoiding false positives with legitimate content
+  {
+    name: "Test Content Path",
+    category: "test_content",
+    severity: "medium",
+    regex: /\/(?:test-|demo-|sample-|temp-|temporary-|placeholder-)|\/(test|demo|sample|temp|temporary|placeholder)(?:\/|$)/i,
+    description: "URL path suggests test, demo, or unfinished content that may not be intended for indexing"
+  }
+];
+
+// src/core/patterns/domain-patterns.ts
+function escapeRegex(str) {
+  return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+function extractRootDomain(hostname) {
+  const parts = hostname.split(".");
+  if (parts.length >= 2) {
+    return parts.slice(-2).join(".");
+  }
+  return hostname;
+}
+function createDomainMismatchPattern(baseUrl, options) {
+  const baseDomain = new URL(baseUrl).hostname;
+  const rootDomain = extractRootDomain(baseDomain);
+  if (options?.allowedSubdomains && options.allowedSubdomains.length > 0) {
+    const escapedRoot2 = escapeRegex(rootDomain);
+    const escapedSubdomains = options.allowedSubdomains.map(escapeRegex).join("|");
+    const pattern2 = `^https?://(?!(?:(?:${escapedSubdomains})\\.)?${escapedRoot2}(?:/|$))`;
+    return {
+      name: "Domain Mismatch",
+      category: "domain_mismatch",
+      severity: "high",
+      regex: new RegExp(pattern2),
+      description: `URL does not match expected domain or allowed subdomains`
+    };
+  }
+  const escapedRoot = escapeRegex(rootDomain);
+  const pattern = `^https?://(?!(?:www\\.)?${escapedRoot}(?:/|$))`;
+  return {
+    name: "Domain Mismatch",
+    category: "domain_mismatch",
+    severity: "high",
+    regex: new RegExp(pattern),
+    description: `URL does not match expected domain: ${rootDomain} (including www variant)`
+  };
+}
+var ENVIRONMENT_PATTERNS = [
+  {
+    name: "Staging Subdomain",
+    category: "environment_leakage",
+    severity: "high",
+    regex: /^https?:\/\/(staging|stg)\./i,
+    description: "URL uses staging subdomain"
+  },
+  {
+    name: "Development Subdomain",
+    category: "environment_leakage",
+    severity: "high",
+    regex: /^https?:\/\/(dev|development)\./i,
+    description: "URL uses development subdomain"
+  },
+  {
+    name: "QA/Test Subdomain",
+    category: "environment_leakage",
+    severity: "high",
+    regex: /^https?:\/\/(qa|test|uat|preprod)\./i,
+    description: "URL uses test environment subdomain"
+  },
+  {
+    name: "Localhost URL",
+    category: "environment_leakage",
+    severity: "high",
+    regex: /^https?:\/\/(localhost|127\.0\.0\.1|0\.0\.0\.0)/,
+    description: "URL points to localhost (development environment)"
+  },
+  {
+    name: "Environment in Path",
+    category: "environment_leakage",
+    severity: "high",
+    regex: /^https?:\/\/[^/]+\/(staging|dev|qa|uat|preprod)\//i,
+    description: "URL path contains environment identifier at root level"
+  }
+];
+
+// src/core/patterns/admin-patterns.ts
+var ADMIN_PATH_PATTERNS = [
+  {
+    name: "Admin Path",
+    category: "admin_paths",
+    severity: "high",
+    regex: /\/(admin|administrator)(?:\/|$|\?)/i,
+    description: "URL contains /admin or /administrator as a path segment"
+  },
+  {
+    name: "Dashboard Path",
+    category: "admin_paths",
+    severity: "high",
+    regex: /\/dashboard(?:\/|$|\?)/i,
+    description: "URL contains /dashboard as a path segment"
+  },
+  {
+    name: "Config Path",
+    category: "admin_paths",
+    severity: "high",
+    regex: /\/(config|configuration)(?:\/|$|\?)/i,
+    description: "URL contains /config or /configuration as a path segment"
+  },
+  {
+    name: "Console Path",
+    category: "admin_paths",
+    severity: "high",
+    regex: /\/console(?:\/|$|\?)/i,
+    description: "URL contains /console as a path segment"
+  },
+  {
+    name: "Control Panel Path",
+    category: "admin_paths",
+    severity: "high",
+    regex: /\/(cpanel|control-panel)(?:\/|$|\?)/i,
+    description: "URL contains control panel as a path segment"
+  }
+];
+var INTERNAL_CONTENT_PATTERNS = [
+  {
+    name: "Internal Content Path",
+    category: "internal_content",
+    severity: "medium",
+    regex: /\/internal\b/i,
+    description: "URL contains /internal path segment - may be internal-only content not intended for public indexing"
+  }
+];
+var SENSITIVE_PARAM_PATTERNS = [
+  {
+    name: "Authentication Token Parameter",
+    category: "sensitive_params",
+    severity: "high",
+    regex: /[?&](token|auth_token|access_token|api_token)=/i,
+    description: "Query parameter may contain authentication token"
+  },
+  {
+    name: "API Key Parameter",
+    category: "sensitive_params",
+    severity: "high",
+    regex: /[?&](apikey|api_key|key)=/i,
+    description: "Query parameter may contain API key"
+  },
+  {
+    name: "Password Parameter",
+    category: "sensitive_params",
+    severity: "high",
+    regex: /[?&](password|passwd|pwd)=/i,
+    description: "Query parameter may contain password"
+  },
+  {
+    name: "Secret Parameter",
+    category: "sensitive_params",
+    severity: "high",
+    regex: /[?&](secret|client_secret)=/i,
+    description: "Query parameter may contain secret value"
+  },
+  {
+    name: "Session Parameter",
+    category: "sensitive_params",
+    severity: "high",
+    regex: /[?&](session|sessionid|sid)=/i,
+    description: "Query parameter may contain session identifier"
+  },
+  {
+    name: "Credentials Parameter",
+    category: "sensitive_params",
+    severity: "high",
+    regex: /[?&]credentials=/i,
+    description: "Query parameter may contain credentials"
+  },
+  {
+    name: "Debug Parameter",
+    category: "sensitive_params",
+    severity: "medium",
+    regex: /[?&](debug|trace|verbose)=/i,
+    description: "Query parameter contains debug or diagnostic flag"
+  },
+  {
+    name: "Test Mode Parameter",
+    category: "sensitive_params",
+    severity: "medium",
+    regex: /[?&](test_mode|test|testing)=/i,
+    description: "Query parameter indicates test mode"
+  }
+];
+
+// src/utils/sanitizer.ts
+function sanitizeUrl(url) {
+  try {
+    const parsed = new URL(url);
+    const sensitiveParams = [
+      "token",
+      "auth",
+      "auth_token",
+      "access_token",
+      "api_token",
+      "apikey",
+      "api_key",
+      "key",
+      "password",
+      "passwd",
+      "pwd",
+      "secret",
+      "client_secret",
+      "session",
+      "sessionid",
+      "sid",
+      "credentials"
+    ];
+    for (const param of sensitiveParams) {
+      if (parsed.searchParams.has(param)) {
+        parsed.searchParams.set(param, "[REDACTED]");
+      }
+    }
+    return parsed.toString();
+  } catch {
+    return url;
+  }
+}
+
+// src/core/risk-grouper.ts
+function generateRecommendation(category, _severity, count) {
+  switch (category) {
+    case "environment_leakage":
+      return {
+        rationale: `Production sitemap contains ${count} URL(s) from non-production environments (staging, dev, QA, test). This indicates configuration errors or environment leakage.`,
+        recommendedAction: "Verify sitemap generation excludes non-production environments. Review deployment configuration and environment filtering rules."
