@ophan/core 0.0.2 → 0.0.4

package/dist/index.js

@@ -73,11 +73,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getSupportedExtensions = exports.computeHash = void 0;
+exports.buildL1Context = exports.summarizeCommunities = exports.LeidenDetector = exports.LabelPropDetector = exports.LouvainDetector = exports.listDetectors = exports.registerDetector = exports.getDetector = exports.JavaScriptModuleResolver = exports.getModuleResolverForFile = exports.getModuleResolver = exports.registerModuleResolver = exports.ImportEdgeResolver = exports.CoLocationEdgeResolver = exports.JsxRefEdgeResolver = exports.CallEdgeResolver = exports.getEdgeResolvers = exports.registerEdgeResolver = exports.DEFAULT_COMPARISONS = exports.runComparison = exports.computeComparisonMetrics = exports.rescueDissolvedNodes = exports.addTransitiveEdges = exports.buildModuleResolver = exports.storeEdges = exports.resolveEdges = exports.DEFAULT_EDGE_WEIGHTS = exports.DEFAULT_GRAPH_CONFIG = exports.loadCommunityEdges = exports.storeCommunityEdges = exports.computeCommunityEdges = exports.computeCentrality = exports.detectCommunities = exports.buildGraph = exports.loadCommunities = exports.loadEdges = exports.saveGraphConfig = exports.loadGraphConfig = exports.computeDirectoryDistance = exports.computePackage = exports.detectHierarchicalCommunities = exports.analyzeGraph = exports.MAX_RULE_LENGTH = exports.MAX_PRACTICES = exports.buildPracticesPrompt = exports.validatePractices = exports.importPractices = exports.loadPracticesFromDb = exports.getSupportedExtensions = exports.computeHash = void 0;
+exports.DEFAULT_SUMMARIZE_CONFIG = exports.summarizeCC = exports.computeCCInputHash = exports.detectCrossCuttingConcerns = exports.loadAllSummaries = exports.loadSummary = exports.storeSummary = exports.computeL3InputHash = exports.computeL2InputHash = exports.computeL1InputHash = exports.summarizeL3 = exports.summarizeL2 = exports.summarizeL1 = exports.formatPackageBreakdown = exports.computePackageBreakdown = exports.buildL1RawContext = void 0;
+exports.numberLines = numberLines;
 exports.ensureGitignore = ensureGitignore;
 exports.discoverFiles = discoverFiles;
 exports.initDb = initDb;
-exports.migrateToAnalysisTypes = migrateToAnalysisTypes;
 exports.analyzeFunctions = analyzeFunctions;
 exports.analyzeFiles = analyzeFiles;
 exports.analyzeRepository = analyzeRepository;
@@ -88,12 +89,15 @@ exports.gcAnalysis = gcAnalysis;
 exports.refreshFileIndex = refreshFileIndex;
 exports.findMissingHashes = findMissingHashes;
 exports.importAnalysis = importAnalysis;
+exports.extractAllFunctions = extractAllFunctions;
+exports.populateFileIndex = populateFileIndex;
 const sdk_1 = __importDefault(require("@anthropic-ai/sdk"));
 const better_sqlite3_1 = __importDefault(require("better-sqlite3"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const child_process_1 = require("child_process");
 const glob_1 = require("glob");
+const p_limit_1 = __importDefault(require("p-limit"));
 const p_retry_1 = __importDefault(require("p-retry"));
 const parsers_1 = require("./parsers");
 // Re-export from shared so downstream consumers (CLI, etc.) can still import from @ophan/core
@@ -102,9 +106,94 @@ Object.defineProperty(exports, "computeHash", { enumerable: true, get: function
 var parsers_2 = require("./parsers");
 Object.defineProperty(exports, "getSupportedExtensions", { enumerable: true, get: function () { return parsers_2.getSupportedExtensions; } });
 __exportStar(require("./schemas"), exports);
+var practices_1 = require("./practices");
+Object.defineProperty(exports, "loadPracticesFromDb", { enumerable: true, get: function () { return practices_1.loadPracticesFromDb; } });
+Object.defineProperty(exports, "importPractices", { enumerable: true, get: function () { return practices_1.importPractices; } });
+Object.defineProperty(exports, "validatePractices", { enumerable: true, get: function () { return practices_1.validatePractices; } });
+Object.defineProperty(exports, "buildPracticesPrompt", { enumerable: true, get: function () { return practices_1.buildPracticesPrompt; } });
+Object.defineProperty(exports, "MAX_PRACTICES", { enumerable: true, get: function () { return practices_1.MAX_PRACTICES; } });
+Object.defineProperty(exports, "MAX_RULE_LENGTH", { enumerable: true, get: function () { return practices_1.MAX_RULE_LENGTH; } });
+var graph_1 = require("./graph");
+Object.defineProperty(exports, "analyzeGraph", { enumerable: true, get: function () { return graph_1.analyzeGraph; } });
+Object.defineProperty(exports, "detectHierarchicalCommunities", { enumerable: true, get: function () { return graph_1.detectHierarchicalCommunities; } });
+Object.defineProperty(exports, "computePackage", { enumerable: true, get: function () { return graph_1.computePackage; } });
+Object.defineProperty(exports, "computeDirectoryDistance", { enumerable: true, get: function () { return graph_1.computeDirectoryDistance; } });
+Object.defineProperty(exports, "loadGraphConfig", { enumerable: true, get: function () { return graph_1.loadGraphConfig; } });
+Object.defineProperty(exports, "saveGraphConfig", { enumerable: true, get: function () { return graph_1.saveGraphConfig; } });
+Object.defineProperty(exports, "loadEdges", { enumerable: true, get: function () { return graph_1.loadEdges; } });
