@merlean/analyzer 2.1.0 → 2.3.0

package/lib/analyzer.js

@@ -1,66 +1,172 @@
 /**
- * Frontend-focused Codebase Scanner
+ * Language & Framework Agnostic Codebase Scanner
  * 
- * Scans FRONTEND code to learn how it communicates with the backend.
- * Extracts: fetch(), axios, $.ajax, API calls, form submissions
+ * Scans ANY codebase (frontend or backend, any language) to extract API patterns:
  * 
- * This is what the bot needs - it runs in the browser and should know
- * what API calls the frontend already makes.
+ * JavaScript/TypeScript:
+ * - Express/Fastify/Koa/Hapi route definitions
+ * - NestJS decorators (@Get, @Post, @Body, @Query, etc.)
+ * - Frontend HTTP calls (fetch, axios, HttpClient, etc.)
+ * 
+ * PHP:
+ * - CodeIgniter routes ($routes->get(), $routes->post())
+ * - Laravel routes (Route::get(), Route::post())
+ * - Symfony annotations (@Route)
+ * 
+ * Python:
+ * - Flask routes (@app.route)
+ * - FastAPI routes (@app.get, @router.post)
+ * - Django URLs (path(), url())
+ * 
+ * Ruby:
+ * - Rails routes (get, post, resources)
+ * - Sinatra routes (get '/path')
+ * 
+ * Go:
+ * - Gin routes (r.GET, r.POST)
+ * - Echo routes (e.GET, e.POST)
+ * - Chi routes (r.Get, r.Post)
+ * 
+ * Java/Kotlin:
+ * - Spring Boot (@GetMapping, @PostMapping, @RequestMapping)
+ * 
+ * Plus: Swagger/OpenAPI annotations, request body schemas, DTOs
+ * 
+ * The goal is to understand what APIs exist, their parameters,
+ * and body structures - regardless of framework, language, or code style.
  */
 
 const fs = require('fs');
 const path = require('path');
 const { glob } = require('glob');
 
-// Frontend file patterns (prioritize frontend code)
-const FRONTEND_PATTERNS = [
+// File patterns to scan - include ALL common backend/frontend languages
+const FILE_PATTERNS = [
+  // JavaScript/TypeScript
   '**/*.js',
   '**/*.jsx',
   '**/*.ts',
   '**/*.tsx',
   '**/*.vue',
   '**/*.svelte',
-  '**/app.js',
-  '**/main.js',
-  '**/index.js',
-  '**/*api*.js',
-  '**/*service*.js',
-  '**/*fetch*.js',
-  '**/*http*.js'
+  '**/*.mjs',
+  '**/*.cjs',
+  // PHP
+  '**/*.php',
+  // Python
+  '**/*.py',
+  // Ruby
+  '**/*.rb',
+  // Go
+  '**/*.go',
+  // Java/Kotlin
+  '**/*.java',
+  '**/*.kt',
+  // C#
+  '**/*.cs',
+  // Rust
+  '**/*.rs'
 ];
 
-// Directories to ignore
+// Only ignore truly irrelevant directories
 const IGNORE_PATTERNS = [
   '**/node_modules/**',
   '**/vendor/**',
   '**/.git/**',
   '**/dist/**',
   '**/build/**',
+  '**/coverage/**',
   '**/__pycache__/**',
   '**/venv/**',
   '**/*.min.js',
   '**/*.map',
-  '**/server.js',      // Skip backend files
-  '**/server/**',
-  '**/backend/**',
-  '**/api/**',         // Skip backend API folders
-  '**/controllers/**'
+  '**/*.d.ts',           // TypeScript declaration files
+  '**/*.spec.ts',        // Test files
+  '**/*.spec.js',
+  '**/*.test.ts',
+  '**/*.test.js',
+  '**/__tests__/**',
+  '**/__mocks__/**'
 ];
 
-// Keywords to prioritize files
-const PRIORITY_KEYWORDS = [
-  'fetch', 'axios', 'api', 'service', 'http', 'request',
-  'ajax', 'client', 'frontend', 'app', 'main', 'store'
+// Files that are highly likely to contain API definitions (any language)
+const HIGH_PRIORITY_PATTERNS = [
+  // Generic route/controller patterns (any extension)
+  /routes?\.(ts|js|php|py|rb|go|java|kt|cs)$/i,
+  /router\.(ts|js|php|py|rb|go|java|kt|cs)$/i,
+  /controller\.(ts|js|php|py|rb|go|java|kt|cs)$/i,
+  /\.controller\.(ts|js|php|py|rb|go|java|kt|cs)$/i,
+  /Controller\.(php|java|kt|cs)$/,  // PascalCase controllers (PHP, Java, C#)
+  /service\.(ts|js|php|py|rb|go|java|kt|cs)$/i,
+  /\.service\.(ts|js|php|py|rb|go|java|kt|cs)$/i,
+  /api\.(ts|js|php|py|rb|go|java|kt|cs)$/i,
+  /endpoints?\.(ts|js|php|py|rb|go|java|kt|cs)$/i,
+  /http\.(ts|js|php|py|rb|go)$/i,
+  /client\.(ts|js|php|py|rb|go)$/i,
+  
+  // TypeScript/JavaScript specific
+  /dto\.ts$/i,
+  /\.dto\.ts$/i,
+  /interfaces?\.ts$/i,
+  /types?\.ts$/i,
+  /schema\.ts$/i,
+  /schemas?\.ts$/i,
+  /validation\.ts$/i,
+  
+  // PHP specific (CodeIgniter, Laravel, Symfony)
+  /Routes\.php$/i,
+  /web\.php$/i,        // Laravel web routes
+  /api\.php$/i,        // Laravel API routes
+  /Config\/Routes\.php$/i,  // CodeIgniter routes
+  // CodeIgniter convention: application/controllers/**/*.php are ALL route controllers
+  /application\/controllers\/.*\.php$/i,
+  /app\/Controllers\/.*\.php$/i,  // CodeIgniter 4
+  /app\/Http\/Controllers\/.*\.php$/i,  // Laravel controllers
+  // Libraries and models that define data structures
+  /application\/libraries\/.*\.php$/i,
+  /application\/models\/.*\.php$/i,
+  /app\/Models\/.*\.php$/i,
+  /app\/Services\/.*\.php$/i,
+  
+  // Python specific (Flask, FastAPI, Django)
+  /views?\.py$/i,
+  /urls\.py$/i,        // Django URLs
+  /routers?\.py$/i,    // FastAPI routers
+  
+  // Ruby specific (Rails)
+  /routes\.rb$/i,
+  /_controller\.rb$/i,
+  
+  // Go specific
+  /handlers?\.go$/i,
+  /routes?\.go$/i,
+  
+  // Java/Kotlin specific (Spring Boot)
+  /Controller\.java$/,
+  /Controller\.kt$/,
+  /RestController\.java$/,
+  /RestController\.kt$/
+];
+
+// Medium priority - might contain API patterns
+const MEDIUM_PRIORITY_PATTERNS = [
+  /index\.(ts|js|php|py|rb|go)$/i,
+  /app\.(ts|js|php|py|rb|go)$/i,
+  /main\.(ts|js|php|py|rb|go|java|kt)$/i,
+  /server\.(ts|js|php|py|rb|go)$/i,
+  /Application\.(java|kt)$/,  // Spring Boot main class
+  /bootstrap\.php$/i,         // PHP bootstrap files
+  /kernel\.php$/i,            // Laravel/Symfony kernel
 ];
 
 /**
- * Scan codebase and collect frontend API patterns
+ * Scan codebase and collect API patterns from any framework
  */
 async function scanCodebase(codebasePath) {
-  console.log('   Scanning frontend files...');
+  console.log('   Scanning files...');
 