+      };
+    case "admin_paths":
+      return {
+        rationale: `${count} administrative path(s) detected in public sitemap (admin, dashboard, config). These paths may expose privileged access points.`,
+        recommendedAction: "Confirm if admin paths should be publicly indexed. Consider excluding via robots.txt or removing from sitemap. Verify access controls."
+      };
+    case "internal_content":
+      return {
+        rationale: `${count} URL(s) contain "internal" in the path. These may be internal-facing content not intended for public indexing.`,
+        recommendedAction: "Review URLs to determine if they should be publicly accessible. Consider excluding internal content from sitemap or adding noindex meta tags."
+      };
+    case "test_content":
+      return {
+        rationale: `${count} URL(s) contain test/demo/sample identifiers. These may be placeholder or unfinished content not intended for indexing.`,
+        recommendedAction: "Review and remove test content from production sitemaps. Verify content is production-ready before including in sitemap."
+      };
+    case "sensitive_params":
+      return {
+        rationale: `${count} URL(s) contain sensitive query parameters (token, auth, key, password, session). This may expose authentication credentials or debugging flags.`,
+        recommendedAction: "Review why sensitive parameters are in sitemap URLs. Remove authentication tokens from URLs. Consider POST requests for sensitive data."
+      };
+    case "protocol_inconsistency":
+      return {
+        rationale: `${count} URL(s) use HTTP protocol in HTTPS sitemap. This creates mixed content warnings and potential security issues.`,
+        recommendedAction: "Update URLs to use HTTPS consistently. Verify SSL certificate coverage. Check for hardcoded HTTP URLs in content."
+      };
+    case "domain_mismatch":
+      return {
+        rationale: `${count} URL(s) do not match expected base domain. This may indicate external links, CDN URLs, or configuration errors.`,
+        recommendedAction: "Verify if external domains are intentional. Review sitemap generation logic. Confirm CDN or subdomain configuration is correct."
+      };
+    default:
+      return {
+        rationale: `${count} URL(s) flagged in category: ${category}`,
+        recommendedAction: "Review flagged URLs and determine appropriate action."
+      };
+  }
+}
+function groupRiskFindings(findings, maxSampleUrls = 5) {
+  const categoryMap = /* @__PURE__ */ new Map();
+  for (const finding of findings) {
+    if (!categoryMap.has(finding.category)) {
+      categoryMap.set(finding.category, []);
+    }
+    categoryMap.get(finding.category).push(finding);
+  }
+  const groups = [];
+  for (const [category, categoryFindings] of categoryMap.entries()) {
+    const uniqueUrls = Array.from(new Set(categoryFindings.map((f) => f.url)));
+    const severity = categoryFindings.reduce((highest, finding) => {
+      const severityOrder = ["low", "medium", "high"];
+      return severityOrder.indexOf(finding.severity) > severityOrder.indexOf(highest) ? finding.severity : highest;
+    }, "low");
+    const sampleUrls = uniqueUrls.slice(0, maxSampleUrls);
+    const { rationale, recommendedAction } = generateRecommendation(category, severity, uniqueUrls.length);
+    groups.push({
+      category,
+      severity,
+      count: uniqueUrls.length,
+      rationale,
+      sampleUrls,
+      recommendedAction,
+      allUrls: uniqueUrls
+    });
+  }
+  groups.sort((a, b) => {
+    const severityOrder = ["high", "medium", "low"];
+    return severityOrder.indexOf(a.severity) - severityOrder.indexOf(b.severity);
+  });
+  const totalRiskUrls = new Set(findings.map((f) => f.url)).size;
+  const highSeverityCount = groups.filter((g) => g.severity === "high").reduce((sum, g) => sum + g.count, 0);
+  const mediumSeverityCount = groups.filter((g) => g.severity === "medium").reduce((sum, g) => sum + g.count, 0);
+  const lowSeverityCount = groups.filter((g) => g.severity === "low").reduce((sum, g) => sum + g.count, 0);
+  return {
+    groups,
+    totalRiskUrls,
+    highSeverityCount,
+    mediumSeverityCount,
+    lowSeverityCount
+  };
+}
+
+// src/core/risk-detector.ts
+import os from "os";
+function compileAcceptedPatterns(config) {
+  const patterns = [];
+  if (config.acceptedPatterns && config.acceptedPatterns.length > 0) {
+    for (const pattern of config.acceptedPatterns) {
+      try {
+        let regexPattern = pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&").replace(/\*/g, "[^/]*");
+        if (!regexPattern.endsWith("$") && !regexPattern.includes("(?:")) {
+          regexPattern = regexPattern + "(?:/|$|\\?|#)";
+        }
+        patterns.push(new RegExp(regexPattern, "i"));
+      } catch (error) {
+        if (config.verbose) {
+          console.warn(`Invalid accepted pattern: ${pattern}`);
+        }
+      }
+    }
+  }
+  return patterns;
+}
+async function detectRisksInBatch(urls, allPatterns, acceptedPatterns, expectedProtocol, verbose) {
+  const findings = [];
+  for (const urlEntry of urls) {
+    const url = urlEntry.loc;
+    let isAccepted = false;
+    for (const acceptedPattern of acceptedPatterns) {
+      if (acceptedPattern.test(url)) {
+        isAccepted = true;
+        break;
+      }
+    }
+    if (isAccepted) continue;
+    for (const pattern of allPatterns) {
+      if (pattern.category === "protocol_inconsistency") {
+        try {
+          const urlProtocol = new URL(url).protocol;
+          if (expectedProtocol === "https:" && urlProtocol === "http:") {
+            findings.push({
+              url,
+              category: pattern.category,
+              severity: pattern.severity,
+              pattern: pattern.name,
+              rationale: pattern.description,
+              matchedValue: "http://"
+            });
+          }
+        } catch (error) {
+          continue;
+        }
+      } else {
+        try {
+          const match = url.match(pattern.regex);
+          if (match) {
+            findings.push({
+              url: pattern.category === "sensitive_params" ? sanitizeUrl(url) : url,
+              category: pattern.category,
+              severity: pattern.severity,
+              pattern: pattern.name,
+              rationale: pattern.description,
+              matchedValue: match[0]
+            });
+          }
+        } catch (error) {
+          if (verbose) {