+Object.defineProperty(exports, "loadCommunities", { enumerable: true, get: function () { return graph_1.loadCommunities; } });
+Object.defineProperty(exports, "buildGraph", { enumerable: true, get: function () { return graph_1.buildGraph; } });
+Object.defineProperty(exports, "detectCommunities", { enumerable: true, get: function () { return graph_1.detectCommunities; } });
+Object.defineProperty(exports, "computeCentrality", { enumerable: true, get: function () { return graph_1.computeCentrality; } });
+Object.defineProperty(exports, "computeCommunityEdges", { enumerable: true, get: function () { return graph_1.computeCommunityEdges; } });
+Object.defineProperty(exports, "storeCommunityEdges", { enumerable: true, get: function () { return graph_1.storeCommunityEdges; } });
+Object.defineProperty(exports, "loadCommunityEdges", { enumerable: true, get: function () { return graph_1.loadCommunityEdges; } });
+Object.defineProperty(exports, "DEFAULT_GRAPH_CONFIG", { enumerable: true, get: function () { return graph_1.DEFAULT_GRAPH_CONFIG; } });
+Object.defineProperty(exports, "DEFAULT_EDGE_WEIGHTS", { enumerable: true, get: function () { return graph_1.DEFAULT_EDGE_WEIGHTS; } });
+Object.defineProperty(exports, "resolveEdges", { enumerable: true, get: function () { return graph_1.resolveEdges; } });
+Object.defineProperty(exports, "storeEdges", { enumerable: true, get: function () { return graph_1.storeEdges; } });
+Object.defineProperty(exports, "buildModuleResolver", { enumerable: true, get: function () { return graph_1.buildModuleResolver; } });
+Object.defineProperty(exports, "addTransitiveEdges", { enumerable: true, get: function () { return graph_1.addTransitiveEdges; } });
+Object.defineProperty(exports, "rescueDissolvedNodes", { enumerable: true, get: function () { return graph_1.rescueDissolvedNodes; } });
+Object.defineProperty(exports, "computeComparisonMetrics", { enumerable: true, get: function () { return graph_1.computeComparisonMetrics; } });
+Object.defineProperty(exports, "runComparison", { enumerable: true, get: function () { return graph_1.runComparison; } });
+Object.defineProperty(exports, "DEFAULT_COMPARISONS", { enumerable: true, get: function () { return graph_1.DEFAULT_COMPARISONS; } });
+var edge_resolvers_1 = require("./edge-resolvers");
+Object.defineProperty(exports, "registerEdgeResolver", { enumerable: true, get: function () { return edge_resolvers_1.registerEdgeResolver; } });
+Object.defineProperty(exports, "getEdgeResolvers", { enumerable: true, get: function () { return edge_resolvers_1.getEdgeResolvers; } });
+Object.defineProperty(exports, "CallEdgeResolver", { enumerable: true, get: function () { return edge_resolvers_1.CallEdgeResolver; } });
+Object.defineProperty(exports, "JsxRefEdgeResolver", { enumerable: true, get: function () { return edge_resolvers_1.JsxRefEdgeResolver; } });
+Object.defineProperty(exports, "CoLocationEdgeResolver", { enumerable: true, get: function () { return edge_resolvers_1.CoLocationEdgeResolver; } });
+Object.defineProperty(exports, "ImportEdgeResolver", { enumerable: true, get: function () { return edge_resolvers_1.ImportEdgeResolver; } });
+var module_resolvers_1 = require("./module-resolvers");
+Object.defineProperty(exports, "registerModuleResolver", { enumerable: true, get: function () { return module_resolvers_1.registerModuleResolver; } });
+Object.defineProperty(exports, "getModuleResolver", { enumerable: true, get: function () { return module_resolvers_1.getModuleResolver; } });
+Object.defineProperty(exports, "getModuleResolverForFile", { enumerable: true, get: function () { return module_resolvers_1.getModuleResolverForFile; } });
+Object.defineProperty(exports, "JavaScriptModuleResolver", { enumerable: true, get: function () { return module_resolvers_1.JavaScriptModuleResolver; } });
+var community_detectors_1 = require("./community-detectors");
+Object.defineProperty(exports, "getDetector", { enumerable: true, get: function () { return community_detectors_1.getDetector; } });
+Object.defineProperty(exports, "registerDetector", { enumerable: true, get: function () { return community_detectors_1.registerDetector; } });
+Object.defineProperty(exports, "listDetectors", { enumerable: true, get: function () { return community_detectors_1.listDetectors; } });
+Object.defineProperty(exports, "LouvainDetector", { enumerable: true, get: function () { return community_detectors_1.LouvainDetector; } });
+Object.defineProperty(exports, "LabelPropDetector", { enumerable: true, get: function () { return community_detectors_1.LabelPropDetector; } });
+Object.defineProperty(exports, "LeidenDetector", { enumerable: true, get: function () { return community_detectors_1.LeidenDetector; } });
+var summarize_1 = require("./summarize");
+Object.defineProperty(exports, "summarizeCommunities", { enumerable: true, get: function () { return summarize_1.summarizeCommunities; } });
+Object.defineProperty(exports, "buildL1Context", { enumerable: true, get: function () { return summarize_1.buildL1Context; } });
+Object.defineProperty(exports, "buildL1RawContext", { enumerable: true, get: function () { return summarize_1.buildL1RawContext; } });
+Object.defineProperty(exports, "computePackageBreakdown", { enumerable: true, get: function () { return summarize_1.computePackageBreakdown; } });
