@nebutra/next-unicorn-skill 1.0.4 → 1.0.6

package/README.md

@@ -11,7 +11,7 @@
   <a href="https://www.npmjs.com/package/@nebutra/next-unicorn-skill"><img src="https://img.shields.io/npm/v/@nebutra/next-unicorn-skill.svg?color=blue" alt="npm version" /></a>
   <a href="./LICENSE"><img src="https://img.shields.io/badge/license-MIT-green.svg" alt="License" /></a>
   <a href="https://www.typescriptlang.org/"><img src="https://img.shields.io/badge/TypeScript-strict-blue.svg" alt="TypeScript" /></a>
-  <a href="./tests/"><img src="https://img.shields.io/badge/tests-198%20passed-brightgreen.svg" alt="Tests" /></a>
+  <a href="./tests/"><img src="https://img.shields.io/badge/tests-210%20passed-brightgreen.svg" alt="Tests" /></a>
   <a href="./tests/"><img src="https://img.shields.io/badge/properties-29%20verified-purple.svg" alt="Property Tests" /></a>
 </p>
 
@@ -31,9 +31,9 @@
 
 Every codebase accumulates hand-rolled implementations that should be mature libraries. Custom date formatters, DIY loggers, bespoke state machines, ad-hoc i18n — **Vibe Coding debt**.
 
-Snyk, Dependabot, and Renovate manage your *existing* dependencies. They can't find code you wrote that *should become* a dependency.
+Snyk, Dependabot, and Renovate manage your *existing* dependencies. They can't find code you wrote that *should become* a dependency — or capabilities your project is *missing entirely*.
 
-**Next-Unicorn does both** — and verifies every recommendation against real documentation via [Context7 MCP](https://context7.com).
+**Next-Unicorn does all three** — replacement, gap analysis, and dependency management — verified against real documentation via [Context7 MCP](https://context7.com).
 
 ## Quick Start
 
@@ -61,18 +61,36 @@ npm install @nebutra/next-unicorn-skill
 
 ```typescript
 import { analyze, scanCodebase } from '@nebutra/next-unicorn-skill';
-import type { Recommender } from '@nebutra/next-unicorn-skill';
-
-// The recommender function: AI agent decides which library fits each detection
-const recommender: Recommender = (detection) => {
-  // AI agent uses its knowledge + project context to recommend
-  // Return null to skip a detection (false positive, intentional custom code)
-  return {
-    library: 'zustand',       // dynamically chosen, not hardcoded
-    version: '^5.0.0',        // verified via Context7
-    license: 'MIT',
-  };
-};
+import type { Recommender, GapRecommendation } from '@nebutra/next-unicorn-skill';
+
+// The recommender: AI agent decides which library fits each detection
+const recommender: Recommender = (detection) => ({
+  library: '@lingui/core',
+  version: '^4.0.0',
+  license: 'MIT',
+  rationale: 'Compile-time i18n with near-zero runtime overhead',
+  ecosystem: [
+    { library: '@lingui/macro', version: '^4.0.0', role: 'Tagged templates' },
+    { library: '@lingui/cli', version: '^4.0.0', role: 'CI message extraction' },
+  ],
+  antiPatterns: ['Avoid i18next if bundle size matters — Lingui compiles away'],
+  alternatives: [
+    { library: 'next-intl', when: 'Next.js App Router with server components' },
+  ],
+});
+
+// Gap analysis: capabilities the project should have but doesn't
+const gaps: GapRecommendation[] = [
+  {
+    domain: 'observability',
+    description: 'No structured logging detected',
+    recommendedLibrary: {
+      name: 'pino', version: '^9.0.0', license: 'MIT',
+      rationale: 'Fastest Node.js JSON logger with redaction and child loggers',
+    },
+    priority: 'critical',
+  },
+];
 
 const result = await analyze({
   input: {
@@ -83,27 +101,22 @@ const result = await analyze({
       currentLibraries: { react: '18.2.0', next: '14.1.0' },
     },
     optimizationGoals: ['reduce custom code', 'improve maintainability'],
-    constraints: {
-      licenseAllowlist: ['MIT', 'Apache-2.0', 'ISC'],
-    },
+    constraints: { licenseAllowlist: ['MIT', 'Apache-2.0', 'ISC'] },
     priorityFocusAreas: ['i18n', 'observability', 'auth-security'],
   },
   context7Client: myContext7Client,
-  recommender,  // AI agent provides library recommendations
-  // Optional Phase 2 clients:
-  vulnClient: myOsvClient,          // vulnerability scanning
-  registryClient: myRegistryClient,  // auto-update
-  platformClient: myGitHubClient,    // PR creation
-  gitOps: myGitOperations,           // PR creation
+  recommender,
+  gaps,
 });
 
 if (result.success) {
   console.log(result.prettyJson);
-  // result.scanResult contains raw detections for further AI analysis
+  // result.scanResult — raw detections + structural findings for AI analysis
+  // result.output.gapAnalysis — Context7-verified gap recommendations
 }
 ```
 