+            console.error(`Pattern matching failed for ${pattern.name}: ${error instanceof Error ? error.message : String(error)}`);
+          }
+          continue;
+        }
+      }
+    }
+  }
+  return { findings, urlsProcessed: urls.length };
+}
+async function detectRisks(urls, baseUrl, config) {
+  const startTime = Date.now();
+  const domainPattern = createDomainMismatchPattern(baseUrl);
+  const allPatterns = [
+    ...RISK_PATTERNS,
+    ...ENVIRONMENT_PATTERNS,
+    ...ADMIN_PATH_PATTERNS,
+    ...SENSITIVE_PARAM_PATTERNS,
+    ...INTERNAL_CONTENT_PATTERNS,
+    domainPattern
+  ];
+  const acceptedPatterns = compileAcceptedPatterns(config);
+  let expectedProtocol;
+  try {
+    expectedProtocol = new URL(baseUrl).protocol;
+  } catch (error) {
+    if (config.verbose) {
+      console.warn(`Invalid base URL: ${baseUrl}, defaulting to https:`);
+    }
+    expectedProtocol = "https:";
+  }
+  const BATCH_SIZE = config.riskDetectionBatchSize || 1e4;
+  const CONCURRENCY = config.riskDetectionConcurrency || Math.max(2, os.cpus().length - 1);
+  const batches = chunkArray(urls, BATCH_SIZE);
+  if (config.verbose) {
+    console.log(`
+Risk Detection Configuration:`);
+    console.log(`  - Total URLs: ${urls.length.toLocaleString()}`);
+    console.log(`  - Batch size: ${BATCH_SIZE.toLocaleString()}`);
+    console.log(`  - Concurrency: ${CONCURRENCY}`);
+    console.log(`  - Total batches: ${batches.length}`);
+    try {
+      console.log(`  - Base domain: ${new URL(baseUrl).hostname}`);
+    } catch (error) {
+      console.log(`  - Base URL: ${baseUrl}`);
+    }
+    if (acceptedPatterns.length > 0) {
+      console.log(`  - Accepted patterns: ${acceptedPatterns.length}`);
+    }
+  }
+  let completedBatches = 0;
+  const totalBatches = batches.length;
+  const batchStartTime = Date.now();
+  const batchResults = await processInBatches(
+    batches,
+    CONCURRENCY,
+    (batch) => detectRisksInBatch(batch, allPatterns, acceptedPatterns, expectedProtocol, config.verbose),
+    (completed) => {
+      completedBatches = completed;
+      const pct = (completed / totalBatches * 100).toFixed(1);
+      const elapsed = (Date.now() - batchStartTime) / 1e3;
+      const urlsProcessed = completed * BATCH_SIZE;
+      const speed = Math.round(urlsProcessed / elapsed);
+      const remaining = totalBatches - completed;
+      const eta = Math.round(remaining * BATCH_SIZE / speed);
+      process.stdout.write(
+        `\r\x1B[K  Analyzing batch ${completed}/${totalBatches} (${pct}%) | ETA: ~${eta}s | ${speed.toLocaleString()} URLs/sec`
+      );
+    }
+  );
+  process.stdout.write("\r\x1B[K");
+  const allFindings = batchResults.flatMap((r) => r.findings);
+  const groupingResult = groupRiskFindings(allFindings);
+  const processingTimeMs = Date.now() - startTime;
+  if (config.verbose) {
+    console.log(`
+Risk Detection Summary:`);
+    console.log(`  - Total URLs analyzed: ${urls.length.toLocaleString()}`);
+    console.log(`  - Risk URLs found: ${groupingResult.totalRiskUrls.toLocaleString()}`);
+    console.log(`  - HIGH severity: ${groupingResult.highSeverityCount}`);
+    console.log(`  - MEDIUM severity: ${groupingResult.mediumSeverityCount}`);
+    console.log(`  - LOW severity: ${groupingResult.lowSeverityCount}`);
+    console.log(`  - Processing time: ${(processingTimeMs / 1e3).toFixed(1)}s`);
+    if (groupingResult.groups.length > 0) {
+      console.log(`
+Risk Categories Found:`);
+      for (const group of groupingResult.groups) {
+        console.log(`  - ${group.category}: ${group.count} URLs (${group.severity.toUpperCase()})`);
+      }
+    }
+  }
+  return {
+    findings: allFindings,
+    groups: groupingResult.groups,
+    totalUrlsAnalyzed: urls.length,
+    riskUrlCount: groupingResult.totalRiskUrls,
+    cleanUrlCount: urls.length - groupingResult.totalRiskUrls,
+    highSeverityCount: groupingResult.highSeverityCount,
+    mediumSeverityCount: groupingResult.mediumSeverityCount,
+    lowSeverityCount: groupingResult.lowSeverityCount,
+    processingTimeMs
+  };
+}
+
+// src/summarizer.ts
+function summarizeRisks(request) {
+  const severityBreakdown = {
+    high: 0,
+    medium: 0,
+    low: 0
+  };
+  const categoryInsights = request.riskGroups.map((group) => {
+    severityBreakdown[group.severity] += group.count;
+    const urls = group.allUrls || group.sampleUrls;
+    return {
+      category: group.category,
+      count: group.count,
+      severity: group.severity,
+      summary: group.rationale,
+      examples: urls.slice(0, 3),
+      allUrls: urls
+      // Include all URLs for download functionality
+    };
+  });
+  const totalRisks = request.riskGroups.reduce((sum, g) => sum + g.count, 0);
+  const overview = totalRisks > 0 ? `Found ${totalRisks} potentially risky URLs across ${request.riskGroups.length} categories in ${request.totalUrls} total URLs.` : `Analyzed ${request.totalUrls} URLs. No suspicious patterns detected.`;
+  const keyFindings = [];
+  if (severityBreakdown.high > 0) {
+    keyFindings.push(`${severityBreakdown.high} high-severity issues require immediate attention`);
+  }
+  if (severityBreakdown.medium > 0) {
+    keyFindings.push(`${severityBreakdown.medium} medium-severity issues should be reviewed`);
+  }
+  if (severityBreakdown.low > 0) {
+    keyFindings.push(`${severityBreakdown.low} low-severity items flagged for awareness`);
+  }
+  return {
+    overview,
+    keyFindings,
+    categoryInsights,
+    severityBreakdown,
+    recommendations: [],
+    generatedBy: "rule-based analysis",
+    metadata: {
+      tokensUsed: 0,
+      processingTime: request.processingTime || 0,
+      model: "pattern-matching"
+    }
+  };
+}
+
+// src/reporters/json-reporter.ts
+var TOOL_VERSION = true ? "1.0.0-alpha.1" : "dev";
+function generateJsonReport(summary, discoveryResult, parseResult, riskGroups, config, startTime, options = {}) {
+  const {
+    pretty = true,
+    indent = 2,
+    performanceMetrics
+  } = options;
+  const result = buildAnalysisResult(
+    summary,
+    discoveryResult,
+    parseResult,
+    riskGroups,
+    config,
+    startTime
+  );
+  const jsonOutput = transformToJsonOutput(result, performanceMetrics);
+  if (pretty) {
+    return JSON.stringify(jsonOutput, null, indent);
+  } else {
+    return JSON.stringify(jsonOutput);
+  }
+}
+function buildAnalysisResult(summary, discoveryResult, parseResult, riskGroups, config, startTime) {
+  const metadata = buildAnalysisMetadata(
+    config.baseUrl || "unknown",