+Object.defineProperty(exports, "formatPackageBreakdown", { enumerable: true, get: function () { return summarize_1.formatPackageBreakdown; } });
+Object.defineProperty(exports, "summarizeL1", { enumerable: true, get: function () { return summarize_1.summarizeL1; } });
+Object.defineProperty(exports, "summarizeL2", { enumerable: true, get: function () { return summarize_1.summarizeL2; } });
+Object.defineProperty(exports, "summarizeL3", { enumerable: true, get: function () { return summarize_1.summarizeL3; } });
+Object.defineProperty(exports, "computeL1InputHash", { enumerable: true, get: function () { return summarize_1.computeL1InputHash; } });
+Object.defineProperty(exports, "computeL2InputHash", { enumerable: true, get: function () { return summarize_1.computeL2InputHash; } });
+Object.defineProperty(exports, "computeL3InputHash", { enumerable: true, get: function () { return summarize_1.computeL3InputHash; } });
+Object.defineProperty(exports, "storeSummary", { enumerable: true, get: function () { return summarize_1.storeSummary; } });
+Object.defineProperty(exports, "loadSummary", { enumerable: true, get: function () { return summarize_1.loadSummary; } });
+Object.defineProperty(exports, "loadAllSummaries", { enumerable: true, get: function () { return summarize_1.loadAllSummaries; } });
+Object.defineProperty(exports, "detectCrossCuttingConcerns", { enumerable: true, get: function () { return summarize_1.detectCrossCuttingConcerns; } });
+Object.defineProperty(exports, "computeCCInputHash", { enumerable: true, get: function () { return summarize_1.computeCCInputHash; } });
+Object.defineProperty(exports, "summarizeCC", { enumerable: true, get: function () { return summarize_1.summarizeCC; } });
+Object.defineProperty(exports, "DEFAULT_SUMMARIZE_CONFIG", { enumerable: true, get: function () { return summarize_1.DEFAULT_SUMMARIZE_CONFIG; } });
 const schemas_1 = require("./schemas");
+const practices_2 = require("./practices");
+const migrations_1 = require("./migrations");
 /** Skip files larger than this — catches minified bundles, generated code, etc. */
 const MAX_FILE_SIZE_BYTES = 50 * 1024; // 50 KB
+/**
+ * Pre-process source code with visible line numbers for the Claude prompt.
+ * Claude reads these labels to report issue locations accurately (instead of counting lines).
+ * The numbered output is ONLY used in the prompt — content hashes are computed from
+ * the original unnumbered source.
+ */
+function numberLines(sourceCode) {
+    const lines = sourceCode.split("\n");
+    const pad = String(lines.length).length;
+    return lines
+        .map((line, i) => `${String(i + 1).padStart(pad)} | ${line}`)
+        .join("\n");
+}
 /**
  * Ensure .ophan/ is in .gitignore. Only acts in git repos.
  * Creates .gitignore if the repo has .git/ but no .gitignore.
@@ -125,6 +214,7 @@ const HARDCODED_IGNORES = [
     "**/node_modules/**", "**/.ophan/**", "**/dist/**",
     "**/__pycache__/**", "**/.venv/**", "**/venv/**", "**/env/**",
     "**/.tox/**", "**/.eggs/**", "**/build/**",
+    "**/.output/**", "**/.next/**", "**/.nuxt/**", "**/.turbo/**", "**/.cache/**",
 ];
 /**
  * Discover source files using git (respects .gitignore) with glob fallback.
@@ -142,7 +232,7 @@ async function discoverFiles(rootPath) {
             .filter((f) => extSet.has(path.extname(f).toLowerCase()))
             .map((f) => path.resolve(rootPath, f));
         // Still apply hardcoded ignores as safety net (e.g. checked-in node_modules)
-        const ignoreSegments = ["node_modules", ".ophan", "__pycache__", ".venv", "venv", ".tox", ".eggs"];
+        const ignoreSegments = ["node_modules", ".ophan", "__pycache__", ".venv", "venv", ".tox", ".eggs", ".output", ".next", ".nuxt", ".turbo", ".cache"];
         return files.filter((f) => !ignoreSegments.some((seg) => f.includes(`/${seg}/`) || f.includes(`\\${seg}\\`)));
     }
     catch {
@@ -158,43 +248,55 @@ async function discoverFiles(rootPath) {
 // ============ DATABASE ============
 function initDb(dbPath) {
     const db = new better_sqlite3_1.default(dbPath);
-    // Check if we need the analysis_type migration
-    const columns = db.prepare("PRAGMA table_info(function_analysis)").all();
-    const hasAnalysisType = columns.some((c) => c.name === "analysis_type");
-    if (columns.length > 0 && !hasAnalysisType) {
-        // Existing DB without analysis_type — run migration
-        migrateToAnalysisTypes(db);
-    }
-    else if (columns.length === 0) {
-        // Fresh DB — create with new schema directly
+    db.pragma("journal_mode = WAL");
+    // Fresh DB: create current schema directly, mark all migrations as applied.
+    // Existing DB: run any pending migrations to bring schema up to date.
+    const tables = db
+        .prepare("SELECT name FROM sqlite_master WHERE type='table'")
+        .all();
+    if (tables.length === 0) {
         createFreshSchema(db);
+        (0, migrations_1.bootstrapMigrations)(db, migrations_1.CORE_MIGRATIONS, "core:bootstrap");
+    }
+    else {
+        (0, migrations_1.runMigrations)(db, migrations_1.CORE_MIGRATIONS, "core");
     }
-    // else: already migrated, no action needed
-    // Ensure supporting tables exist
+    return db;
+}
+/**
+ * Create the full current schema for a fresh database.
+ * Includes all tables, indexes, and the migration tracking table.