-  // Get files to scan
-  const files = await glob(FRONTEND_PATTERNS, {
+  // Get all matching files
+  const files = await glob(FILE_PATTERNS, {
     cwd: codebasePath,
     ignore: IGNORE_PATTERNS,
     absolute: true
@@ -68,23 +174,57 @@ async function scanCodebase(codebasePath) {
 
   console.log(`   Found ${files.length} files`);
 
-  // Prioritize frontend-focused files
-  const prioritizedFiles = prioritizeFiles(files, codebasePath);
-  const filesToAnalyze = prioritizedFiles.slice(0, 30); // Fewer files, but more content
+  // Categorize and prioritize files
+  const { highPriority, mediumPriority, other } = categorizeFiles(files, codebasePath);
+  
+  console.log(`   High priority: ${highPriority.length}, Medium: ${mediumPriority.length}, Other: ${other.length}`);
+
+  // Analyze high priority files first (routes, controllers, services, DTOs)
+  // Then medium priority, then scan others for API patterns
+  // Increased limits to ensure all controllers are scanned
+  const filesToAnalyze = [
+    ...highPriority,  // ALL high priority files (controllers, routes, etc.)
+    ...mediumPriority.slice(0, 30),
+    ...other.slice(0, 75)
+  ];
 
-  console.log(`   Analyzing ${filesToAnalyze.length} frontend files...`);
+  console.log(`   Analyzing ${filesToAnalyze.length} files for API patterns...`);
 
-  // Read and extract API patterns from files
+  // PHASE 1: Pre-scan all files to discover JSON structures
+  // This ensures structures found in one file can be used for others
+  console.log(`   Phase 1: Discovering JSON structures...`);
+  for (const file of filesToAnalyze) {
+    try {
+      const content = fs.readFileSync(file, 'utf-8');
+      // Look for structure-defining patterns (json_decode + array access)
+      preDiscoverStructures(content);
+    } catch (error) {
+      // Skip files that can't be read
+    }
+  }
+  console.log(`   Discovered ${discoveredStructures.size} reusable structures`);
+
+  // PHASE 2: Extract routes and apply discovered structures
   const fileContents = [];
+  const preExtractedRoutes = [];  // Routes extracted directly from conventions
+  let filesWithPatterns = 0;
+
   for (const file of filesToAnalyze) {
     try {
       const content = fs.readFileSync(file, 'utf-8');
       const relativePath = path.relative(codebasePath, file);
       
-      // Extract API calls from the file
-      const extracted = extractApiPatterns(content, relativePath);
+      // Pre-extract routes from convention-based frameworks (CodeIgniter, etc.)
+      const conventionRoutes = extractConventionRoutes(content, relativePath);
+      if (conventionRoutes.length > 0) {
+        preExtractedRoutes.push(...conventionRoutes);
+      }
+      
+      // Extract API patterns from the file
+      const extracted = extractApiPatterns(content, relativePath, file);
       
-      if (extracted.hasApiCalls) {
+      if (extracted.hasApiPatterns) {
+        filesWithPatterns++;
         fileContents.push({
           path: relativePath,
           content: extracted.content
@@ -95,142 +235,1110 @@ async function scanCodebase(codebasePath) {
     }
   }
 
-  console.log(`   Found API patterns in ${fileContents.length} files`);
+  console.log(`   Found API patterns in ${filesWithPatterns} files`);
+  if (preExtractedRoutes.length > 0) {
+    console.log(`   Pre-extracted ${preExtractedRoutes.length} convention-based routes`);
+  }
 
-  return fileContents;
+  return { files: fileContents, preExtractedRoutes };
 }
 
 /**
- * Extract API call patterns from file content
+ * Extract routes from convention-based frameworks
+ * Returns array of {method, path, description, bodySchema?} objects
  */
-function extractApiPatterns(content, filePath) {
-  const apiPatterns = [];
+function extractConventionRoutes(content, filePath) {
+  const routes = [];
+  
+  // CodeIgniter: application/controllers/api/v2/Settings.php -> /api/v2/settings
+  const basePath = extractRouteFromControllerPath(filePath);
+  if (!basePath) return routes;
+  
+  // Split content into lines for method body extraction
   const lines = content.split('\n');
   
-  // Patterns that indicate API calls
-  const patterns = [
-    // fetch() calls
-    { regex: /fetch\s*\(\s*[`'"](.*?)[`'"]/g, type: 'fetch' },
-    { regex: /fetch\s*\(\s*`([^`]*)`/g, type: 'fetch-template' },
-    { regex: /fetch\s*\(\s*(['"])?\/api\//g, type: 'fetch-api' },
+  // Extract CodeIgniter REST controller methods: index_get, index_post, items_get, etc.
+  const methodRegex = /public\s+function\s+(\w+)_(get|post|put|patch|delete)\s*\(([^)]*)\)/gi;
+  let match;
+  
+  while ((match = methodRegex.exec(content)) !== null) {
+    const action = match[1];  // e.g., 'index', 'items', 'user'
+    const httpMethod = match[2].toUpperCase();  // e.g., 'GET', 'POST'
+    const params = match[3];  // e.g., '$id = null'
+    const matchIndex = match.index;
     
-    // axios calls
-    { regex: /axios\.(get|post|put|patch|delete)\s*\(\s*[`'"](.*?)[`'"]/g, type: 'axios' },
-    { regex: /axios\s*\(\s*\{[^}]*url\s*:\s*[`'"](.*?)[`'"]/g, type: 'axios-config' },
+    // Build the route path
+    let path = basePath;
+    if (action !== 'index') {
+      path += '/' + action.toLowerCase().replace(/_/g, '/');
+    }
     
-    // jQuery ajax
-    { regex: /\$\.(ajax|get|post)\s*\(\s*[`'"](.*?)[`'"]/g, type: 'jquery' },
+    // Add path parameters from function arguments
+    if (params) {
+      const paramMatches = params.match(/\$(\w+)(?:\s*=\s*[^,)]+)?/g);
+      if (paramMatches) {
+        paramMatches.forEach(p => {
+          const paramName = p.match(/\$(\w+)/)[1];
+          // Only add as path param if it's not optional (no default value) or looks like an ID
+          if (!p.includes('=') || paramName.toLowerCase().includes('id')) {
+            path += '/:' + paramName;
+          }
+        });
+      }
+    }
+    
+    // Extract method body to analyze for body schema (for POST/PUT/PATCH)
+    let bodySchema = null;
+    if (['POST', 'PUT', 'PATCH'].includes(httpMethod)) {
+      bodySchema = extractBodySchemaFromMethod(content, matchIndex);
+    }
+    
+    const route = {
+      method: httpMethod,
+      path,
+      description: `${action}_${match[2]}() method in ${filePath.split('/').pop()}`
+    };
+    
+    if (bodySchema && Object.keys(bodySchema).length > 0) {
+      route.bodySchema = bodySchema;
+    }
+    
+    routes.push(route);
+  }
+  
+  return routes;
+}
+
+// Global cache for discovered complex structures (shared across file analysis)
+const discoveredStructures = new Map();
+
+/**
+ * Pre-scan a file to discover JSON structure patterns
+ * Looks for json_decode followed by array access patterns
+ */
+function preDiscoverStructures(content) {
+  // Find patterns like: $actions = json_decode($actions, true);
+  const jsonDecodeRegex = /\$(\w+)\s*=\s*json_decode\s*\(\s*\$\1/gi;
+  let match;
+  
+  while ((match = jsonDecodeRegex.exec(content)) !== null) {
+    const varName = match[1];
     
-    // Generic API URLs
-    { regex: /['"`](\/api\/[^'"`\s]+)['"`]/g, type: 'api-url' },
-    { regex: /['"`](https?:\/\/[^'"`\s]*\/api[^'"`\s]*)['"`]/g, type: 'full-url' },
+    // Extract the structure used for this variable
+    const structure = extractNestedStructure(content, varName);
     