+    startTime,
+    summary
+  );
+  const suspiciousGroups = riskGroups.map((group) => ({
+    category: group.category,
+    severity: group.severity,
+    count: group.count,
+    pattern: group.category,
+    // Use category as pattern identifier
+    rationale: group.rationale,
+    sampleUrls: group.sampleUrls.slice(0, 5),
+    // Limit to 5 samples
+    recommendedAction: group.recommendedAction
+  }));
+  const summaryStats = {
+    highSeverityCount: summary.severityBreakdown.high,
+    mediumSeverityCount: summary.severityBreakdown.medium,
+    lowSeverityCount: summary.severityBreakdown.low,
+    totalRiskyUrls: riskGroups.reduce((sum, g) => sum + g.count, 0),
+    overallStatus: determineOverallStatus(
+      summary.severityBreakdown,
+      parseResult.errors
+    )
+  };
+  const riskSummary = {
+    overview: summary.overview,
+    keyFindings: summary.keyFindings,
+    recommendations: summary.recommendations
+  };
+  const errors = parseResult.errors.map(transformError);
+  return {
+    analysisMetadata: metadata,
+    sitemapsDiscovered: discoveryResult.sitemaps,
+    totalUrlCount: parseResult.totalCount,
+    urlsAnalyzed: parseResult.totalCount,
+    suspiciousGroups,
+    riskSummary,
+    summary: summaryStats,
+    errors
+  };
+}
+function buildAnalysisMetadata(baseUrl, startTime, summary) {
+  return {
+    baseUrl,
+    analysisTimestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    toolVersion: TOOL_VERSION,
+    executionTimeMs: Date.now() - startTime,
+    analysisType: summary.generatedBy
+  };
+}
+function determineOverallStatus(severityBreakdown, errors) {
+  if (errors.length > 0) {
+    return "errors";
+  }
+  const totalIssues = severityBreakdown.high + severityBreakdown.medium + severityBreakdown.low;
+  return totalIssues > 0 ? "issues_found" : "clean";
+}
+function transformToJsonOutput(result, performanceMetrics) {
+  const output = {
+    analysis_metadata: transformMetadata(result.analysisMetadata),
+    sitemaps_discovered: result.sitemapsDiscovered,
+    total_url_count: result.totalUrlCount,
+    urls_analyzed: result.urlsAnalyzed,
+    suspicious_groups: result.suspiciousGroups.map(transformGroup),
+    risk_summary: transformRiskSummary(result.riskSummary),
+    summary: transformSummary(result.summary),
+    errors: result.errors
+  };
+  if (performanceMetrics) {
+    output.performance_metrics = {
+      total_execution_time_ms: performanceMetrics.totalExecutionTimeMs,
+      phase_timings: performanceMetrics.phaseTimings,
+      throughput: performanceMetrics.throughput,
+      resource_usage: performanceMetrics.resourceUsage
+    };
+  }
+  return output;
+}
+function transformMetadata(meta) {
+  return {
+    base_url: meta.baseUrl,
+    analysis_timestamp: meta.analysisTimestamp,
+    tool_version: meta.toolVersion,
+    execution_time_ms: meta.executionTimeMs,
+    analysis_type: meta.analysisType
+  };
+}
+function transformGroup(group) {
+  return {
+    category: group.category,
+    severity: group.severity,
+    count: group.count,
+    pattern: group.pattern,
+    rationale: group.rationale,
+    sample_urls: group.sampleUrls,
+    recommended_action: group.recommendedAction
+  };
+}
+function transformRiskSummary(summary) {
+  return {
+    overview: summary.overview,
+    key_findings: summary.keyFindings,
+    recommendations: summary.recommendations
+  };
+}
+function transformSummary(summary) {
+  return {
+    high_severity_count: summary.highSeverityCount,
+    medium_severity_count: summary.mediumSeverityCount,
+    low_severity_count: summary.lowSeverityCount,
+    total_risky_urls: summary.totalRiskyUrls,
+    overall_status: summary.overallStatus
+  };
+}
+function transformError(error) {
+  if ("code" in error) {
+    const customError = error;
+    const errorDetail = {
+      code: customError.code || "UNKNOWN_ERROR",
+      message: error.message
+    };
+    if ("attemptedPaths" in customError) {
+      errorDetail.context = {
+        attempted_paths: customError.attemptedPaths
+      };
+    } else if ("sitemapUrl" in customError && "lineNumber" in customError) {
+      errorDetail.context = {
+        sitemap_url: customError.sitemapUrl,
+        line_number: customError.lineNumber
+      };
+    } else if ("url" in customError) {
+      errorDetail.context = {
+        url: customError.url
+      };
+    }
+    return errorDetail;
+  }
+  return {
+    code: "UNKNOWN_ERROR",
+    message: error.message
+  };
+}
+
+// src/reporters/html-reporter.ts
+import { promises as fs } from "fs";
+var TOOL_VERSION2 = "1.0.0-alpha.1";
+function generateHtmlReport(summary, discoveryResult, totalUrls, config, errors, options = {}) {
+  const maxUrls = options.maxUrlsPerGroup ?? 10;
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+  const riskyUrlCount = summary.categoryInsights.reduce((sum, g) => sum + g.count, 0);
+  const highSeverity = summary.categoryInsights.filter((g) => g.severity === "high");
+  const mediumSeverity = summary.categoryInsights.filter((g) => g.severity === "medium");
+  const lowSeverity = summary.categoryInsights.filter((g) => g.severity === "low");
+  const html = `<!DOCTYPE html>
 <html lang="en">
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Sitemap QA Report - ${s.baseUrl}</title>
+  <title>Sitemap QA Report - ${config.baseUrl}</title>
   <style>
     * { margin: 0; padding: 0; box-sizing: border-box; }
     body {
@@ -339,93 +2033,88 @@ Risk Categories Found:`);for(let p of l.groups)console.log(`  - ${p.category}: $
     <div class="header">
       <h1>Sitemap Analysis</h1>
       <div class="meta">
-        <div>${s.baseUrl}</div>
-        <div>${new Date(o).toLocaleString()}</div>
+        <div>${config.baseUrl}</div>
+        <div>${new Date(timestamp).toLocaleString()}</div>
       </div>
     </div>
 
     <div class="summary">
       <div class="summary-card">
         <div class="label">Sitemaps</div>
-        <div class="value">${t.sitemaps.length}</div>
+        <div class="value">${discoveryResult.sitemaps.length}</div>
       </div>
       <div class="summary-card">
         <div class="label">URLs Analyzed</div>
-        <div class="value">${r.toLocaleString()}</div>
+        <div class="value">${totalUrls.toLocaleString()}</div>
       </div>
       <div class="summary-card">
         <div class="label">Issues Found</div>
-        <div class="value" style="color: ${i>0?"#dc2626":"#059669"}">${i}</div>