+ */
+function createFreshSchema(db) {
     db.exec(`
-    CREATE TABLE IF NOT EXISTS file_functions (
+    CREATE TABLE function_analysis (
+      content_hash TEXT NOT NULL,
+      analysis_type TEXT NOT NULL,
+      analysis JSON NOT NULL,
+      model_version TEXT NOT NULL,
+      schema_version INTEGER NOT NULL DEFAULT 1,
+      created_at INTEGER NOT NULL,
+      last_seen_at INTEGER NOT NULL,
+      language TEXT NOT NULL DEFAULT 'typescript',
+      entity_type TEXT NOT NULL DEFAULT 'function',
+      synced_at INTEGER,
+      PRIMARY KEY (content_hash, analysis_type)
+    )
+  `);
+    db.exec(`
+    CREATE TABLE file_functions (
       file_path TEXT NOT NULL,
       function_name TEXT NOT NULL,
       content_hash TEXT NOT NULL,
       file_mtime INTEGER NOT NULL,
       language TEXT NOT NULL DEFAULT 'typescript',
-      entity_type TEXT NOT NULL DEFAULT 'function'
+      entity_type TEXT NOT NULL DEFAULT 'function',
+      start_line INTEGER NOT NULL DEFAULT 0,
+      PRIMARY KEY (file_path, function_name)
     )
   `);
-    // Migration: add columns to file_functions for existing databases
-    const ffColumns = db.prepare("PRAGMA table_info(file_functions)").all();
-    if (!ffColumns.some((c) => c.name === "language")) {
-        try {
-            db.exec("ALTER TABLE file_functions ADD COLUMN language TEXT NOT NULL DEFAULT 'typescript'");
-        }
-        catch (_) { }
-        try {
-            db.exec("ALTER TABLE file_functions ADD COLUMN entity_type TEXT NOT NULL DEFAULT 'function'");
-        }
-        catch (_) { }
-    }
     db.exec(`
-    CREATE TABLE IF NOT EXISTS function_gc (
+    CREATE TABLE function_gc (
       content_hash TEXT NOT NULL,
       analysis_type TEXT,
       gc_at INTEGER NOT NULL,
@@ -202,132 +304,88 @@ function initDb(dbPath) {
       PRIMARY KEY (content_hash, analysis_type)
     )
   `);
-    // Migration: add analysis_type to function_gc for existing databases
-    const gcColumns = db.prepare("PRAGMA table_info(function_gc)").all();
-    if (!gcColumns.some((c) => c.name === "analysis_type")) {
-        try {
-            db.exec("ALTER TABLE function_gc ADD COLUMN analysis_type TEXT");
-        }
-        catch (_) { }
-        // Rebuild PK by recreating table
-        db.exec(`
-      CREATE TABLE IF NOT EXISTS function_gc_v2 (
-        content_hash TEXT NOT NULL,
-        analysis_type TEXT,
-        gc_at INTEGER NOT NULL,
-        synced_at INTEGER,
-        PRIMARY KEY (content_hash, analysis_type)
-      )
-    `);
-        db.exec("INSERT OR IGNORE INTO function_gc_v2 SELECT content_hash, NULL, gc_at, synced_at FROM function_gc");
-        db.exec("DROP TABLE function_gc");
-        db.exec("ALTER TABLE function_gc_v2 RENAME TO function_gc");
-    }
     db.exec(`
-    CREATE TABLE IF NOT EXISTS sync_meta (
+    CREATE TABLE sync_meta (
       key TEXT PRIMARY KEY,
       value TEXT NOT NULL
     )
   `);
-    db.exec("CREATE INDEX IF NOT EXISTS idx_file_functions_path ON file_functions(file_path)");
-    db.exec("CREATE INDEX IF NOT EXISTS idx_file_functions_hash ON file_functions(content_hash)");
-    db.exec("CREATE INDEX IF NOT EXISTS idx_fa_hash ON function_analysis(content_hash)");
-    db.exec("CREATE INDEX IF NOT EXISTS idx_fa_type ON function_analysis(analysis_type)");
-    return db;
-}
-function createFreshSchema(db) {
     db.exec(`
-    CREATE TABLE IF NOT EXISTS function_analysis (
+    CREATE TABLE practices (
+      practice_id TEXT PRIMARY KEY,
+      rule TEXT NOT NULL,
+      severity TEXT NOT NULL DEFAULT 'warning'
+    )
+  `);
+    // Graph tables
+    db.exec(`
+    CREATE TABLE function_edges (
+      source_hash TEXT NOT NULL,
+      target_hash TEXT NOT NULL,
+      edge_type TEXT NOT NULL,
+      weight REAL NOT NULL DEFAULT 1.0,
+      PRIMARY KEY (source_hash, target_hash, edge_type)
+    )
+  `);
+    db.exec(`
+    CREATE TABLE communities (
       content_hash TEXT NOT NULL,
-      analysis_type TEXT NOT NULL,
-      analysis JSON NOT NULL,
-      model_version TEXT NOT NULL,
-      schema_version INTEGER NOT NULL DEFAULT 1,
+      level INTEGER NOT NULL,
+      community_id TEXT NOT NULL,
+      algorithm TEXT NOT NULL DEFAULT 'louvain',
+      PRIMARY KEY (content_hash, level, algorithm)
+    )
+  `);
+    db.exec(`
+    CREATE TABLE community_summaries (
+      community_id TEXT NOT NULL,
+      level INTEGER NOT NULL,
+      algorithm TEXT NOT NULL DEFAULT 'louvain',
+      input_hash TEXT NOT NULL,
+      summary JSON NOT NULL,
+      model_version TEXT,
       created_at INTEGER NOT NULL,
-      last_seen_at INTEGER NOT NULL,
-      language TEXT NOT NULL DEFAULT 'typescript',
-      entity_type TEXT NOT NULL DEFAULT 'function',
-      synced_at INTEGER,
-      PRIMARY KEY (content_hash, analysis_type)
+      PRIMARY KEY (community_id, level, algorithm)
     )
   `);
-}
-/**
- * Migrate from single-blob function_analysis to split analysis types.