-Or use as an **MCP SKILL** — provide [`SKILL.md`](./SKILL.md) to your AI agent (Claude Code, Kiro, etc.).
+Or use as an **MCP SKILL** — provide [`SKILL.md`](./SKILL.md) to your AI agent (Claude Code, Kiro, Cursor, etc.).
 
 ## Features
 
@@ -111,17 +124,19 @@ Or use as an **MCP SKILL** — provide [`SKILL.md`](./SKILL.md) to your AI agent
 
 | Feature | Description |
 |---------|-------------|
-| **Pattern-based scanning** | Detects hand-rolled code across 68 Vibe Coding Domains (ISO 25010-aligned) |
-| **Gap analysis** | AI agent identifies missing capabilities — not just hand-rolled code, but things you should have but don't (e.g., no error monitoring, no rate limiting, no event-driven workflows) |
-| **Ecosystem-level recommendations** | Solutions include rationale, companion packages, anti-patterns, and alternatives — not just "use library X" |
-| **Context7 verification** | Every recommendation verified against real, version-correct documentation |
+| **Pattern-based scanning** | Detects hand-rolled code across 30 domains with 40+ regex patterns (design-system, auth, state-management, etc.) |
+| **Structural analysis** | Detects monorepo architecture gaps: missing token layers, dependency flow violations, hardcoded config values |
+| **Gap analysis** | AI agent identifies missing capabilities — not just hand-rolled code, but things you should have but don't |
+| **Ecosystem-level recommendations** | Solutions include rationale, companion packages, anti-patterns, and alternatives |
+| **Context7 verification** | Every recommendation (replacements AND gaps) verified with exponential backoff retry |
 | **7-dimension impact scoring** | Scalability, performance, security, maintainability, feature richness, UX, UI aesthetics |
 | **Phased migration plans** | Low / medium / high risk phases with adapter strategies |
 | **Deletion checklists** | Every file and line range to remove, with estimated lines saved |
 | **UX completeness audit** | A11y, error/empty/loading states, form validation, design system alignment |
+| **Design system support** | Two paths: scaffold from reference repos (Primer, Polaris, Supabase, Dub) or extract from existing code |
 | **Monorepo support** | Detects npm, pip, cargo, go workspaces independently |
 
-### Dependency Management (v2.0)
+### Dependency Management
 
 | Feature | Description |
 |---------|-------------|
@@ -133,13 +148,14 @@ Or use as an **MCP SKILL** — provide [`SKILL.md`](./SKILL.md) to your AI agent
 ## How It Works
 
 ```
-Input ─> Validator ─> Scanner ─> Recommender (AI Agent) ─> Context7 Verifier
+Input ─> Validator ─> Scanner + Structure Analyzer
+  ─> Gap Analysis (AI Agent) ─> Recommender (AI Agent) ─> Context7 Verifier
   ─> Impact Scorer ─> Conflict Detection ─> Vuln Scanner ─> License Filter
   ─> Migration Planner ─> UX Auditor ─> Auto-Updater
   ─> Serializer ─> PR Creator ─> Output
 ```
 
-**Key architecture**: The scanner detects WHAT is hand-rolled; the **Recommender** (AI agent or caller) decides WHAT library to use. No library recommendations are hardcoded — they are provided dynamically based on project context, ecosystem knowledge, and Context7 verification.
+**Key architecture**: The scanner detects WHAT is hand-rolled; the structure analyzer detects architectural gaps; the **Recommender** (AI agent or caller) decides WHAT to use. No library recommendations are hardcoded — they are provided dynamically based on project context, ecosystem knowledge, and Context7 verification.
 