+        <div class="value" style="color: ${riskyUrlCount > 0 ? "#dc2626" : "#059669"}">${riskyUrlCount}</div>
       </div>
       <div class="summary-card">
         <div class="label">Scan Time</div>
-        <div class="value">${(e.metadata.processingTime/1e3).toFixed(1)}s</div>
+        <div class="value">${(summary.metadata.processingTime / 1e3).toFixed(1)}s</div>
       </div>
     </div>
 
     <div class="content">
-      ${n.length>0?`
+      ${errors.length > 0 ? `
       <div class="errors-section">
-        <h3>Parsing Errors & Warnings (${n.length})</h3>
+        <h3>Parsing Errors & Warnings (${errors.length})</h3>
         <ul>
-          ${n.map(u=>`<li>${u.message}</li>`).join(`
-          `)}
+          ${errors.map((err) => `<li>${err.message}</li>`).join("\n          ")}
         </ul>
       </div>
-      `:""}
+      ` : ""}
 
-      ${t.sitemaps.length>0?`
+      ${discoveryResult.sitemaps.length > 0 ? `
       <div class="sitemaps">
-        <h3 class="collapsed" onclick="toggleSection(this)">Sitemaps Discovered (${t.sitemaps.length})</h3>
+        <h3 class="collapsed" onclick="toggleSection(this)">Sitemaps Discovered (${discoveryResult.sitemaps.length})</h3>
         <div class="sitemaps-content collapsed">
           <ul>
-            ${t.sitemaps.map(u=>`<li>\u2022 ${u}</li>`).join(`
-            `)}
+            ${discoveryResult.sitemaps.map((s) => `<li>\u2022 ${s}</li>`).join("\n            ")}
           </ul>
         </div>
       </div>
-      `:""}
+      ` : ""}
 
-      ${i===0?`
+      ${riskyUrlCount === 0 ? `
       <div class="status-clean">
         <h2>No Issues Found</h2>
         <p>All URLs in the sitemap passed validation checks.</p>
       </div>
-      `:""}
+      ` : ""}
 
-      ${m.length>0?`
+      ${highSeverity.length > 0 ? `
       <div class="severity-section">
-        <h2 class="severity-high" onclick="toggleSection(this)">High Severity (${m.reduce((u,g)=>u+g.count,0)} URLs)</h2>
+        <h2 class="severity-high" onclick="toggleSection(this)">High Severity (${highSeverity.reduce((sum, g) => sum + g.count, 0)} URLs)</h2>
         <div class="severity-content">
-          ${m.map(u=>_(u,c)).join(`
-          `)}
+          ${highSeverity.map((group) => renderRiskGroup(group, maxUrls)).join("\n          ")}
         </div>
       </div>
-      `:""}
+      ` : ""}
 
-      ${l.length>0?`
+      ${mediumSeverity.length > 0 ? `
       <div class="severity-section">
-        <h2 class="severity-medium" onclick="toggleSection(this)">Medium Severity (${l.reduce((u,g)=>u+g.count,0)} URLs)</h2>
+        <h2 class="severity-medium" onclick="toggleSection(this)">Medium Severity (${mediumSeverity.reduce((sum, g) => sum + g.count, 0)} URLs)</h2>
         <div class="severity-content">
-          ${l.map(u=>_(u,c)).join(`
-          `)}
+          ${mediumSeverity.map((group) => renderRiskGroup(group, maxUrls)).join("\n          ")}
         </div>
       </div>
-      `:""}
+      ` : ""}
 
-      ${d.length>0?`
+      ${lowSeverity.length > 0 ? `
       <div class="severity-section">
-        <h2 class="severity-low" onclick="toggleSection(this)">Low Severity (${d.reduce((u,g)=>u+g.count,0)} URLs)</h2>
+        <h2 class="severity-low" onclick="toggleSection(this)">Low Severity (${lowSeverity.reduce((sum, g) => sum + g.count, 0)} URLs)</h2>
         <div class="severity-content">
-          ${d.map(u=>_(u,c)).join(`
-          `)}
+          ${lowSeverity.map((group) => renderRiskGroup(group, maxUrls)).join("\n          ")}
         </div>
       </div>
-      `:""}
+      ` : ""}
     </div>
 
     <div class="footer">
-      Generated by <strong>sitemap-qa</strong> v${Ie}
+      Generated by <strong>sitemap-qa</strong> v${TOOL_VERSION2}
     </div>
   </div>
   
@@ -458,27 +2147,354 @@ Risk Categories Found:`);for(let p of l.groups)console.log(`  - ${p.category}: $
     }
   </script>
 </body>
-</html>`}function _(e,t){let r=e.category.split("_").map(i=>i.charAt(0).toUpperCase()+i.slice(1)).join(" "),s=e.examples.slice(0,t),n=e.count-s.length,a=e.category.toLowerCase(),c=JSON.stringify(e.allUrls),o=ee(c);return`<div class="risk-group">
-        <h3>${r} <span class="count">${e.count} URLs</span></h3>
-        <div class="impact">${e.summary}</div>
+</html>`;
+  return html;
+}
+function renderRiskGroup(group, maxUrls) {
+  const categoryTitle = group.category.split("_").map((word) => word.charAt(0).toUpperCase() + word.slice(1)).join(" ");
+  const urlsToShow = group.examples.slice(0, maxUrls);
+  const remaining = group.count - urlsToShow.length;
+  const categorySlug = group.category.toLowerCase();
+  const allUrlsJson = JSON.stringify(group.allUrls);
+  const encodedUrls = escapeHtml(allUrlsJson);
+  return `<div class="risk-group">
+        <h3>${categoryTitle} <span class="count">${group.count} URLs</span></h3>
+        <div class="impact">${group.summary}</div>
         <div class="urls">
           <h4>Sample URLs</h4>
           <ul>
-            ${s.map(i=>`<li>${ee(i)}</li>`).join(`
-            `)}
+            ${urlsToShow.map((url) => `<li>${escapeHtml(url)}</li>`).join("\n            ")}
           </ul>
-          ${n>0?`<div class="more">... and ${n} more</div>`:""}
-          <button class="download-btn" onclick="downloadUrls('${a}', '${o}')">\u{1F4E5} Download All ${e.count} URLs</button>
+          ${remaining > 0 ? `<div class="more">... and ${remaining} more</div>` : ""}
+          <button class="download-btn" onclick="downloadUrls('${categorySlug}', '${encodedUrls}')">\u{1F4E5} Download All ${group.count} URLs</button>
         </div>
-      </div>`}function ee(e){return e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#039;")}async function te(e,t,r,s,n,a,c={}){let o=De(e,t,r,s,a,c);await Le.writeFile(n,o,"utf-8")}var oe=new Ne("analyze").description("Analyze sitemap for QA issues").argument("<url>","Base URL to analyze").option("--timeout <seconds>","HTTP timeout in seconds","30").option("--no-progress","Disable progress bar").option("--output <format>","Output format: html or json","html").option("--output-dir <path>","Output directory for reports").option("--output-file <path>","Custom output filename").option("--accepted-patterns <patterns>","Comma-separated regex patterns to exclude from risk detection").option("--no-color","Disable ANSI color codes in CLI output").option("--verbose","Enable verbose logging",!1).action(async(e,t)=>{let r;try{Fe(t),r=await F({...t,baseUrl:e,outputFormat:t.output}),console.log(`
-\u{1F50D} Analyzing ${e}...