- * Creates v2 table, splits each existing row into 'documentation' + 'security' rows,
- * drops old table, renames. Sets synced_at = NULL to force full re-sync.
- */
-function migrateToAnalysisTypes(db) {
-    db.exec("BEGIN TRANSACTION");
-    try {
-        db.exec(`
-      CREATE TABLE function_analysis_v2 (
-        content_hash TEXT NOT NULL,
-        analysis_type TEXT NOT NULL,
-        analysis JSON NOT NULL,
-        model_version TEXT NOT NULL,
-        schema_version INTEGER NOT NULL DEFAULT 1,
-        created_at INTEGER NOT NULL,
-        last_seen_at INTEGER NOT NULL,
-        language TEXT NOT NULL DEFAULT 'typescript',
-        entity_type TEXT NOT NULL DEFAULT 'function',
-        synced_at INTEGER,
-        PRIMARY KEY (content_hash, analysis_type)
-      )
-    `);
-        // Split documentation fields
-        db.exec(`
-      INSERT OR IGNORE INTO function_analysis_v2
-        (content_hash, analysis_type, analysis, model_version, schema_version, created_at, last_seen_at, language, entity_type, synced_at)
-      SELECT
-        content_hash,
-        'documentation',
-        json_object(
-          'description', json_extract(analysis, '$.description'),
-          'params', json_extract(analysis, '$.params'),
-          'returns', json_extract(analysis, '$.returns')
-        ),
-        model_version,
-        1,
-        created_at,
-        last_seen_at,
-        COALESCE(language, 'typescript'),
-        COALESCE(entity_type, 'function'),
-        NULL
-      FROM function_analysis
-    `);
-        // Split security fields
-        db.exec(`
-      INSERT OR IGNORE INTO function_analysis_v2
-        (content_hash, analysis_type, analysis, model_version, schema_version, created_at, last_seen_at, language, entity_type, synced_at)
-      SELECT
-        content_hash,
-        'security',
-        json_object(
-          'dataTags', json_extract(analysis, '$.dataTags'),
-          'securityFlags', json_extract(analysis, '$.securityFlags')
-        ),
-        model_version,
-        1,
-        created_at,
-        last_seen_at,
-        COALESCE(language, 'typescript'),
-        COALESCE(entity_type, 'function'),
-        NULL
-      FROM function_analysis
-    `);
-        db.exec("DROP TABLE function_analysis");
-        db.exec("ALTER TABLE function_analysis_v2 RENAME TO function_analysis");
-        db.exec("COMMIT");
-    }
-    catch (e) {
-        db.exec("ROLLBACK");
-        throw e;
-    }
+    db.exec(`
+    CREATE TABLE graph_config (
+      key TEXT PRIMARY KEY,
+      value TEXT NOT NULL
+    )
+  `);
+    db.exec(`
+    CREATE TABLE community_edges (
+      source_community TEXT NOT NULL,
+      target_community TEXT NOT NULL,
+      algorithm TEXT NOT NULL DEFAULT 'louvain',
+      weight REAL NOT NULL DEFAULT 0,
+      edge_count INTEGER NOT NULL DEFAULT 0,
+      PRIMARY KEY (source_community, target_community, algorithm)
+    )
+  `);
+    db.exec(`
+    CREATE TABLE community_signatures (
+      community_id TEXT NOT NULL,
+      algorithm TEXT NOT NULL DEFAULT 'louvain',
+      signatures JSON NOT NULL,
+      PRIMARY KEY (community_id, algorithm)
+    )
+  `);
+    // Indexes
+    db.exec("CREATE INDEX idx_file_functions_path ON file_functions(file_path)");
+    db.exec("CREATE INDEX idx_file_functions_hash ON file_functions(content_hash)");
+    db.exec("CREATE INDEX idx_fa_hash ON function_analysis(content_hash)");
+    db.exec("CREATE INDEX idx_fa_type ON function_analysis(analysis_type)");
+    db.exec("CREATE INDEX idx_edges_source ON function_edges(source_hash)");
+    db.exec("CREATE INDEX idx_edges_target ON function_edges(target_hash)");
+    db.exec("CREATE INDEX idx_communities_id ON communities(community_id)");
+    db.exec("CREATE INDEX idx_ce_source ON community_edges(source_community)");
+    db.exec("CREATE INDEX idx_ce_target ON community_edges(target_community)");
 }
 // ============ LLM ANALYSIS ============
 const anthropic = new sdk_1.default();
-async function analyzeFunctions(functions) {
+async function analyzeFunctions(functions, practices) {
     if (functions.length === 0)
         return [];
     // Use the language from the first function in the batch (batches are always same-file)
@@ -341,6 +399,7 @@ async function analyzeFunctions(functions) {
     };
     const securityHints = securityExamples[lang] || securityExamples.typescript;
     const prompt = `Analyze these ${langLabel} functions. Return JSON array with one object per function.
+Source lines are numbered for reference — when reporting line numbers, read the label at the start of the line, don't count.