 Each stage is a pure function with structured I/O. All external dependencies (Context7, OSV, npm registry, GitHub API) are **injected via interfaces** for testability.
 
@@ -166,14 +182,14 @@ function t(key, locale) {
 <td>
 
 ```tsx
-// next-intl — Context7 verified, MIT
-// Impact: 9.2/10 composite
-// Migration risk: low | Effort: 8h
-import { useTranslations } from 'next-intl';
+// @lingui/core — Context7 verified, MIT
+// Ecosystem: @lingui/macro + @lingui/cli
+// Impact: 9.2/10 | Risk: low | Effort: 8h
+import { useLingui } from '@lingui/react';
 
 export default function Page() {
-  const t = useTranslations('common');
-  return <h1>{t('greeting')}</h1>;
+  const { t } = useLingui();
+  return <h1>{t`greeting`}</h1>;
 }
 ```
 
@@ -199,8 +215,8 @@ function logRequest(req) {
 
 ```typescript
 // pino — Context7 verified, MIT
-// Impact: 9.0/10 composite
-// Migration risk: low | Effort: 4h
+// Gap analysis: "No structured logging detected"
+// Priority: critical
 import pino from 'pino';
 const logger = pino({
   level: 'info',
@@ -217,11 +233,15 @@ const logger = pino({
 | Feature | Next-Unicorn | Snyk | Dependabot | Renovate |
 |---------|:---:|:---:|:---:|:---:|
 | Finds hand-rolled code to replace | **Yes** | | | |
+| Identifies missing capabilities (gaps) | **Yes** | | | |
+| Structural architecture analysis | **Yes** | | | |
 | Recommends new libraries | **Yes** | | | |
+| Ecosystem-level solutions | **Yes** | | | |
 | 7-dimension impact scoring | **Yes** | | | |
 | Context7 doc verification | **Yes** | | | |
 | Phased migration plans | **Yes** | | | |
 | UX completeness audit | **Yes** | | | |
+| Design system scaffold/extraction | **Yes** | | | |
 | Deletion checklists | **Yes** | | | |
 | Vulnerability scanning | **Yes** | Yes | Yes | |
 | Scans *recommended* libs for vulns | **Yes** | | | |
@@ -249,14 +269,18 @@ const logger = pino({
 
 ### `scanCodebase(input): Promise<ScanResult>`
 
-Standalone scanner — returns detections and workspace info without recommendations. AI agents can call this first, then provide recommendations via the `Recommender` callback.
+Standalone scanner — returns detections, workspace info, and structural findings (design system layer analysis, dependency flow violations). AI agents can call this first, then provide recommendations via the `Recommender` callback.
+
+### `analyzeStructure(repoPath, workspaces): StructuralAnalysis`
+
+Standalone structure analyzer — detects missing design system layers, dependency flow violations, hardcoded config values, and missing shared presets in monorepos.
 
 ### Output Structure
 
 ```jsonc
 {
   "recommendedChanges": [...],     // Replacement recommendations with impact scores
-  "gapAnalysis": [...],            // (optional) Missing capabilities with prioritized recs
+  "gapAnalysis": [...],            // (optional) Context7-verified gap recommendations
   "filesToDelete": [...],          // Files to remove after migration
   "linesSavedEstimate": 1250,      // Total lines saved
   "uxAudit": [...],                // UX completeness (8 categories)
@@ -272,16 +296,16 @@ Standalone scanner — returns detections and workspace info without recommendat
 
 ## Vibe Coding Domains
 
-68 domains across 11 categories, aligned with ISO/IEC 25010:
+68 domains across 11 categories, aligned with ISO/IEC 25010. 30 domains have scanner patterns; the rest are covered by AI agent gap analysis.
 