-`);let n=await ze(e,r);Me(n),await re.mkdir(r.outputDir,{recursive:!0});let a=t.outputFile||`sitemap-qa-report-${Date.now()}.html`,c=`${r.outputDir}/${a}`;if(await te(n.summary,n.discoveryResult,n.totalUrls,r,c,n.errors,{maxUrlsPerGroup:10}),console.log(`
-\u{1F4C4} Full report saved to: ${k.cyan(c)}`),t.output==="json"){let i=a.replace(/\.html$/,".json"),m=`${r.outputDir}/${i}`,l=Z(n.summary,n.discoveryResult,{totalCount:n.totalUrls,uniqueUrls:[],errors:[]},n.riskGroups,r,n.executionTime,{pretty:!0,indent:2});await re.writeFile(m,l,"utf-8"),console.log(`\u{1F4C4} JSON report saved to: ${k.cyan(m)}`)}let o=Oe(n);process.exit(o)}catch(s){Ge(s,r),process.exit(2)}});function Fe(e){let t=["json","html"];if(!t.includes(e.output))throw new Error(`Invalid output format: ${e.output}. Must be one of: ${t.join(", ")}`);let r=parseInt(e.timeout);if(isNaN(r)||r<=0)throw new Error(`Invalid timeout: ${e.timeout}. Must be a positive number.`)}function Me(e){console.log("");let t=e.summary.categoryInsights.reduce((r,s)=>r+s.count,0);if(t===0)console.log(k.green("\u2705 No issues found - sitemap looks clean!"));else{console.log(k.yellow(`\u26A0\uFE0F  Found ${t} potentially risky URL(s)`)),console.log("");let{high:r,medium:s,low:n}=e.summary.severityBreakdown;r>0&&console.log(k.red(`   \u{1F6A8} High severity:   ${r} URLs`)),s>0&&console.log(k.yellow(`   \u26A0\uFE0F  Medium severity: ${s} URLs`)),n>0&&console.log(k.blue(`   \u2139\uFE0F  Low severity:    ${n} URLs`))}console.log("")}async function ze(e,t){let r=Date.now(),s=[],n=C("Discovering sitemaps...").start(),a=await O(e,t);if(n.succeed(`Found ${a.sitemaps.length} sitemap(s)`),a.accessIssues.length>0){console.warn(`\u26A0\uFE0F  Warning: ${a.accessIssues.length} sitemap(s) are access-blocked`);for(let y of a.accessIssues)s.push(new Error(`Access blocked: ${y.url} (${y.statusCode})`))}if(a.sitemaps.length===0)throw new Error(`No sitemaps found at ${e}. Tried: /sitemap.xml, /sitemap_index.xml, /robots.txt`);let c=C("Parsing sitemaps...").start(),o=await q(a.sitemaps,t);if(c.succeed(`Extracted ${o.allUrls.length.toLocaleString()} URLs`),o.errors.length>0)for(let y of o.errors)typeof y=="string"?s.push(new Error(y)):s.push(y);if(o.allUrls.length===0)throw new Error("No URLs extracted from sitemaps");let i=C("Removing duplicates...").start(),m=j(o.allUrls),l=o.allUrls.length-m.uniqueUrls.length;l>0?i.succeed(`${m.uniqueUrls.length.toLocaleString()} unique URLs (removed ${l.toLocaleString()} duplicates)`):i.succeed(`${m.uniqueUrls.length.toLocaleString()} unique URLs`);let d=C("Analyzing for risks...").start(),p=await Y(m.uniqueUrls,e,t),u=P(p.findings),g=u.groups.reduce((y,R)=>y+R.count,0);g>0?d.warn(`Found ${g} risky URL(s)`):d.succeed("No risks detected");let f=Date.now()-r,w=C("Generating report...").start(),h=X({riskGroups:u.groups,totalUrls:m.uniqueUrls.length,sitemapUrl:e,processingTime:f});return w.succeed("Analysis complete"),{discoveryResult:a,totalUrls:m.uniqueUrls.length,riskGroups:u.groups,summary:h,errors:s,executionTime:f}}function Oe(e){return e.summary.severityBreakdown.high>0?1:0}function Ge(e,t){console.error(`
-\u274C Analysis failed
-`),e instanceof Error?(console.error(`Error: ${e.message}`),t?.verbose&&e.stack&&(console.error(`
-Stack trace:`),console.error(e.stack)),e.message.includes("No sitemaps found")?(console.error(`
-Suggestions:`),console.error("  \u2022 Verify the base URL is correct"),console.error("  \u2022 Check if the site has a sitemap"),console.error("  \u2022 Ensure the sitemap is publicly accessible")):(e.message.includes("Network")||e.message.includes("timeout"))&&(console.error(`
-Suggestions:`),console.error("  \u2022 Check your internet connection"),console.error("  \u2022 Verify the URL is accessible"),console.error("  \u2022 Try increasing the timeout with --timeout option"))):(console.error("Unknown error occurred"),console.error(String(e)))}var A=new qe;A.name("sitemap-qa").version("1.0.0").description("sitemap analysis for QA teams");A.addCommand(oe);process.on("unhandledRejection",(e,t)=>{console.error("Unhandled Rejection at:",t,"reason:",e),process.exit(1)});process.on("SIGINT",()=>{console.log(`
-Gracefully shutting down...`),process.exit(0)});process.on("SIGTERM",()=>{console.log(`
-Gracefully shutting down...`),process.exit(0)});A.parse();
+      </div>`;
+}
+function escapeHtml(text) {
+  return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");
+}
+async function writeHtmlReport(summary, discoveryResult, totalUrls, config, outputPath, errors, options = {}) {
+  const htmlContent = generateHtmlReport(summary, discoveryResult, totalUrls, config, errors, options);
+  await fs.writeFile(outputPath, htmlContent, "utf-8");
+}
+
+// src/commands/analyze.ts
+var analyzeCommand = new Command("analyze").description("Analyze sitemap for QA issues").argument("<url>", "Base URL to analyze").option("--timeout <seconds>", "HTTP timeout in seconds", "30").option("--no-progress", "Disable progress bar").option("--output <format>", "Output format: html or json", "html").option("--output-dir <path>", "Output directory for reports").option("--output-file <path>", "Custom output filename").option("--accepted-patterns <patterns>", "Comma-separated regex patterns to exclude from risk detection").option("--concurrency <number>", "Number of concurrent workers for risk detection").option("--batch-size <number>", "URLs per batch for risk detection", "10000").option("--parsing-concurrency <number>", "Number of concurrent sitemap parsers", "50").option("--discovery-concurrency <number>", "Number of concurrent sitemap index fetches", "50").option("--silent", "Disable all progress output").option("--benchmark", "Save performance profile").option("--no-color", "Disable ANSI color codes in CLI output").option("--verbose", "Enable verbose logging", false).action(async (url, options) => {
+  let config;
+  try {
+    validateAnalyzeOptions(options);
+    const loadedConfig = await loadConfig({
+      ...options,
+      baseUrl: url,
+      outputFormat: options.output,
+      riskDetectionConcurrency: options.concurrency ? parseInt(options.concurrency) : void 0,
+      riskDetectionBatchSize: options.batchSize ? parseInt(options.batchSize) : void 0,
+      parsingConcurrency: options.parsingConcurrency ? parseInt(options.parsingConcurrency) : void 0,
+      discoveryConcurrency: options.discoveryConcurrency ? parseInt(options.discoveryConcurrency) : void 0,
+      silent: options.silent,
+      benchmark: options.benchmark,
+      progressBar: options.progress
+    });
+    config = loadedConfig;
+    console.log(`
+\u{1F50D} Analyzing ${url}...