-    // Method + URL patterns
-    { regex: /(GET|POST|PUT|PATCH|DELETE)\s*[,:]?\s*['"`](\/[^'"`]+)['"`]/gi, type: 'method-url' },
+    // If we found a meaningful structure with examples, cache it
+    if (structure._example && Object.keys(structure._example).length > 0) {
+      // Determine field name from common patterns
+      // e.g., $actions = $this->post('actions'); $actions = json_decode($actions);
+      const fieldRegex = new RegExp(
+        `\\$${varName}\\s*=\\s*\\$this\\s*->\\s*(?:post|put|patch|get)\\s*\\(\\s*['"]([\\w]+)['"]`,
+        'i'
+      );
+      const fieldMatch = content.match(fieldRegex);
+      if (fieldMatch) {
+        const fieldName = fieldMatch[1];
+        discoveredStructures.set(fieldName, structure);
+      } else {
+        // Use variable name as field name
+        discoveredStructures.set(varName, structure);
+      }
+    }
+  }
+  
+  // Also look for library/model calls that reveal structure
+  // e.g., ->edit($update["settings"]), ->edit($update["integrations"])
+  const modelEditRegex = /(\w+_model|lib_\w+)\s*->\s*edit\s*\(\s*\$(\w+)\s*\[\s*["'](\w+)["']\s*\]/gi;
+  const discoveredSections = new Set();
+  
+  while ((match = modelEditRegex.exec(content)) !== null) {
+    const section = match[3];  // e.g., 'settings', 'integrations', 'assignments'
+    discoveredSections.add(section);
+  }
+  
+  // Store discovered sections globally so they can be applied later
+  if (discoveredSections.size > 0) {
+    const existingSections = discoveredStructures.get('_sections') || new Set();
+    for (const section of discoveredSections) {
+      existingSections.add(section);
+    }
+    discoveredStructures.set('_sections', existingSections);
+  }
+  
+  // Also look for common field names with library calls
+  // e.g., $this->lib_settings->edit($actions) suggests 'actions' has a structure
+  const libCallRegex = /lib_settings\s*->\s*edit\s*\(\s*\$(\w+)/gi;
+  while ((match = libCallRegex.exec(content)) !== null) {
+    const varName = match[1];
+    // If we already discovered structure for 'actions', this confirms it
+    if (!discoveredStructures.has(varName)) {
+      // Mark it as a known complex field even if we don't have the structure
+      const existing = discoveredStructures.get('actions');
+      if (existing) {
+        discoveredStructures.set(varName, existing);
+      }
+    }
+  }
+}
+
+/**
+ * Extract body schema from a CodeIgniter controller method
+ * Looks for $this->post('field'), $this->input->post('field'), $this->put('field'), etc.
+ * Also analyzes nested array access patterns after json_decode
+ */
+function extractBodySchemaFromMethod(content, methodStartIndex, fullFileContent = null) {
+  const bodyFields = {};
+  
+  // Find the method body (from method start to next public function or end of class)
+  const methodContent = content.slice(methodStartIndex, methodStartIndex + 8000); // Increased limit
+  const endMatch = methodContent.match(/\n\s*(?:public|private|protected)\s+function\s+/);
+  const methodBody = endMatch ? methodContent.slice(0, endMatch.index) : methodContent;
+  
+  // Use full file content for structure analysis if available
+  const analysisContent = fullFileContent || content;
+  
+  // CodeIgniter REST: $this->post('field'), $this->put('field'), $this->patch('field')
+  const postRegex = /\$(\w+)\s*=\s*\$this\s*->\s*(post|put|patch|get)\s*\(\s*['"](\w+)['"]/gi;
+  let match;
+  while ((match = postRegex.exec(methodBody)) !== null) {
+    const varName = match[1];
+    const fieldName = match[3];
+    
+    // Check if this is a complex field that likely contains JSON structure
+    const isComplexField = isLikelyJsonField(fieldName);
+    
+    // Check if this var is later json_decoded OR is a known complex field
+    const jsonDecodeCheck = new RegExp(`\\$${varName}\\s*=\\s*json_decode\\s*\\(\\s*\\$${varName}`, 'i');
+    const hasJsonDecode = jsonDecodeCheck.test(methodBody);
+    
+    if (hasJsonDecode || isComplexField) {
+      // Analyze nested structure for this variable
+      let nestedSchema = extractNestedStructure(analysisContent, varName);
+      
+      // If we found structure, cache it for reuse
+      if (Object.keys(nestedSchema).length > 0 && !nestedSchema._example) {
+        // Has keys but no example - partial structure
+      } else if (Object.keys(nestedSchema).length > 0) {
+        discoveredStructures.set(fieldName, nestedSchema);
+      }
+      
+      // If we didn't find structure locally, check cache
+      if (Object.keys(nestedSchema).length === 0 || !nestedSchema._example) {
+        const cachedStructure = discoveredStructures.get(fieldName);
+        if (cachedStructure) {
+          nestedSchema = cachedStructure;
+        }
+      }
+      
+      if (Object.keys(nestedSchema).length > 0) {
+        bodyFields[fieldName] = nestedSchema;
+      } else {
+        bodyFields[fieldName] = 'object (JSON structure)';
+      }
+    } else {
+      bodyFields[fieldName] = inferFieldType(fieldName, methodBody);
+    }
+  }
+  
+  // Simple post without assignment
+  const simplePostRegex = /\$this\s*->\s*(post|put|patch|get)\s*\(\s*['"](\w+)['"]/gi;
+  while ((match = simplePostRegex.exec(methodBody)) !== null) {
+    const fieldName = match[2];
+    if (!bodyFields[fieldName]) {
+      // Check if this is a known complex field
+      if (isLikelyJsonField(fieldName)) {
+        const cachedStructure = discoveredStructures.get(fieldName);
+        if (cachedStructure) {
+          bodyFields[fieldName] = cachedStructure;
+        } else {
+          bodyFields[fieldName] = 'object (JSON structure)';
+        }
+      } else {
+        bodyFields[fieldName] = inferFieldType(fieldName, methodBody);
+      }
+    }
+  }
+  
+  // CodeIgniter 3: $this->input->post('field')
+  const inputPostRegex = /\$this\s*->\s*input\s*->\s*(post|get|put)\s*\(\s*['"](\w+)['"]/gi;
+  while ((match = inputPostRegex.exec(methodBody)) !== null) {
+    const fieldName = match[2];
+    if (!bodyFields[fieldName]) {
+      if (isLikelyJsonField(fieldName)) {
+        const cachedStructure = discoveredStructures.get(fieldName);
+        bodyFields[fieldName] = cachedStructure || 'object (JSON structure)';
+      } else {
+        bodyFields[fieldName] = inferFieldType(fieldName, methodBody);
+      }
+    }
+  }
+  
+  // PHP $_POST['field'], $_GET['field'], $_REQUEST['field']
+  const globalPostRegex = /\$_(POST|GET|REQUEST|PUT)\s*\[\s*['"](\w+)['"]\s*\]/gi;
+  while ((match = globalPostRegex.exec(methodBody)) !== null) {
+    const fieldName = match[2];
+    if (!bodyFields[fieldName]) {
+      bodyFields[fieldName] = inferFieldType(fieldName, methodBody);
+    }
+  }
+  
+  // Laravel/PHP: $request->input('field'), $request->get('field')
+  const requestRegex = /\$request\s*->\s*(input|get|post|all)\s*\(\s*['"](\w+)['"]/gi;
+  while ((match = requestRegex.exec(methodBody)) !== null) {
+    const fieldName = match[2];
+    if (!bodyFields[fieldName]) {
+      if (isLikelyJsonField(fieldName)) {
+        const cachedStructure = discoveredStructures.get(fieldName);
+        bodyFields[fieldName] = cachedStructure || 'object (JSON structure)';
+      } else {
+        bodyFields[fieldName] = inferFieldType(fieldName, methodBody);
+      }
+    }
+  }
+  
+  return bodyFields;
+}
+
+/**
+ * Check if a field name likely contains JSON/object data
+ */
+function isLikelyJsonField(fieldName) {
+  const jsonFieldNames = [
+    'actions', 'data', 'body', 'payload', 'params', 'options', 'settings',
+    'config', 'meta', 'metadata', 'attributes', 'properties', 'fields',
+    'items', 'records', 'entries', 'values', 'content', 'json'
   ];
+  return jsonFieldNames.includes(fieldName.toLowerCase());
+}
 