 
 Each object must have:
 - name: string (function name, must match input)
@@ -348,17 +407,34 @@ Each object must have:
 - params: array of { name, type, description }
 - returns: { type, description }
 - dataTags: array from [user_input, pii, credentials, database, external_api, file_system, config, internal]
-- securityFlags: array of concerns like [${securityHints}] or empty
-
+- securityFlags: array of flag names found (e.g. [${securityHints}]) or empty
+- issues: array of detailed findings (empty if no security concerns), each with:
+  - flag: the security concern identifier (must also appear in securityFlags)
+  - title: short one-line title
+  - description: what's wrong (1-2 sentences)
+  - explanation: why it's a problem and how to fix (2-4 sentences)
+  - line: the line number shown at the start of the problematic line (read the number, don't count)
+  - startText: the first ~30 characters of the problematic code on that line
+  - endText: the last ~20 characters of the problematic code on that line
+  - severity: "error" | "warning" | "info"
+  - confidence: "high" | "medium" | "low"
+    high = the vulnerability is clearly exploitable given the visible code
+      (e.g., user input directly concatenated into SQL, dangerouslySetInnerHTML with user content)
+    medium = the pattern is risky but exploitability depends on how callers
+      use this function (e.g., file path parameter without validation)
+    low = the pattern matches a known vulnerability signature but is common
+      safe practice or requires unusual conditions to exploit
+      (e.g., prop spreading in React, Object.assign with internal data)
+${practices && practices.length > 0 ? (0, practices_2.buildPracticesPrompt)(practices) : ""}
 Functions:
 ${functions
-        .map((fn) => `### ${fn.name}\n\`\`\`${lang}\n${fn.sourceCode}\n\`\`\``)
+        .map((fn) => `### ${fn.name}\n\`\`\`${lang}\n${numberLines(fn.sourceCode)}\n\`\`\``)
         .join("\n\n")}
 
 CRITICAL: Return ONLY the raw JSON array. No markdown, no code fences, no \`\`\`json blocks, no explanation. Just the [ ... ] array directly.`;
     const response = await (0, p_retry_1.default)(() => anthropic.messages.create({
         model: "claude-sonnet-4-20250514",
-        max_tokens: 4096,
+        max_tokens: 8192,
         messages: [{ role: "user", content: prompt }],
     }), {
         retries: 4,
@@ -384,6 +460,8 @@ CRITICAL: Return ONLY the raw JSON array. No markdown, no code fences, no \`\`\`
                 returns: validated.returns,
                 dataTags: validated.dataTags,
                 securityFlags: validated.securityFlags,
+                issues: validated.issues,
+                practiceViolations: validated.practiceViolations,
             };
         });
     }
@@ -396,6 +474,8 @@ CRITICAL: Return ONLY the raw JSON array. No markdown, no code fences, no \`\`\`
             returns: { type: "unknown", description: "" },
             dataTags: [],
             securityFlags: [],
+            issues: [],
+            practiceViolations: [],
         }));
     }
 }
@@ -405,7 +485,7 @@ CRITICAL: Return ONLY the raw JSON array. No markdown, no code fences, no \`\`\`
  * The caller is responsible for DB lifecycle (open/close).
  */
 async function analyzeFiles(db, rootPath, files, options = {}) {
-    const { pullFn, onProgress } = options;
+    const { pullFn, onProgress, onAnalysisProgress } = options;
     const now = Math.floor(Date.now() / 1000);
     let totalAnalyzed = 0;
     let totalSkippedSize = 0;
@@ -413,23 +493,36 @@ async function analyzeFiles(db, rootPath, files, options = {}) {
     let totalPulled = 0;
     // Prepared statements
     const getFileMtime = db.prepare("SELECT file_mtime FROM file_functions WHERE file_path = ? LIMIT 1");
-    // Check for documentation type — if it exists, security exists too (always written together)
-    const checkAnalysis = db.prepare("SELECT 1 FROM function_analysis WHERE content_hash = ? AND analysis_type = 'documentation'");
+    // Check for analysis at current schema versions.
+    // If a row exists but with an older schema_version, it's treated as a cache miss
+    // so the function gets re-analyzed with the current schema.
+    const minSchemaVersion = Math.min(schemas_1.SCHEMA_VERSIONS.documentation, schemas_1.SCHEMA_VERSIONS.security);
+    const checkAnalysis = db.prepare(`SELECT 1 FROM function_analysis
+     WHERE content_hash = ? AND analysis_type = 'documentation'
+     AND schema_version >= ?`);
+    const getFileHashes = db.prepare("SELECT content_hash FROM file_functions WHERE file_path = ?");
+    // INSERT OR REPLACE: overwrites stale rows when schema_version bumps trigger re-analysis.
+    // Previously INSERT OR IGNORE, but that would keep old-version rows forever.
     const insertDocAnalysis = db.prepare(`
-    INSERT OR IGNORE INTO function_analysis
+    INSERT OR REPLACE INTO function_analysis
     (content_hash, analysis_type, analysis, model_version, schema_version, created_at, last_seen_at, language, entity_type)
     VALUES (?, 'documentation', ?, ?, ?, ?, ?, ?, ?)
   `);
     const insertSecAnalysis = db.prepare(`
-    INSERT OR IGNORE INTO function_analysis
+    INSERT OR REPLACE INTO function_analysis
     (content_hash, analysis_type, analysis, model_version, schema_version, created_at, last_seen_at, language, entity_type)
     VALUES (?, 'security', ?, ?, ?, ?, ?, ?, ?)
+  `);
+    const insertPracAnalysis = db.prepare(`
+    INSERT OR REPLACE INTO function_analysis
+    (content_hash, analysis_type, analysis, model_version, schema_version, created_at, last_seen_at, language, entity_type)
+    VALUES (?, 'practices', ?, ?, ?, ?, ?, ?, ?)