+`);
+    const result = await runAnalysisPipeline(url, config);
+    await fs2.mkdir(config.outputDir, { recursive: true });
+    if (options.output === "json") {
+      const jsonReport = generateJsonReport(
+        result.summary,
+        result.discoveryResult,
+        { totalCount: result.totalUrls, uniqueUrls: [], errors: [] },
+        result.riskGroups,
+        config,
+        result.executionTime,
+        { pretty: true, indent: 2 }
+      );
+      console.log("\n" + jsonReport);
+      if (options.outputFile) {
+        const jsonFilePath = `${config.outputDir}/${options.outputFile}`;
+        await fs2.writeFile(jsonFilePath, jsonReport, "utf-8");
+        console.log(`
+\u{1F4C4} JSON report saved to: ${chalk.cyan(jsonFilePath)}`);
+      }
+    } else {
+      showCliSummary(result);
+      const htmlFileName = options.outputFile || `sitemap-qa-report-${Date.now()}.html`;
+      const htmlFilePath = `${config.outputDir}/${htmlFileName}`;
+      await writeHtmlReport(
+        result.summary,
+        result.discoveryResult,
+        result.totalUrls,
+        config,
+        htmlFilePath,
+        result.errors,
+        { maxUrlsPerGroup: 10 }
+      );
+      console.log(`
+\u{1F4C4} Full report saved to: ${chalk.cyan(htmlFilePath)}`);
+    }
+    const exitCode = determineExitCode(result);
+    process.exit(exitCode);
+  } catch (error) {
+    handleAnalysisError(error, config);
+    process.exit(2);
+  }
+});
+function validateAnalyzeOptions(options) {
+  const validFormats = ["json", "html"];
+  if (!validFormats.includes(options.output)) {
+    throw new Error(
+      `Invalid output format: ${options.output}. Must be one of: ${validFormats.join(", ")}`
+    );
+  }
+  const timeout = parseInt(options.timeout);
+  if (isNaN(timeout) || timeout <= 0) {
+    throw new Error(`Invalid timeout: ${options.timeout}. Must be a positive number.`);
+  }
+}
+function showCliSummary(result) {
+  const riskyUrlCount = result.summary.categoryInsights.reduce((sum, g) => sum + g.count, 0);
+  console.log(chalk.dim("\u2500".repeat(50)));
+  if (riskyUrlCount === 0) {
+    console.log(chalk.green("\u2705 No issues found - sitemap looks clean!"));
+  } else {
+    const { high, medium, low } = result.summary.severityBreakdown;
+    const severityParts = [];
+    if (high > 0) severityParts.push(chalk.red(`High: ${high}`));
+    if (medium > 0) severityParts.push(chalk.yellow(`Medium: ${medium}`));
+    if (low > 0) severityParts.push(chalk.blue(`Low: ${low}`));
+    const severitySummary = severityParts.length > 0 ? ` (${severityParts.join(", ")})` : "";
+    console.log(chalk.yellow(`\u26A0\uFE0F  ${riskyUrlCount} risky URLs found${severitySummary}`));
+  }
+  console.log("");
+}
+async function runAnalysisPipeline(url, config) {
+  const overallStartTime = Date.now();
+  const phaseTimings = [];
+  const errors = [];
+  const showProgress = !config.silent && config.progressBar !== false && process.stdout.isTTY;
+  let phaseStart = Date.now();
+  const discoverySpinner = showProgress ? ora({ text: "Discovering sitemaps...", color: "cyan" }).start() : null;
+  const discoveryResult = await discoverSitemaps(url, config);
+  if (discoverySpinner) {
+    discoverySpinner.stop();
+  }
+  phaseTimings.push({
+    name: "Discovery",
+    startTime: phaseStart,
+    endTime: Date.now(),
+    duration: Date.now() - phaseStart
+  });
+  if (discoveryResult.accessIssues.length > 0) {
+    if (!config.silent) {
+      console.warn(chalk.yellow(`\u26A0\uFE0F  Warning: ${discoveryResult.accessIssues.length} sitemap(s) are access-blocked`));
+    }
+    for (const issue of discoveryResult.accessIssues) {
+      errors.push(new Error(`Access blocked: ${issue.url} (${issue.statusCode})`));
+    }
+  }
+  if (discoveryResult.sitemaps.length === 0) {
+    throw new Error(`No sitemaps found at ${url}. Tried: /sitemap.xml, /sitemap_index.xml, /robots.txt`);
+  }
+  phaseStart = Date.now();
+  let extractionResult;
+  if (showProgress && discoveryResult.sitemaps.length > 10) {
+    const parseBar = new cliProgress.SingleBar({
+      format: "{bar} {percentage}% | {value}/{total} | ETA: {eta}s | {speed} sitemaps/sec",
+      barCompleteChar: "\u2588",
+      barIncompleteChar: "\u2591",
+      hideCursor: true
+    });
+    parseBar.start(discoveryResult.sitemaps.length, 0, { speed: "0" });
+    extractionResult = await extractAllUrls(
+      discoveryResult.sitemaps,
+      config,
+      (completed, total) => {
+        const elapsed = (Date.now() - phaseStart) / 1e3;
+        const speed = elapsed > 0 ? (completed / elapsed).toFixed(1) : "0";
+        parseBar.update(completed, { speed });
+      }
+    );
+    parseBar.stop();
+  } else {
+    extractionResult = await extractAllUrls(discoveryResult.sitemaps, config);
+  }
+  phaseTimings.push({
+    name: "Parsing",
+    startTime: phaseStart,
+    endTime: Date.now(),
+    duration: Date.now() - phaseStart
+  });
+  if (extractionResult.errors.length > 0) {
+    for (const err of extractionResult.errors) {
+      if (typeof err === "string") {
+        errors.push(new Error(err));
+      } else {
+        errors.push(err);
+      }
+    }
+  }
+  if (extractionResult.allUrls.length === 0) {
+    throw new Error("No URLs extracted from sitemaps");
+  }
+  phaseStart = Date.now();
+  const consolidatedResult = consolidateUrls(extractionResult.allUrls);
+  phaseTimings.push({
+    name: "Deduplication",
+    startTime: phaseStart,
+    endTime: Date.now(),
+    duration: Date.now() - phaseStart
+  });
+  const duplicatesRemoved = extractionResult.allUrls.length - consolidatedResult.uniqueUrls.length;
+  const duplicatePercentage = duplicatesRemoved / extractionResult.allUrls.length * 100;
+  if (!config.silent) {