 | Category | Count | Examples |
 |----------|:-----:|---------|
-| UX / Design | 14 | `ux-completeness`, `a11y-accessibility`, `forms-ux`, `design-system` |
+| UX / Design | 14 | `design-system`, `a11y-accessibility`, `forms-ux`, `empty-loading-error-states` |
 | SEO / i18n | 5 | `seo`, `i18n`, `content-marketing` |
 | Growth / Data | 7 | `analytics-tracking`, `ab-testing-experimentation` |
-| Frontend Arch | 8 | `state-management`, `data-fetching-caching`, `agent-architecture` |
-| Backend / Platform | 8 | `database-orm-migrations`, `jobs-queue-scheduler`, `feature-flags-config` |
-| Security | 5 | `auth-security`, `permissions-rbac-ux`, `fraud-abuse-prevention` |
+| Frontend Arch | 8 | `state-management`, `data-fetching-caching`, `realtime-collaboration` |
+| Backend / Platform | 8 | `database-orm-migrations`, `caching-rate-limit`, `feature-flags-config` |
+| Security | 5 | `auth-security`, `security-hardening`, `fraud-abuse-prevention` |
 | Observability | 4 | `logging-tracing-metrics`, `error-monitoring` |
 | Delivery / DevEx | 6 | `testing-strategy`, `ci-cd-release`, `dependency-management` |
 | Performance | 3 | `performance-web-vitals`, `cost-optimization` |
@@ -293,7 +317,7 @@ Standalone scanner — returns detections and workspace info without recommendat
 ## Testing
 
 ```bash
-pnpm test          # 198 tests (vitest + fast-check)
+pnpm test          # 210 tests (vitest + fast-check)
 pnpm typecheck     # TypeScript strict mode
 pnpm build         # Compile to dist/
 ```
@@ -330,6 +354,13 @@ pnpm build         # Compile to dist/
 | [`update-plan.md`](./templates/update-plan.md) | Dependency update plan |
 | [`prd-template.md`](./templates/prd-template.md) | PRD for stakeholder presentation |
 
+## References
+
+| Reference | Purpose |
+|-----------|---------|
+| [`design-system-sources.md`](./references/design-system-sources.md) | 25+ curated design system repos for scaffolding (Primer, Polaris, Dub, Supabase, etc.) |
+| [`design-system-extraction.md`](./references/design-system-extraction.md) | Workflow for extracting a design system from existing code (6 principles, 5 phases) |
+
 ## Contributing
 
 See [CONTRIBUTING.md](./CONTRIBUTING.md) for development setup, architecture overview, and contribution guidelines.
@@ -340,8 +371,8 @@ Releases are automated via GitHub Actions:
 
 ```bash
 # Tag a new version
-git tag v2.0.0
-git push origin v2.0.0
+git tag v1.0.5
+git push origin v1.0.5
 # → CI runs tests → creates GitHub Release → publishes to npmjs + GitHub Packages
 ```
 

package/SKILL.md

@@ -64,11 +64,13 @@ Provide each gap as a `GapRecommendation`. Read `src/index.ts` for the interface
 
 For each scanner detection, recommend a **solution**. Consider:
 
-1. **Ecosystem composition** — recommend companion libraries that work together
-2. **Rationale** — explain WHY this choice fits this project's framework, runtime, and scale
-3. **Anti-patterns** — what NOT to use and why
-4. **Alternatives** — different solutions for different architectural contexts
-5. **Context7 verification** — call `resolve-library-id` + `query-docs` to confirm the library exists and get latest version/docs
+1. **Stack coherence** — don't recommend libraries in isolation; consider how they fit the project's overall stack (e.g., recommending Stripe should trigger consideration of Resend for transactional email and PostHog for payment funnel analytics)
+2. **Ecosystem composition** — recommend companion libraries that work together
+3. **Rationale** — explain WHY this choice fits this project's framework, runtime, and scale
+4. **Anti-patterns** — what NOT to use and why
+5. **Alternatives** — different solutions for different architectural contexts
+6. **Migration snippet** — for each recommendation, read the detected code (file path + line range from scanner) and generate a concrete before/after code example showing the migration
+7. **Context7 verification** — call `resolve-library-id` + `query-docs` to confirm the library exists and get latest version/docs
 
 Read `src/index.ts` for the `LibraryRecommendation` interface. Return `null` to skip a detection.
 