   `);
     const deleteFileEntries = db.prepare("DELETE FROM file_functions WHERE file_path = ?");
     const insertFileFunction = db.prepare(`
-    INSERT INTO file_functions
-    (file_path, function_name, content_hash, file_mtime, language, entity_type)
-    VALUES (?, ?, ?, ?, ?, ?)
+    INSERT OR REPLACE INTO file_functions
+    (file_path, function_name, content_hash, file_mtime, language, entity_type, start_line)
+    VALUES (?, ?, ?, ?, ?, ?, ?)
   `);
     const pendingFiles = [];
     const allMissingHashes = new Set();
@@ -445,7 +538,14 @@ async function analyzeFiles(db, rootPath, files, options = {}) {
         const currentMtime = Math.floor(stat.mtimeMs);
         const storedRow = getFileMtime.get(file);
         if (storedRow && storedRow.file_mtime === currentMtime) {
-            continue;
+            // Mtime unchanged — check if all functions already have analysis.
+            // If any lack analysis (e.g. init ran but analyze never did), re-process.
+            const fileHashes = getFileHashes.all(file);
+            const allAnalyzed = fileHashes.length > 0 && fileHashes.every((row) => checkAnalysis.get(row.content_hash, minSchemaVersion));
+            if (allAnalyzed) {
+                totalSkipped += fileHashes.length;
+                continue;
+            }
         }
         const parser = (0, parsers_1.getParserForFile)(file);
         if (!parser)
@@ -457,7 +557,7 @@ async function analyzeFiles(db, rootPath, files, options = {}) {
         }
         const needsAnalysis = [];
         for (const fn of functions) {
-            if (checkAnalysis.get(fn.contentHash)) {
+            if (checkAnalysis.get(fn.contentHash, minSchemaVersion)) {
                 totalSkipped++;
             }
             else {
@@ -469,43 +569,88 @@ async function analyzeFiles(db, rootPath, files, options = {}) {
     }
     // Phase 2: Pull from cloud to avoid redundant Claude calls
     if (pullFn && allMissingHashes.size > 0) {
-        await pullFn([...allMissingHashes]);
+        try {
+            await pullFn([...allMissingHashes]);
+        }
+        catch {
+            // Pull is a non-critical optimization — continue with local analysis
+        }
     }
-    // Phase 3: Run Claude analysis on hashes still missing, update file_functions
+    // Phase 3: Re-check after pull, compute totals, run Claude analysis
     const modelVersion = "claude-sonnet-4-20250514";
-    for (const pending of pendingFiles) {
-        // Re-check after pull — some hashes may now exist locally
+    const phase3Files = pendingFiles.map((pending) => {
         const stillNeeds = pullFn
-            ? pending.needsAnalysis.filter((fn) => !checkAnalysis.get(fn.contentHash))
+            ? pending.needsAnalysis.filter((fn) => !checkAnalysis.get(fn.contentHash, minSchemaVersion))
             : pending.needsAnalysis;
         const pulled = pending.needsAnalysis.length - stillNeeds.length;
         totalPulled += pulled;
         totalSkipped += pulled;
-        for (let j = 0; j < stillNeeds.length; j += 10) {
-            const batch = stillNeeds.slice(j, j + 10);
-            const analyzed = await analyzeFunctions(batch);
-            for (const fn of analyzed) {
-                insertDocAnalysis.run(fn.contentHash, JSON.stringify({
-                    description: fn.description,
-                    params: fn.params,
-                    returns: fn.returns,
-                }), modelVersion, schemas_1.SCHEMA_VERSIONS.documentation, now, now, fn.language, fn.entityType);
-                insertSecAnalysis.run(fn.contentHash, JSON.stringify({
-                    dataTags: fn.dataTags,
-                    securityFlags: fn.securityFlags,
-                }), modelVersion, schemas_1.SCHEMA_VERSIONS.security, now, now, fn.language, fn.entityType);
+        return { ...pending, stillNeeds };
+    });
+    // Flatten and dedupe all functions needing Claude analysis
+    const allStillNeeds = [];
+    const seenHashes = new Set();
+    for (const pending of phase3Files) {
+        for (const fn of pending.stillNeeds) {
+            if (!seenHashes.has(fn.contentHash)) {
+                seenHashes.add(fn.contentHash);
+                allStillNeeds.push(fn);
             }
-            totalAnalyzed += analyzed.length;
         }
-        // Rebuild file_functions for this file
+    }
+    const totalNeedsAnalysis = allStillNeeds.length;
+    // Batch into groups of 10, fire with bounded concurrency
+    const analysisBatches = [];
+    for (let i = 0; i < allStillNeeds.length; i += 10) {
+        analysisBatches.push(allStillNeeds.slice(i, i + 10));
+    }
+    const analysisLimit = (0, p_limit_1.default)(5);
+    const { practices } = options;
+    await Promise.all(analysisBatches.map((batch) => analysisLimit(async () => {
+        const analyzed = await analyzeFunctions(batch, practices);
+        for (const fn of analyzed) {
+            // Compute lineText for each issue — trimmed source line at analysis time
+            // Used by the extension for modification detection (see docs/research/issue-remediation-detection.md)
+            const sourceLines = fn.sourceCode.split("\n");
+            for (const issue of fn.issues) {
+                if (issue.line > 0 && issue.line <= sourceLines.length) {
+                    issue.lineText = sourceLines[issue.line - 1].trim();
+                }
+            }
+            for (const pv of fn.practiceViolations) {
+                if (pv.line > 0 && pv.line <= sourceLines.length) {