-  let hasApiCalls = false;
-  const extractedBlocks = [];
+/**
+ * Extract nested structure from array access patterns
+ * e.g., $actions['settings']['updates'] -> { settings: { updates: [] } }
+ */
+function extractNestedStructure(methodBody, varName) {
+  const structure = {};
+  const itemFields = new Set();
   
-  // FIRST: Extract API base URL definitions (critical for resolving paths)
-  const baseUrlDefinitions = [];
-  for (let i = 0; i < lines.length; i++) {
-    const line = lines[i];
-    // Match: const API_BASE = ..., const baseURL = ..., const apiUrl = ..., etc.
-    if (/^\s*(const|let|var)\s+(API_BASE|API_URL|BASE_URL|baseURL|apiUrl|apiBase|API_ENDPOINT)/i.test(line)) {
-      baseUrlDefinitions.push(`${i + 1}: ${line}`);
+  // Match direct access patterns like $varName['key1']['key2']
+  const arrayAccessRegex = new RegExp(
+    `\\$${varName}\\s*\\[\\s*['"]([\\w]+)['"]\\s*\\]\\s*\\[\\s*['"]([\\w]+)['"]\\s*\\]`,
+    'gi'
+  );
+  
+  let match;
+  while ((match = arrayAccessRegex.exec(methodBody)) !== null) {
+    const key1 = match[1];
+    const key2 = match[2];
+    
+    if (!structure[key1]) structure[key1] = {};
+    structure[key1][key2] = [];  // Arrays like updates, inserts, deletes
+  }
+  
+  // Look for foreach patterns to find nested iterators
+  // Pattern: foreach ($varName as $key => &$iterVar) { ... foreach ($iterVar['subkey'] as &$item) }
+  const foreachRegex = new RegExp(
+    `foreach\\s*\\(\\s*\\$${varName}\\s+as\\s+(?:\\$\\w+\\s*=>\\s*)?[&]?\\$(\\w+)\\s*\\)`,
+    'gi'
+  );
+  
+  while ((match = foreachRegex.exec(methodBody)) !== null) {
+    const iterVar = match[1];
+    
+    // Find nested foreach on iterator's array property
+    // e.g., foreach ($settings['updates'] as &$setting)
+    const nestedForeachRegex = new RegExp(
+      `foreach\\s*\\(\\s*\\$${iterVar}\\s*\\[\\s*['"]([\\w]+)['"]\\s*\\]\\s+as\\s+(?:\\$\\w+\\s*=>\\s*)?[&]?\\$(\\w+)\\s*\\)`,
+      'gi'
+    );
+    
+    let nestedMatch;
+    while ((nestedMatch = nestedForeachRegex.exec(methodBody)) !== null) {
+      const arrayKey = nestedMatch[1]; // e.g., 'updates'
+      const itemVar = nestedMatch[2];  // e.g., 'setting'
+      
+      // Find all field accesses on the item variable
+      const itemAccessRegex = new RegExp(`\\$${itemVar}\\s*\\[\\s*['"]([\\w]+)['"]\\s*\\]`, 'gi');
+      let itemMatch;
+      while ((itemMatch = itemAccessRegex.exec(methodBody)) !== null) {
+        itemFields.add(itemMatch[1]);
+      }
+    }
+  }
+  
+  // Also look for direct item field accesses (common variable names)
+  const commonItemVars = ['setting', 'item', 'update', 'insert', 'delete', 'row', 'entry', 'data', 'integration', 'assignment'];
+  for (const itemVar of commonItemVars) {
+    const itemAccessRegex = new RegExp(`\\$${itemVar}\\s*\\[\\s*['"]([\\w]+)['"]\\s*\\]`, 'gi');
+    let itemMatch;
+    while ((itemMatch = itemAccessRegex.exec(methodBody)) !== null) {
+      itemFields.add(itemMatch[1]);
+    }
+  }
+  
+  // Look for common section names that might be used alongside 'settings'
+  // Pattern: $actions['sectionName'] or $actions["sectionName"]
+  const sectionRegex = new RegExp(`\\$${varName}\\s*\\[\\s*['"]([\\w]+)['"]\\s*\\]`, 'gi');
+  const sections = new Set();
+  let sectionMatch;
+  while ((sectionMatch = sectionRegex.exec(methodBody)) !== null) {
+    sections.add(sectionMatch[1]);
+  }
+  
+  // Common section names in settings/actions payloads
+  const commonSections = ['settings', 'assignments', 'integrations', 'notifications', 'permissions'];
+  for (const section of commonSections) {
+    // Check if this section is referenced anywhere in the codebase
+    if (methodBody.includes(`['${section}']`) || methodBody.includes(`["${section}"]`)) {
+      sections.add(section);
+    }
+  }
+  
+  // Add sections discovered during pre-scan phase
+  const globalSections = discoveredStructures.get('_sections');
+  if (globalSections) {
+    for (const section of globalSections) {
+      // Filter out false positives (id, id_user, etc. are not sections)
+      if (!section.startsWith('id') && section.length > 2) {
+        sections.add(section);
+      }
+    }
+  }
+  
+  // Build item schema from collected fields
+  const itemSchema = {};
+  for (const field of itemFields) {
+    itemSchema[field] = inferFieldType(field, methodBody);
+  }
+  
+  // Ensure common fields are included
+  const commonFields = ['key', 'value', 'id_facility', 'type', 'category', 'id_file', 'integrator'];
+  for (const field of commonFields) {
+    if (!itemSchema[field]) {
+      // Check if field is referenced in content
+      if (methodBody.includes(`['${field}']`) || methodBody.includes(`["${field}"]`)) {
+        itemSchema[field] = inferFieldType(field, methodBody);
+      }
+    }
+  }
+  
+  // Build structure for all discovered sections
+  if (sections.size > 0 && Object.keys(itemSchema).length > 0) {
+    for (const section of sections) {
+      if (!structure[section]) {
+        structure[section] = {};
+      }
+      // Add updates/inserts/deletes for each section
+      for (const action of ['updates', 'inserts', 'deletes']) {
+        structure[section][action] = `array of { ${Object.entries(itemSchema).map(([k, v]) => `${k}: ${v}`).join(', ')} }`;
+      }
     }
-    // Also match: axios.defaults.baseURL = ...
-    if (/baseURL\s*[:=]/i.test(line)) {
-      baseUrlDefinitions.push(`${i + 1}: ${line}`);
+  } else if (Object.keys(itemSchema).length > 0) {
+    // Apply item schema to existing structure
+    for (const [key, value] of Object.entries(structure)) {
+      if (typeof value === 'object' && !key.startsWith('_')) {
+        for (const [subKey, subValue] of Object.entries(value)) {
+          if (Array.isArray(subValue) || ['updates', 'inserts', 'deletes', 'items'].includes(subKey)) {
+            structure[key][subKey] = `array of { ${Object.entries(itemSchema).map(([k, v]) => `${k}: ${v}`).join(', ')} }`;
+          }
+        }
+      }
     }
   }
   