+    if (duplicatesRemoved > 100 || duplicatePercentage > 1) {
+      console.log(chalk.green(`\u2713 Analyzed ${discoveryResult.sitemaps.length} sitemap(s) \u2192 ${extractionResult.allUrls.length.toLocaleString()} URLs (${consolidatedResult.uniqueUrls.length.toLocaleString()} unique)`));
+    } else {
+      console.log(chalk.green(`\u2713 Analyzed ${discoveryResult.sitemaps.length} sitemap(s) \u2192 ${extractionResult.allUrls.length.toLocaleString()} URLs`));
+    }
+  }
+  phaseStart = Date.now();
+  const riskResult = await detectRisks(consolidatedResult.uniqueUrls, url, config);
+  const riskGroups = groupRiskFindings(riskResult.findings);
+  phaseTimings.push({
+    name: "Risk Detection",
+    startTime: phaseStart,
+    endTime: Date.now(),
+    duration: Date.now() - phaseStart
+  });
+  phaseStart = Date.now();
+  const executionTime = Date.now() - overallStartTime;
+  const summary = summarizeRisks({
+    riskGroups: riskGroups.groups,
+    totalUrls: consolidatedResult.uniqueUrls.length,
+    sitemapUrl: url,
+    processingTime: executionTime
+  });
+  phaseTimings.push({
+    name: "Summarization",
+    startTime: phaseStart,
+    endTime: Date.now(),
+    duration: Date.now() - phaseStart
+  });
+  if (!config.silent && config.verbose) {
+    displayPhaseSummary(phaseTimings, executionTime);
+  } else if (!config.silent) {
+    const parsingPhase = phaseTimings.find((p) => p.name === "Parsing");
+    const sitemapsPerSec = parsingPhase ? (discoveryResult.sitemaps.length / (parsingPhase.duration / 1e3)).toFixed(1) : "0";
+    console.log(chalk.green(`\u2705 Analysis complete (${(executionTime / 1e3).toFixed(1)}s \xB7 ${sitemapsPerSec} sitemaps/sec)
+`));
+  }
+  if (config.benchmark) {
+    await saveBenchmark(phaseTimings, url, executionTime, discoveryResult.sitemaps.length, consolidatedResult.uniqueUrls.length, config);
+  }
+  return {
+    discoveryResult,
+    totalUrls: consolidatedResult.uniqueUrls.length,
+    riskGroups: riskGroups.groups,
+    summary,
+    errors,
+    executionTime,
+    phaseTimings
+  };
+}
+function determineExitCode(result) {
+  const highSeverityCount = result.summary.severityBreakdown.high;
+  if (highSeverityCount > 0) {
+    return 1;
+  }
+  return 0;
+}
+function handleAnalysisError(error, config) {
+  console.error("\n\u274C Analysis failed\n");
+  if (error instanceof Error) {
+    console.error(`Error: ${error.message}`);
+    if (config?.verbose && error.stack) {
+      console.error("\nStack trace:");
+      console.error(error.stack);
+    }
+    if (error.message.includes("No sitemaps found")) {
+      console.error("\nSuggestions:");
+      console.error("  \u2022 Verify the base URL is correct");
+      console.error("  \u2022 Check if the site has a sitemap");
+      console.error("  \u2022 Ensure the sitemap is publicly accessible");
+    } else if (error.message.includes("Network") || error.message.includes("timeout")) {
+      console.error("\nSuggestions:");
+      console.error("  \u2022 Check your internet connection");
+      console.error("  \u2022 Verify the URL is accessible");
+      console.error("  \u2022 Try increasing the timeout with --timeout option");
+    }
+  } else {
+    console.error("Unknown error occurred");
+    console.error(String(error));
+  }
+}
+function displayPhaseSummary(timings, totalTime) {
+  console.log(chalk.green(`
+\u2705 Analysis Complete (Total: ${(totalTime / 1e3).toFixed(1)}s)
+`));
+  console.log(chalk.cyan("Phase Breakdown:"));
+  for (const timing of timings) {
+    const seconds = (timing.duration / 1e3).toFixed(1);
+    const percentage = (timing.duration / totalTime * 100).toFixed(1);
+    const bar = "\u2022";
+    console.log(`  ${bar} ${timing.name.padEnd(15)}: ${seconds.padStart(5)}s (${percentage.padStart(5)}%)`);
+  }
+  console.log("");
+}
+async function saveBenchmark(timings, url, totalTime, sitemapCount, urlCount, config) {
+  const benchmark = {
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    url,
+    total_duration_ms: totalTime,
+    phases: timings.map((t) => ({
+      name: t.name.toLowerCase(),
+      start_ms: t.startTime,
+      end_ms: t.endTime,
+      duration_ms: t.duration
+    })),
+    metrics: {
+      sitemaps_processed: sitemapCount,
+      urls_analyzed: urlCount,
+      throughput: {
+        urls_per_second: Math.round(urlCount / totalTime * 1e3),
+        sitemaps_per_second: (sitemapCount / totalTime * 1e3).toFixed(2)
+      }
+    },
+    system_info: {
+      cpu_count: os2.cpus().length,
+      node_version: process.version,
+      platform: process.platform,
+      memory_total_mb: Math.round(os2.totalmem() / 1024 / 1024)
+    },
+    config: {
+      discovery_concurrency: config.discoveryConcurrency,
+      parsing_concurrency: config.parsingConcurrency,
+      risk_detection_concurrency: config.riskDetectionConcurrency,
+      risk_detection_batch_size: config.riskDetectionBatchSize
+    }
+  };
+  const filename = `performance-profile-${Date.now()}.json`;
+  await fs2.writeFile(filename, JSON.stringify(benchmark, null, 2));
+  console.log(chalk.blue(`\u{1F4CA} Benchmark saved to: ${filename}`));
+}
+
+// src/index.ts
+var program = new Command2();
+program.name("sitemap-qa").version("1.0.0").description("sitemap analysis for QA teams");
+program.addCommand(analyzeCommand);
+process.on("unhandledRejection", (reason, promise) => {
+  console.error("Unhandled Rejection at:", promise, "reason:", reason);
+  process.exit(1);
+});
+process.on("SIGINT", () => {
+  console.log("\nGracefully shutting down...");
+  process.exit(0);
+});
+process.on("SIGTERM", () => {
+  console.log("\nGracefully shutting down...");
+  process.exit(0);
+});
+program.parse();
 //# sourceMappingURL=index.js.map