@@ -78,21 +80,13 @@ Read `src/index.ts` for the `LibraryRecommendation` interface. Return `null` to
 - Library is already in project dependencies (suggest version update instead)
 - Hand-rolled code is simpler than the library (3-line utility vs 50KB dep)
 
-### Step 4: Score Impact
+### Step 4–7: Score, Plan, Audit, Serialize
 
-Call `computeImpactScore()` for each detection. Optionally provide `dimensionHints` and `baseEffortHours` for more accurate scoring. Read `src/scorer/impact-scorer.ts` for the interface.
-
-### Step 5: Build Migration Plan
-
-Call `buildMigrationPlan()` to group recommendations into phases by risk (low, medium, high). High-risk items include adapter strategies.
-
-### Step 6: Audit UX Completeness
-
-Call `auditUxCompleteness()` to evaluate 8 UX categories. The auditor determines status (present/partial/missing). Fill in `recommendedLibrary` on partial/missing items based on project context.
-
-### Step 7: Apply Constraints and Serialize
-
-Filter by license allowlist, detect dependency conflicts, serialize to JSON.
+The pipeline handles these automatically:
+- **Scoring**: confidence-based dimension scores (overridable by AI agent via `dimensionHints`)
+- **Migration plan**: auto-grouped by risk (low/medium/high), sorted by file co-location
+- **UX audit**: provide via `uxAudit` option in `analyze()`. Evaluate 8 categories: accessibility, error/empty/loading states, form validation, performance feel, copy consistency, design system alignment. For each, assess status (present/partial/missing) based on project code and `currentLibraries`.
+- **Constraints**: license allowlist filtering, dependency conflict detection, JSON serialization
 