-  if (baseUrlDefinitions.length > 0) {
-    extractedBlocks.push('// API BASE URL DEFINITIONS (use these to resolve full paths):\n' + baseUrlDefinitions.join('\n'));
-    hasApiCalls = true;
+  // Generate a complete example
+  if (Object.keys(structure).length > 0 && Object.keys(itemSchema).length > 0) {
+    const exampleItem = {};
+    for (const [field, type] of Object.entries(itemSchema)) {
+      exampleItem[field] = getExampleValue(field, type);
+    }
+    
+    // Example for integration item (with integrator field)
+    const integrationExampleItem = { ...exampleItem, integrator: 'mews' };
+    
+    structure._example = {};
+    for (const [key, value] of Object.entries(structure)) {
+      if (key.startsWith('_')) continue;
+      structure._example[key] = {};
+      for (const [subKey] of Object.entries(value)) {
+        if (['updates', 'inserts', 'deletes'].includes(subKey)) {
+          if (key === 'integrations') {
+            structure._example[key][subKey] = subKey === 'updates' ? [integrationExampleItem] : [];
+          } else {
+            structure._example[key][subKey] = subKey === 'updates' ? [exampleItem] : [];
+          }
+        }
+      }
+    }
   }
+  
+  return structure;
+}
 
-  // Line-by-line extraction with context
+/**
+ * Generate an example JSON body based on extracted structure
+ */
+function generateExample(structure, itemFields) {
+  const example = {};
+  
+  for (const [key, value] of Object.entries(structure)) {
+    if (key.startsWith('_')) continue;
+    
+    if (typeof value === 'object' && value !== null) {
+      // Nested object
+      if (value._arrayOf) {
+        // Array of items
+        const itemExample = {};
+        for (const [itemKey, itemType] of Object.entries(value._arrayOf)) {
+          itemExample[itemKey] = getExampleValue(itemKey, itemType);
+        }
+        example[key] = [itemExample];
+      } else {
+        example[key] = generateExample(value, itemFields);
+      }
+    } else {
+      example[key] = getExampleValue(key, value);
+    }
+  }
+  
+  return example;
+}
+
+/**
+ * Get example value for a field based on its name and type
+ */
+function getExampleValue(fieldName, fieldType) {
+  const nameLower = fieldName.toLowerCase();
+  
+  if (nameLower === 'key') return 'hotel_title';
+  if (nameLower === 'value') return 'My Hotel Name';
+  if (nameLower === 'id_facility' || nameLower === 'id_file') return '-1';
+  if (nameLower === 'type') return 'text';
+  if (nameLower === 'category') return 'main';
+  if (nameLower === 'id') return 1;
+  if (nameLower.includes('email')) return 'user@example.com';
+  if (fieldType === 'integer' || fieldType === 'number') return 1;
+  if (fieldType === 'boolean') return true;
+  if (fieldType === 'array') return [];
+  
+  return 'string_value';
+}
+
+/**
+ * Infer field type from field name and context
+ */
+function inferFieldType(fieldName, context) {
+  const nameLower = fieldName.toLowerCase();
+  
+  // ID fields
+  if (nameLower.startsWith('id_') || nameLower.endsWith('_id') || nameLower === 'id') {
+    return 'integer';
+  }
+  
+  // Boolean-ish fields
+  if (nameLower.startsWith('is_') || nameLower.startsWith('has_') || 
+      nameLower.includes('enabled') || nameLower.includes('active') ||
+      nameLower.includes('flag') || nameLower === 'status') {
+    return 'boolean';
+  }
+  
+  // Date/time fields
+  if (nameLower.includes('date') || nameLower.includes('time') || 
+      nameLower.includes('_at') || nameLower === 'created' || nameLower === 'updated') {
+    return 'datetime';
+  }
+  
+  // Numeric fields
+  if (nameLower.includes('count') || nameLower.includes('amount') ||
+      nameLower.includes('price') || nameLower.includes('quantity') ||
+      nameLower.includes('total') || nameLower.includes('number')) {
+    return 'number';
+  }
+  
+  // Email
+  if (nameLower.includes('email')) {
+    return 'email';
+  }
+  
+  // Array/JSON fields
+  if (nameLower.includes('items') || nameLower.includes('list') || 
+      nameLower.includes('array') || nameLower === 'data' || nameLower === 'actions') {
+    return 'array|object';
+  }
+  
+  // Default to string
+  return 'string';
+}
+
+/**
+ * Categorize files by priority
+ */
+function categorizeFiles(files, basePath) {
+  const highPriority = [];
+  const mediumPriority = [];
+  const other = [];
+
+  for (const file of files) {
+    const relativePath = path.relative(basePath, file);
+    
+    if (HIGH_PRIORITY_PATTERNS.some(p => p.test(relativePath))) {
+      highPriority.push(file);
+    } else if (MEDIUM_PRIORITY_PATTERNS.some(p => p.test(relativePath))) {
+      mediumPriority.push(file);
+    } else {
+      other.push(file);
+    }
+  }
+
+  return { highPriority, mediumPriority, other };
+}
+
+/**
+ * Extract Swagger/OpenAPI documentation blocks
+ */
+function extractSwaggerBlocks(content) {
+  const swaggerBlocks = [];
+  
+  // Match JSDoc blocks with @swagger
+  const swaggerRegex = /\/\*\*[\s\S]*?@swagger[\s\S]*?\*\//g;
+  let match;
+  
+  while ((match = swaggerRegex.exec(content)) !== null) {
+    swaggerBlocks.push(match[0]);
+  }
+  
+  return swaggerBlocks;
+}
+
+/**
+ * Extract TypeScript interfaces and types that look like DTOs/schemas
+ */
+function extractTypeDefinitions(content, filePath) {
+  const typeBlocks = [];
+  const lines = content.split('\n');
+  
+  // Look for interfaces and types that might be request/response schemas
+  const typeKeywords = [
+    /interface\s+\w*(Request|Response|Dto|Body|Query|Params|Payload|Input|Output)\w*\s*\{/i,
+    /type\s+\w*(Request|Response|Dto|Body|Query|Params|Payload|Input|Output)\w*\s*=/i,
+    /interface\s+\w+\s*\{/,  // Any interface in DTO/schema files
+    /type\s+\w+\s*=/         // Any type in DTO/schema files
+  ];
+  
+  // Only extract type definitions from files that look like DTOs/types
+  const isDtoFile = /dto|interface|type|schema|model/i.test(filePath);
+  
   for (let i = 0; i < lines.length; i++) {
     const line = lines[i];
     
-    // Check for API patterns
-    const hasPattern = patterns.some(p => p.regex.test(line));
-    // Reset regex lastIndex
-    patterns.forEach(p => p.regex.lastIndex = 0);
-    
-    // Also check for common API keywords
-    const hasKeyword = /fetch|axios|\.ajax|\.get\(|\.post\(|\.put\(|\.delete\(|\/api\/|endpoint/i.test(line);
+    const isTypeDefinition = typeKeywords.some(regex => regex.test(line));
     
-    // Check if this is a POST/PUT request - need more context for body structure
-    const isPostRequest = /method:\s*['"]POST|\.post\(|method:\s*['"]PUT|\.put\(/i.test(line);
+    if (isTypeDefinition || (isDtoFile && /^(export\s+)?(interface|type)\s+/.test(line))) {
+      // Find the complete type block (until closing brace at same indent level)
+      let braceCount = 0;
+      let started = false;
+      let endLine = i;
+      
+      for (let j = i; j < lines.length && j < i + 50; j++) {
+        const l = lines[j];
+        for (const char of l) {
+          if (char === '{') {
+            braceCount++;
+            started = true;
+          } else if (char === '}') {
+            braceCount--;
+          }
+        }
+        endLine = j;
+        if (started && braceCount === 0) break;
+      }
+      
+      const block = lines.slice(i, endLine + 1)
+        .map((l, idx) => `${i + idx + 1}: ${l}`)
+        .join('\n');
+      
+      typeBlocks.push(block);
+      i = endLine; // Skip processed lines
+    }
+  }
+  
+  return typeBlocks;
+}
+
+/**
+ * Extract request body and query parameter patterns
+ */
+function extractRequestPatterns(content) {
+  const patterns = [];
+  const lines = content.split('\n');
+  
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
     
-    if (hasPattern || hasKeyword) {
-      hasApiCalls = true;
+    // Destructuring patterns for req.body, req.query, req.params
+    if (/(?:const|let|var)\s*\{[^}]+\}\s*=\s*req\.(body|query|params)/i.test(line) ||
+        /req\.(body|query|params)\s*[;.]/.test(line)) {
       
-      // Get MORE context for POST/PUT requests to capture body structure definitions
-      // Body objects are often defined 15-25 lines before the fetch call
-      const contextBefore = isPostRequest ? 25 : 3;  // More context for POST
-      const contextAfter = isPostRequest ? 10 : 5;
+      // Get context around it
+      const startLine = Math.max(0, i - 2);
+      const endLine = Math.min(lines.length - 1, i + 5);
       
-      const startLine = Math.max(0, i - contextBefore);
-      const endLine = Math.min(lines.length - 1, i + contextAfter);
+      const block = lines.slice(startLine, endLine + 1)
+        .map((l, idx) => `${startLine + idx + 1}: ${l}`)
+        .join('\n');
+      
+      patterns.push(`// Request parameter extraction:\n${block}`);
+      i = endLine;
+    }
+    
+    // NestJS decorators: @Body(), @Query(), @Param()
+    if (/@(Body|Query|Param|Headers)\s*\(/i.test(line)) {
+      const startLine = Math.max(0, i - 1);
+      const endLine = Math.min(lines.length - 1, i + 3);
       
       const block = lines.slice(startLine, endLine + 1)
         .map((l, idx) => `${startLine + idx + 1}: ${l}`)
         .join('\n');
       
-      extractedBlocks.push(block);
+      patterns.push(`// NestJS parameter decorator:\n${block}`);
+      i = endLine;
+    }
+    
+    // Validation schemas: Joi, Zod, class-validator
+    if (/Joi\.(object|string|number|array|boolean)\s*\(/i.test(line) ||
+        /z\.(object|string|number|array|boolean)\s*\(/i.test(line) ||
+        /@(IsString|IsNumber|IsArray|IsBoolean|IsOptional|ValidateNested)/i.test(line)) {
       
-      // Skip ahead to avoid duplicates
+      const startLine = Math.max(0, i - 2);
+      const endLine = Math.min(lines.length - 1, i + 10);
+      
+      const block = lines.slice(startLine, endLine + 1)
+        .map((l, idx) => `${startLine + idx + 1}: ${l}`)
+        .join('\n');
+      
+      patterns.push(`// Validation schema:\n${block}`);
       i = endLine;
     }
   }
+  
+  return patterns;
+}
 
-  // If we found API patterns, return extracted content
-  if (hasApiCalls && extractedBlocks.length > 0) {
-    return {
-      hasApiCalls: true,
-      content: `// File: ${filePath}\n// API patterns found:\n\n${extractedBlocks.join('\n\n// ---\n\n')}`
-    };
+/**
+ * Extract CodeIgniter REST controller methods and map to routes
+ * e.g., index_get() -> GET /path, index_post() -> POST /path
+ * e.g., items_get() -> GET /path/items, user_get($id) -> GET /path/user/:id
+ */
+function extractCodeIgniterMethods(content, basePath) {
+  const routes = [];
+  
+  // Match public function methodname_httpverb($params)
+  // CodeIgniter REST convention: {action}_{method}
+  const methodRegex = /public\s+function\s+(\w+)_(get|post|put|patch|delete)\s*\(([^)]*)\)/gi;
+  let match;
+  
+  while ((match = methodRegex.exec(content)) !== null) {
+    const action = match[1];  // e.g., 'index', 'items', 'user'
+    const method = match[2].toUpperCase();  // e.g., 'GET', 'POST'
+    const params = match[3];  // e.g., '$id = null'
+    
+    // Build the route path
+    let path = basePath;
+    if (action !== 'index') {
+      path += '/' + action.toLowerCase().replace(/_/g, '/');
+    }
+    
+    // Add path parameters from function arguments
+    if (params) {
+      const paramNames = params.match(/\$(\w+)/g);
+      if (paramNames) {
+        paramNames.forEach(p => {
+          const paramName = p.replace('$', '');
+          if (!paramName.includes('=')) {  // Not optional
+            path += '/:' + paramName;
+          }
+        });
+      }
+    }
+    
+    routes.push(`// ${method} ${path} - from ${match[1]}_${match[2]}()`);
   }
+  
+  return routes;
+}
 
-  // Fallback: include first 5000 chars if file looks relevant
-  if (/api|fetch|axios|service|http/i.test(filePath)) {
-    return {
-      hasApiCalls: true,
-      content: `// File: ${filePath}\n${content.slice(0, 5000)}`
-    };
+/**
+ * Extract route path from CodeIgniter/Laravel controller file path
+ * e.g., application/controllers/api/v2/Settings.php -> /api/v2/settings
+ */
+function extractRouteFromControllerPath(filePath) {
+  // CodeIgniter 3: application/controllers/api/v2/Settings.php -> /api/v2/settings
+  let match = filePath.match(/application\/controllers\/(.+)\.php$/i);
+  if (match) {
+    const route = '/' + match[1].toLowerCase().replace(/\/index$/, '');
+    return route;
   }
-
-  return { hasApiCalls: false, content: '' };
+  
+  // CodeIgniter 4: app/Controllers/Api/V2/Settings.php -> /api/v2/settings
+  match = filePath.match(/app\/Controllers\/(.+)\.php$/i);
+  if (match) {
+    const route = '/' + match[1].toLowerCase().replace(/\/index$/, '');
+    return route;
+  }
+  
+  // Laravel: app/Http/Controllers/Api/V2/SettingsController.php -> /api/v2/settings
+  match = filePath.match(/app\/Http\/Controllers\/(.+)Controller\.php$/i);
+  if (match) {
+    const route = '/' + match[1].toLowerCase().replace(/\/index$/, '');
+    return route;
+  }
+  
+  return null;
 }
 