 ### Optional Steps
 

package/dist/index.d.ts

@@ -5,81 +5,51 @@
  * replaced by third-party libraries. Library recommendations are provided
  * by the caller (AI agent or programmatic client) — NOT hardcoded.
  *
- * This is the orchestrator that wires the full pipeline:
- * validate input → scan → recommend (caller) → verify → score → plan →
- * audit → filter → vuln scan → auto-update → serialize → PR creation
+ * Redundant modules removed (Occam's Razor):
+ * - impact-scorer → inlined (trivial math)
+ * - migration-planner → inlined (group-by-risk + sort)
+ * - ux-auditor → AI-agent-driven (Claude reads package.json better)
+ * - constraint-filter → inlined (Set.has)
+ * - serializer → inlined (JSON.stringify)
+ * - update-scorer, update-plan-builder, changelog-verifier → simplified
+ * - pr-description-builder → AI agent writes better PR descriptions
+ * - skill-parser, vuln-report-builder → dead code deleted
  */
-import { OutputSchema } from './schemas/output.schema.js';
+import { OutputSchema, type UxAuditItem } from './schemas/output.schema.js';
 import { type Detection, type ScanResult } from './analyzer/scanner.js';
 import { type Context7Client } from './verifier/context7.js';
-import { type ExclusionRecord } from './utils/constraint-filter.js';
 import { type PeerDependencyResolver } from './checker/peer-dependency-checker.js';
 import type { VulnerabilityClient } from './security/osv-client.js';
 import type { RegistryClient } from './updater/registry-client.js';
 import type { PlatformClient } from './pr-creator/platform-client.js';
 import type { GitOperations } from './pr-creator/git-operations.js';
-export declare const VERSION = "1.0.4";
+export declare const VERSION = "1.0.6";
 /**
  * A library recommendation provided by the AI agent (or caller).
- * The scanner detects WHAT is hand-rolled; the recommender decides WHAT to use.
- *
- * Required fields give the pipeline what it needs for scoring/filtering.
- * Optional fields let the AI agent express ecosystem-level solutions —
- * rationale, companion packages, anti-patterns, and alternatives.
  */
 export interface LibraryRecommendation {
-    /** Primary library name (e.g., "@lingui/core", "zustand") */
     library: string;
-    /** Version constraint (e.g., "^4.0.0") */
     version: string;
-    /** SPDX license identifier (e.g., "MIT") */
     license: string;
-    /** WHY this library — the AI agent's reasoning for this specific choice */
     rationale?: string;
-    /** Companion libraries that form a cohesive solution */
     ecosystem?: Array<{
-        /** Package name */
         library: string;
-        /** Version constraint */
         version: string;
-        /** Role in the solution (e.g., "CI/CD message extraction") */
         role: string;
     }>;
-    /** What NOT to use, and why */
     antiPatterns?: string[];
-    /** Alternative solutions for different architectural contexts */
     alternatives?: Array<{
-        /** Package name */
         library: string;
-        /** When to prefer this alternative (e.g., "Next.js App Router with server components") */
         when: string;
     }>;
 }
-/**
- * Function that provides library recommendations for detections.
- * Called once per detection. Return null to skip a detection (no recommendation).
- *
- * In AI agent mode: the agent fills this based on its knowledge + Context7.
- * In programmatic/test mode: the caller provides a deterministic function.
- */
 export type Recommender = (detection: Detection) => LibraryRecommendation | null;
 /**
- * A capability gap identified by the AI agent — something the project
- * SHOULD have but DOESN'T. Unlike scanner detections (which find hand-rolled
- * code to replace), gaps identify missing capabilities entirely.
- *
- * Examples:
- * - "No structured logging" → recommend pino
- * - "No error monitoring" → recommend Sentry
- * - "No rate limiting" → recommend Arcjet
- * - "No event-driven workflows" → recommend Inngest
+ * A capability gap — something the project SHOULD have but DOESN'T.
  */
 export interface GapRecommendation {
-    /** The Vibe Coding domain this gap belongs to */
     domain: string;
-    /** What capability is missing (e.g., "No structured logging detected") */
     description: string;
-    /** The recommended solution */
     recommendedLibrary: {
         name: string;
         version: string;
@@ -97,44 +67,26 @@ export interface GapRecommendation {
             when: string;
         }>;
     };
-    /** How important is filling this gap */
     priority: 'critical' | 'recommended' | 'nice-to-have';
-    /** Context7 verification status — filled by the pipeline, not the AI agent */
     verificationStatus?: 'verified' | 'unverified' | 'unavailable';
     verificationNote?: string;
 }
 export interface AnalyzeOptions {
-    /** Raw input to be validated against InputSchema */
     input: unknown;
-    /** Injected Context7 client for testability — no real HTTP calls in tests */
     context7Client: Context7Client;
-    /**