 /**
- * Prioritize frontend files based on keywords
+ * Extract API patterns from file content - framework agnostic
  */
-function prioritizeFiles(files, basePath) {
-  return files.sort((a, b) => {
-    const aPath = path.relative(basePath, a).toLowerCase();
-    const bPath = path.relative(basePath, b).toLowerCase();
+function extractApiPatterns(content, filePath, absolutePath) {
+  const lines = content.split('\n');
+  let hasApiPatterns = false;
+  const extractedBlocks = [];
+
+  // Check if this is a route/controller file - if so, include more context
+  const isRouteFile = HIGH_PRIORITY_PATTERNS.some(p => p.test(filePath));
+  // DTO/Model/Entity files across languages
+  const isDtoFile = /dto|interface|types?|schema|model|entity|request|response|form/i.test(filePath);
+  
+  // For CodeIgniter/Laravel controllers, extract the route from file path
+  const conventionRoute = extractRouteFromControllerPath(filePath);
+  if (conventionRoute) {
+    // Extract HTTP methods from CodeIgniter-style method names
+    const ciMethods = extractCodeIgniterMethods(content, conventionRoute);
+    if (ciMethods.length > 0) {
+      extractedBlocks.push(`// CONVENTION-BASED ROUTES FROM CONTROLLER:\n${ciMethods.join('\n')}`);
+      hasApiPatterns = true;
+    } else {
+      extractedBlocks.push(`// CONVENTION-BASED ROUTE: ${conventionRoute}\n// Controller file path maps to this API endpoint`);
+      hasApiPatterns = true;
+    }
+  }
+  
+  // ============================================
+  // PATTERN 0: Swagger/OpenAPI documentation
+  // ============================================
+  const swaggerBlocks = extractSwaggerBlocks(content);
+  if (swaggerBlocks.length > 0) {
+    hasApiPatterns = true;
+    extractedBlocks.push(`// Swagger/OpenAPI documentation found:\n${swaggerBlocks.join('\n\n')}`);
+  }
+  
+  // ============================================
+  // PATTERN 1: TypeScript interfaces/types (DTOs, schemas)
+  // ============================================
+  const typeBlocks = extractTypeDefinitions(content, filePath);
+  if (typeBlocks.length > 0) {
+    hasApiPatterns = true;
+    extractedBlocks.push(`// TypeScript type definitions:\n${typeBlocks.join('\n\n')}`);
+  }
+  
+  // ============================================
+  // PATTERN 2: Request body/query extraction
+  // ============================================
+  const requestPatterns = extractRequestPatterns(content);
+  if (requestPatterns.length > 0) {
+    hasApiPatterns = true;
+    extractedBlocks.push(requestPatterns.join('\n\n'));
+  }
+
+  // ============================================
+  // PATTERN 3: Express/Koa/Fastify Router definitions (JavaScript/TypeScript)
+  // ============================================
+  const routerPatterns = [
+    // Express Router: router.get('/path', handler)
+    /\.(get|post|put|patch|delete|all|use)\s*\(\s*['"`]([^'"`]+)['"`]/gi,
+    // Express app: app.get('/path', handler)
+    /app\.(get|post|put|patch|delete|all|use)\s*\(\s*['"`]([^'"`]+)['"`]/gi,
+    // Fastify: fastify.get('/path', handler)
+    /fastify\.(get|post|put|patch|delete|all)\s*\(\s*['"`]([^'"`]+)['"`]/gi,
+  ];
+
+  // ============================================
+  // PATTERN 4: NestJS/Decorators (JavaScript/TypeScript)
+  // ============================================
+  const decoratorPatterns = [
+    /@(Get|Post|Put|Patch|Delete|All)\s*\(\s*['"`]?([^'"`\)]*)/gi,
+    /@Controller\s*\(\s*['"`]([^'"`]+)/gi,
+  ];
+  
+  // ============================================
+  // PATTERN PHP: CodeIgniter, Laravel, Symfony routes
+  // ============================================
+  const phpPatterns = [
+    // CodeIgniter 4: $routes->get('path', 'Controller::method')
+    /\$routes\s*->\s*(get|post|put|patch|delete|add|match|cli)\s*\(\s*['"]([^'"]+)['"]/gi,
+    // CodeIgniter 4: $routes->group()
+    /\$routes\s*->\s*group\s*\(\s*['"]([^'"]+)['"]/gi,
+    // CodeIgniter 3: $route['path'] = 'controller/method'
+    /\$route\s*\[\s*['"]([^'"]+)['"]\s*\]/gi,
+    // Laravel: Route::get('path', ...)
+    /Route\s*::\s*(get|post|put|patch|delete|any|match|resource|apiResource)\s*\(\s*['"]([^'"]+)['"]/gi,
+    // Laravel route groups
+    /Route\s*::\s*(prefix|group|middleware)\s*\(\s*['"]([^'"]+)['"]/gi,
+    // Symfony annotations: @Route("/path")
+    /@Route\s*\(\s*['"]([^'"]+)['"]/gi,
+    // Symfony PHP 8 attributes: #[Route('/path')]
+    /#\[Route\s*\(\s*['"]([^'"]+)['"]/gi,
+    // PHP method definitions in controllers (for convention-based routing)
+    /public\s+function\s+(\w+)\s*\([^)]*\)/gi,
+    // PHP class definitions (to get controller names)
+    /class\s+(\w+)\s+extends\s+(\w*Controller|CI_Controller|BaseController|ResourceController)/gi,
+  ];
+  
+  // ============================================
+  // PATTERN Python: Flask, FastAPI, Django
+  // ============================================
+  const pythonPatterns = [
+    // Flask: @app.route('/path')
+    /@app\.(route|get|post|put|patch|delete)\s*\(\s*['"]([^'"]+)['"]/gi,
+    // Flask Blueprint: @blueprint.route('/path')
+    /@\w+\.(route|get|post|put|patch|delete)\s*\(\s*['"]([^'"]+)['"]/gi,
+    // FastAPI: @app.get('/path'), @router.post('/path')
+    /@(app|router)\.(get|post|put|patch|delete|api_route)\s*\(\s*['"]([^'"]+)['"]/gi,
+    // Django: path('route/', view)
+    /path\s*\(\s*['"]([^'"]+)['"]/gi,
+    // Django: url(r'^route/$', view)
+    /url\s*\(\s*r?['"]([^'"]+)['"]/gi,
+  ];
+  
+  // ============================================
+  // PATTERN Ruby: Rails, Sinatra
+  // ============================================
+  const rubyPatterns = [
+    // Rails: get '/path', post '/path', resources :items
+    /^\s*(get|post|put|patch|delete|resources|resource|root|match)\s+['":]/gim,
+    // Rails namespace/scope
+    /(namespace|scope)\s+[:'"](\w+)/gi,
+    // Sinatra: get '/path' do
+    /^\s*(get|post|put|patch|delete)\s+['"]([^'"]+)['"]\s+do/gim,
+  ];
+  
+  // ============================================
+  // PATTERN Go: Gin, Echo, Chi, net/http
+  // ============================================
+  const goPatterns = [
+    // Gin: r.GET("/path", handler), router.POST("/path", handler)
+    /\.(GET|POST|PUT|PATCH|DELETE|Handle|Any|Group)\s*\(\s*["']([^"']+)["']/gi,
+    // Echo: e.GET("/path", handler)
+    /e\.(GET|POST|PUT|PATCH|DELETE|Any|Group)\s*\(\s*["']([^"']+)["']/gi,
+    // Chi: r.Get("/path", handler), r.Route("/path", ...)
+    /r\.(Get|Post|Put|Patch|Delete|Route|Group|Mount)\s*\(\s*["']([^"']+)["']/gi,
+    // net/http: http.HandleFunc("/path", handler)
+    /http\.(HandleFunc|Handle)\s*\(\s*["']([^"']+)["']/gi,
+    // Gorilla mux: r.HandleFunc("/path", handler).Methods("GET")
+    /HandleFunc\s*\(\s*["']([^"']+)["']/gi,
+  ];
+  
+  // ============================================
+  // PATTERN Java/Kotlin: Spring Boot
+  // ============================================
+  const javaPatterns = [
+    // Spring: @GetMapping("/path"), @PostMapping("/path")
+    /@(GetMapping|PostMapping|PutMapping|PatchMapping|DeleteMapping|RequestMapping)\s*\(\s*(?:value\s*=\s*)?["']?([^"'\)]+)/gi,
+    // Spring: @RequestMapping(method = RequestMethod.GET)
+    /@RequestMapping\s*\([^)]*method\s*=\s*RequestMethod\.(GET|POST|PUT|PATCH|DELETE)/gi,
+    // JAX-RS: @GET, @POST, @Path("/path")
+    /@(GET|POST|PUT|PATCH|DELETE|Path)\s*(?:\(\s*["']([^"']+)["']\s*\))?/gi,
+  ];
+
+  // ============================================
+  // PATTERN 5: Frontend HTTP calls
+  // ============================================
+  const httpCallPatterns = [
+    // fetch() calls
+    /fetch\s*\(\s*[`'"](.*?)[`'"]/g,
+    /fetch\s*\(\s*`([^`]*)`/g,
+    // axios calls
+    /axios\.(get|post|put|patch|delete)\s*\(\s*[`'"](.*?)[`'"]/g,
+    /axios\s*\(\s*\{[^}]*url\s*:\s*[`'"](.*?)[`'"]/g,
+    // Angular HttpClient
+    /this\.http\.(get|post|put|patch|delete)\s*[<(]/g,
+    /httpClient\.(get|post|put|patch|delete)\s*[<(]/g,
+    // jQuery ajax
+    /\$\.(ajax|get|post)\s*\(\s*[`'"](.*?)[`'"]/g,
+    // Generic request libraries
+    /request\.(get|post|put|patch|delete)\s*\(/g,
+    /got\.(get|post|put|patch|delete)\s*\(/g,
+    /superagent\.(get|post|put|patch|delete)\s*\(/g,
+  ];
+
+  // ============================================
+  // PATTERN 6: API URL definitions
+  // ============================================
+  const urlPatterns = [
+    // API endpoints in strings
+    /['"`](\/api\/[^'"`\s]+)['"`]/g,
+    /['"`](\/v\d+\/[^'"`\s]+)['"`]/g,
+    /['"`](https?:\/\/[^'"`\s]*\/api[^'"`\s]*)['"`]/g,
+    // Base URL definitions
+    /(?:API_BASE|API_URL|BASE_URL|baseURL|apiUrl|apiBase|API_ENDPOINT|BACKEND_URL)\s*[:=]\s*['"`]([^'"`]+)['"`]/gi,
+  ];
+
+  // ============================================
+  // PATTERN 7: Method + URL combinations
+  // ============================================
+  const methodUrlPatterns = [
+    /(GET|POST|PUT|PATCH|DELETE)\s*[,:]?\s*['"`](\/[^'"`]+)['"`]/gi,
+    /method:\s*['"`](GET|POST|PUT|PATCH|DELETE)['"`]/gi,
+  ];
+
+  // Combine all patterns for line scanning (all languages)
+  const allPatterns = [
+    ...routerPatterns,
+    ...decoratorPatterns,
+    ...phpPatterns,
+    ...pythonPatterns,
+    ...rubyPatterns,
+    ...goPatterns,
+    ...javaPatterns,
+    ...httpCallPatterns,
+    ...urlPatterns,
+    ...methodUrlPatterns
+  ];
+
+  // If this is a route/controller file with swagger docs, include the whole file
+  if (isRouteFile && swaggerBlocks.length > 0) {
+    hasApiPatterns = true;
+    // Include entire file content (truncated if too long)
+    const maxLines = 300;
+    const truncatedContent = lines.length > maxLines 
+      ? lines.slice(0, maxLines).join('\n') + `\n// ... ${lines.length - maxLines} more lines ...`
+      : content;
     