-     * Recommender function: maps each detection to a library recommendation.
-     * This is the key integration point for AI agents — the agent decides
-     * which library best fits each detected pattern based on project context.
-     */
     recommender: Recommender;
-    /**
-     * Gap recommendations from the AI agent — capabilities the project should
-     * have but doesn't. The scanner finds "you hand-rolled X"; gaps find
-     * "you're missing Y entirely" (e.g., no error monitoring, no rate limiting).
-     */
     gaps?: GapRecommendation[];
-    /** Optional — if provided, enables vulnerability scanning */
+    /** Optional UX audit items — AI agent provides these based on project analysis */
+    uxAudit?: UxAuditItem[];
     vulnClient?: VulnerabilityClient;
-    /** Optional — if provided, enables auto-update recommendations */
     registryClient?: RegistryClient;
-    /** Required only if prPolicy.enabled is true */
     platformClient?: PlatformClient;
-    /** Required only if prPolicy.enabled is true */
     gitOps?: GitOperations;
-    /** Optional — if provided, resolves peer dependency metadata for recommended libraries */
     peerDependencyResolver?: PeerDependencyResolver;
 }
 export type AnalyzeResult = {
     success: true;
     output: OutputSchema;
-    /** Raw scan result (detections + workspaces) for AI agent further analysis */
     scanResult: ScanResult;
     json: string;
     prettyJson: string;
@@ -144,39 +96,23 @@ export type AnalyzeResult = {
     error: string;
     issues?: unknown;
 };
+export interface ExclusionRecord {
+    libraryName: string;
+    license: string;
+    reason: string;
+}
 export type { Context7Client, VerificationResult } from './verifier/context7.js';
-export type { ExclusionRecord } from './utils/constraint-filter.js';
 export type { InputSchema } from './schemas/input.schema.js';
-export type { OutputSchema } from './schemas/output.schema.js';
+export type { OutputSchema, UxAuditItem } from './schemas/output.schema.js';
 export type { Detection, ScanResult } from './analyzer/scanner.js';
 export type { StructuralFinding, StructuralAnalysis } from './analyzer/structure-analyzer.js';
+export { scanCodebase } from './analyzer/scanner.js';
 export { analyzeStructure } from './analyzer/structure-analyzer.js';
+export { getPatternCatalog } from './analyzer/pattern-catalog.js';
 export type { VulnerabilityClient } from './security/osv-client.js';
 export type { RegistryClient } from './updater/registry-client.js';
 export type { PlatformClient } from './pr-creator/platform-client.js';
 export type { GitOperations } from './pr-creator/git-operations.js';
 export type { PeerDependencyResolver } from './checker/peer-dependency-checker.js';
-export { scanCodebase } from './analyzer/scanner.js';
-export { getPatternCatalog } from './analyzer/pattern-catalog.js';
-/**
- * Run the full Next-Unicorn analysis pipeline.
- *
- * Pipeline steps:
- * 1.  Validate input with InputSchema Zod schema
- * 2.  Scan codebase with scanCodebase
- * 2.5 Get library recommendations from the recommender (AI agent / caller)
- * 3.  Verify recommendations with Context7
- * 4.  Score each detection
- * 5.  Build RecommendedChange objects
- * 6.  Apply dependency conflict detection
- * 6.5 Vulnerability scanning (optional — Phase 2)
- * 7.  Apply license filtering
- * 8.  Build migration plan
- * 9.  Audit UX completeness
- * 10. Auto-update existing dependencies (optional — Phase 2)
- * 11. Assemble OutputSchema, serialize
- * 12. PR auto-creation (optional — Phase 2)
- * 13. Return result
- */
 export declare function analyze(options: AnalyzeOptions): Promise<AnalyzeResult>;
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,EACL,YAAY,EAIb,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAgB,KAAK,SAAS,EAAE,KAAK,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACtF,OAAO,EAGL,KAAK,cAAc,EACpB,MAAM,wBAAwB,CAAC;AAIhC,OAAO,EAGL,KAAK,eAAe,EACrB,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EAEL,KAAK,sBAAsB,EAE5B,MAAM,sCAAsC,CAAC;AAG9C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAEpE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAOnE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACtE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAMpE,eAAO,MAAM,OAAO,UAAU,CAAC;AAM/B;;;;;;;GAOG;AACH,MAAM,WAAW,qBAAqB;IACpC,6DAA6D;IAC7D,OAAO,EAAE,MAAM,CAAC;IAChB,0CAA0C;IAC1C,OAAO,EAAE,MAAM,CAAC;IAChB,4CAA4C;IAC5C,OAAO,EAAE,MAAM,CAAC;IAEhB,2EAA2E;IAC3E,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,wDAAwD;IACxD,SAAS,CAAC,EAAE,KAAK,CAAC;QAChB,mBAAmB;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,yBAAyB;QACzB,OAAO,EAAE,MAAM,CAAC;QAChB,8DAA8D;QAC9D,IAAI,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;IAEH,+BAA+B;IAC/B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,iEAAiE;IACjE,YAAY,CAAC,EAAE,KAAK,CAAC;QACnB,mBAAmB;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,0FAA0F;QAC1F,IAAI,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;CACJ;AAED;;;;;;GAMG;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,SAAS,EAAE,SAAS,KAAK,qBAAqB,GAAG,IAAI,CAAC;AAEjF;;;;;;;;;;GAUG;AACH,MAAM,WAAW,iBAAiB;IAChC,iDAAiD;IACjD,MAAM,EAAE,MAAM,CAAC;IACf,0EAA0E;IAC1E,WAAW,EAAE,MAAM,CAAC;IACpB,+BAA+B;IAC/B,kBAAkB,EAAE;QAClB,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,KAAK,CAAC;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QACtE,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;QACxB,YAAY,CAAC,EAAE,KAAK,CAAC;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KACzD,CAAC;IACF,wCAAwC;IACxC,QAAQ,EAAE,UAAU,GAAG,aAAa,GAAG,cAAc,CAAC;IACtD,8EAA8E;IAC9E,kBAAkB,CAAC,EAAE,UAAU,GAAG,YAAY,GAAG,aAAa,CAAC;IAC/D,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,cAAc;IAC7B,oDAAoD;IACpD,KAAK,EAAE,OAAO,CAAC;IACf,6EAA6E;IAC7E,cAAc,EAAE,cAAc,CAAC;IAC/B;;;;OAIG;IACH,WAAW,EAAE,WAAW,CAAC;IACzB;;;;OAIG;IACH,IAAI,CAAC,EAAE,iBAAiB,EAAE,CAAC;IAC3B,6DAA6D;IAC7D,UAAU,CAAC,EAAE,mBAAmB,CAAC;IACjC,kEAAkE;IAClE,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,gDAAgD;IAChD,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,gDAAgD;IAChD,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,0FAA0F;IAC1F,sBAAsB,CAAC,EAAE,sBAAsB,CAAC;CACjD;AAED,MAAM,MAAM,aAAa,GACrB;IACE,OAAO,EAAE,IAAI,CAAC;IACd,MAAM,EAAE,YAAY,CAAC;IACrB,8EAA8E;IAC9E,UAAU,EAAE,UAAU,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,eAAe,EAAE,CAAC;CAC/B,GACD;IACE,OAAO,EAAE,KAAK,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB,CAAC;AAMN,YAAY,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AACjF,YAAY,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AACpE,YAAY,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC7D,YAAY,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC/D,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnE,YAAY,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAC9F,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACpE,YAAY,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AACpE,YAAY,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACnE,YAAY,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACtE,YAAY,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AACpE,YAAY,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AACnF,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAMlE;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC,CAwU7E"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,EACL,YAAY,EAIZ,KAAK,WAAW,EACjB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAgB,KAAK,SAAS,EAAE,KAAK,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACtF,OAAO,EAGL,KAAK,cAAc,EACpB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAEL,KAAK,sBAAsB,EAE5B,MAAM,sCAAsC,CAAC;AAG9C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAEpE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAInE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACtE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAMpE,eAAO,MAAM,OAAO,UAAU,CAAC;AAM/B;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACtE,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,YAAY,CAAC,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACzD;AAED,MAAM,MAAM,WAAW,GAAG,CAAC,SAAS,EAAE,SAAS,KAAK,qBAAqB,GAAG,IAAI,CAAC;AAEjF;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE;QAClB,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,KAAK,CAAC;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QACtE,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;QACxB,YAAY,CAAC,EAAE,KAAK,CAAC;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KACzD,CAAC;IACF,QAAQ,EAAE,UAAU,GAAG,aAAa,GAAG,cAAc,CAAC;IACtD,kBAAkB,CAAC,EAAE,UAAU,GAAG,YAAY,GAAG,aAAa,CAAC;IAC/D,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,OAAO,CAAC;IACf,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,EAAE,WAAW,CAAC;IACzB,IAAI,CAAC,EAAE,iBAAiB,EAAE,CAAC;IAC3B,kFAAkF;IAClF,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE,mBAAmB,CAAC;IACjC,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,sBAAsB,CAAC,EAAE,sBAAsB,CAAC;CACjD;AAED,MAAM,MAAM,aAAa,GACrB;IACE,OAAO,EAAE,IAAI,CAAC;IACd,MAAM,EAAE,YAAY,CAAC;IACrB,UAAU,EAAE,UAAU,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,eAAe,EAAE,CAAC;CAC/B,GACD;IACE,OAAO,EAAE,KAAK,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB,CAAC;AAEN,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AAMD,YAAY,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AACjF,YAAY,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC7D,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAC5E,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnE,YAAY,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAC9F,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,YAAY,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AACpE,YAAY,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACnE,YAAY,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACtE,YAAY,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AACpE,YAAY,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAMnF,wBAAsB,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC,CA2U7E"}