-    // Deprioritize test files
-    if (aPath.includes('test') || aPath.includes('spec')) return 1;
-    if (bPath.includes('test') || bPath.includes('spec')) return -1;
+    return {
+      hasApiPatterns: true,
+      content: `// File: ${filePath}\n// Route/Controller file with Swagger docs - full content:\n\n${truncatedContent}`
+    };
+  }
+  
+  // If this is a route file without swagger, still include more content
+  if (isRouteFile) {
+    const hasRouteContent = allPatterns.some(p => {
+      p.lastIndex = 0;
+      return p.test(content);
+    });
+    
+    if (hasRouteContent) {
+      hasApiPatterns = true;
+      const maxLines = 200;
+      const truncatedContent = lines.length > maxLines 
+        ? lines.slice(0, maxLines).join('\n') + `\n// ... ${lines.length - maxLines} more lines ...`
+        : content;
+      
+      return {
+        hasApiPatterns: true,
+        content: `// File: ${filePath}\n// Route/Controller file - full content:\n\n${truncatedContent}`
+      };
+    }
+  }
+  
+  // If this is a DTO/types file, include full content
+  if (isDtoFile && typeBlocks.length > 0) {
+    hasApiPatterns = true;
+    const maxLines = 150;
+    const truncatedContent = lines.length > maxLines 
+      ? lines.slice(0, maxLines).join('\n') + `\n// ... ${lines.length - maxLines} more lines ...`
+      : content;
     
-    // Prioritize src/frontend folders
-    if (aPath.includes('src/') || aPath.includes('frontend/')) {
-      if (!bPath.includes('src/') && !bPath.includes('frontend/')) return -1;
+    return {
+      hasApiPatterns: true,
+      content: `// File: ${filePath}\n// DTO/Types file - full content:\n\n${truncatedContent}`
+    };
+  }
+
+  // For non-route files, extract relevant sections
+  // First, extract imports and base URL definitions
+  const baseUrlLines = [];
+  
+  for (let i = 0; i < Math.min(lines.length, 50); i++) {
+    const line = lines[i];
+    if (/(?:API_BASE|API_URL|BASE_URL|baseURL|apiUrl|BACKEND)/i.test(line)) {
+      baseUrlLines.push(`${i + 1}: ${line}`);
     }
+  }
+
+  if (baseUrlLines.length > 0) {
+    extractedBlocks.push('// Base URL definitions:\n' + baseUrlLines.join('\n'));
+    hasApiPatterns = true;
+  }
+
+  // Line-by-line extraction with context
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
     
-    const aScore = PRIORITY_KEYWORDS.reduce((score, kw) => 
-      aPath.includes(kw) ? score + 1 : score, 0);
-    const bScore = PRIORITY_KEYWORDS.reduce((score, kw) => 
-      bPath.includes(kw) ? score + 1 : score, 0);
+    // Check all patterns
+    let hasPattern = false;
+    for (const pattern of allPatterns) {
+      pattern.lastIndex = 0;
+      if (pattern.test(line)) {
+        hasPattern = true;
+        break;
+      }
+    }
     
-    return bScore - aScore;
-  });
+    // Also check for common API keywords (all languages)
+    const hasKeyword = new RegExp([
+      // JavaScript/TypeScript
+      '\\.get\\(', '\\.post\\(', '\\.put\\(', '\\.patch\\(', '\\.delete\\(',
+      'fetch\\(', 'axios', '\\/api\\/', 'endpoint',
+      '@Get', '@Post', '@Put', '@Delete',
+      // PHP (CodeIgniter, Laravel)
+      '\\$routes\\s*->', 'Route\\s*::', '@Route',
+      '\\$this->input->', '\\$this->request->', // CodeIgniter input
+      '\\$request->', '\\$_POST', '\\$_GET', '\\$_PUT', // PHP request data
+      'public\\s+function\\s+\\w+', // PHP public methods (potential endpoints)
+      'extends\\s+\\w*Controller', // PHP controller classes
+      // Python (Flask, FastAPI, Django)
+      '@app\\.route', '@app\\.get', '@app\\.post', '@router\\.',
+      'path\\s*\\(', 'url\\s*\\(',
+      // Ruby (Rails)
+      'resources\\s+:', 'get\\s+[\'"]/', 'post\\s+[\'"]/',
+      // Go (Gin, Echo, Chi)
+      '\\.GET\\(', '\\.POST\\(', 'HandleFunc\\(',
+      // Java/Kotlin (Spring)
+      '@GetMapping', '@PostMapping', '@RequestMapping', '@Path'
+    ].join('|'), 'i').test(line);
+    
+    if (hasPattern || hasKeyword) {
+      hasApiPatterns = true;
+      
+      // Determine context needed
+      const isPostOrPut = /post|put|patch/i.test(line);
+      const contextBefore = isPostOrPut ? 20 : 5;  // More context for mutations
+      const contextAfter = isPostOrPut ? 10 : 5;
+      
+      const startLine = Math.max(0, i - contextBefore);
+      const endLine = Math.min(lines.length - 1, i + contextAfter);
+      
+      const block = lines.slice(startLine, endLine + 1)
+        .map((l, idx) => `${startLine + idx + 1}: ${l}`)
+        .join('\n');
+      
+      extractedBlocks.push(block);
+      
+      // Skip ahead to avoid duplicates
+      i = endLine;
+    }
+  }
+
+  if (hasApiPatterns && extractedBlocks.length > 0) {
+    // Deduplicate blocks
+    const uniqueBlocks = [...new Set(extractedBlocks)];
+    return {
+      hasApiPatterns: true,
+      content: `// File: ${filePath}\n// API patterns extracted:\n\n${uniqueBlocks.join('\n\n// ---\n\n')}`
+    };
+  }
+
+  return { hasApiPatterns: false, content: '' };
 }
 
 module.exports = { scanCodebase };