+                    pv.lineText = sourceLines[pv.line - 1].trim();
+                }
+            }
+            insertDocAnalysis.run(fn.contentHash, JSON.stringify({
+                description: fn.description,
+                params: fn.params,
+                returns: fn.returns,
+            }), modelVersion, schemas_1.SCHEMA_VERSIONS.documentation, now, now, fn.language, fn.entityType);
+            insertSecAnalysis.run(fn.contentHash, JSON.stringify({
+                dataTags: fn.dataTags,
+                securityFlags: fn.securityFlags,
+                issues: fn.issues,
+            }), modelVersion, schemas_1.SCHEMA_VERSIONS.security, now, now, fn.language, fn.entityType);
+            if (practices && practices.length > 0) {
+                insertPracAnalysis.run(fn.contentHash, JSON.stringify({
+                    violations: fn.practiceViolations,
+                }), modelVersion, schemas_1.SCHEMA_VERSIONS.practices, now, now, fn.language, fn.entityType);
+            }
+        }
+        totalAnalyzed += analyzed.length;
+        onAnalysisProgress?.(totalAnalyzed, totalNeedsAnalysis);
+    })));
+    // Rebuild file_functions for all pending files
+    for (const pending of phase3Files) {
         deleteFileEntries.run(pending.file);
         for (const fn of pending.functions) {
-            insertFileFunction.run(pending.file, fn.name, fn.contentHash, pending.mtime, fn.language, fn.entityType);
+            insertFileFunction.run(pending.file, fn.name, fn.contentHash, pending.mtime, fn.language, fn.entityType, fn.startLine);
         }
     }
     return { analyzed: totalAnalyzed, skipped: totalSkipped, skippedSize: totalSkippedSize, pulled: totalPulled };
 }
-async function analyzeRepository(rootPath, onProgress, pullFn) {
+async function analyzeRepository(rootPath, onProgress, pullFn, onAnalysisProgress) {
     const dbPath = path.join(rootPath, ".ophan", "index.db");
     fs.mkdirSync(path.join(rootPath, ".ophan"), { recursive: true });
     // Auto-add .ophan/ to .gitignore (only in git repos)
@@ -513,7 +658,8 @@ async function analyzeRepository(rootPath, onProgress, pullFn) {
     const db = initDb(dbPath);
     const now = Math.floor(Date.now() / 1000);
     const files = await discoverFiles(rootPath);
-    const result = await analyzeFiles(db, rootPath, files, { pullFn, onProgress });
+    const practices = (0, practices_2.loadPracticesFromDb)(db);
+    const result = await analyzeFiles(db, rootPath, files, { pullFn, onProgress, onAnalysisProgress, practices });
     // Clean up entries for deleted files
     const fileSet = new Set(files);
     const deleteFileEntries = db.prepare("DELETE FROM file_functions WHERE file_path = ?");
@@ -539,12 +685,15 @@ async function analyzeRepository(rootPath, onProgress, pullFn) {
 function mergeAnalysisRows(rows) {
     let doc = {};
     let sec = {};
+    let prac = {};
     for (const row of rows) {
         const parsed = JSON.parse(row.analysis);
         if (row.analysis_type === "documentation")
             doc = parsed;
         else if (row.analysis_type === "security")
             sec = parsed;
+        else if (row.analysis_type === "practices")
+            prac = parsed;
     }
     return {
         description: doc.description || "",
@@ -552,6 +701,8 @@ function mergeAnalysisRows(rows) {
         returns: doc.returns || { type: "unknown", description: "" },
         dataTags: sec.dataTags || [],
         securityFlags: sec.securityFlags || [],
+        issues: sec.issues || [],
+        practiceViolations: prac.violations || [],
     };
 }
 function getAnalysisForFile(dbPath, filePath) {
@@ -631,9 +782,9 @@ async function refreshFileIndex(rootPath, onProgress) {
     const getFileMtime = db.prepare("SELECT file_mtime FROM file_functions WHERE file_path = ? LIMIT 1");
     const deleteFileEntries = db.prepare("DELETE FROM file_functions WHERE file_path = ?");
     const insertFileFunction = db.prepare(`
-    INSERT INTO file_functions
-    (file_path, function_name, content_hash, file_mtime, language, entity_type)
-    VALUES (?, ?, ?, ?, ?, ?)
+    INSERT OR REPLACE INTO file_functions
+    (file_path, function_name, content_hash, file_mtime, language, entity_type, start_line)
+    VALUES (?, ?, ?, ?, ?, ?, ?)
   `);
     const fileSet = new Set(files);
     for (let i = 0; i < files.length; i++) {
@@ -654,7 +805,7 @@ async function refreshFileIndex(rootPath, onProgress) {
         const functions = parser.extractFunctions(file);
         deleteFileEntries.run(file);
         for (const fn of functions) {
-            insertFileFunction.run(file, fn.name, fn.contentHash, currentMtime, fn.language, fn.entityType);
+            insertFileFunction.run(file, fn.name, fn.contentHash, currentMtime, fn.language, fn.entityType, fn.startLine);
         }
     }
     // Remove entries for deleted files
@@ -713,3 +864,54 @@ function importAnalysis(dbPath, rows) {
     db.close();
     return imported;
 }
+/**
+ * Extract all functions from a repository, returning FunctionInfo arrays
+ * with relationship data (calls, imports, exported). Used by the graph
+ * analysis pipeline to build the relationship graph.
+ *
+ * Respects the same file size limits and parser selection as refreshFileIndex.
+ */
+async function extractAllFunctions(rootPath, onProgress) {
+    const files = await discoverFiles(rootPath);
+    const allFunctions = [];
+    for (let i = 0; i < files.length; i++) {
+        const file = files[i];
+        const relPath = path.relative(rootPath, file);
+        onProgress?.(i + 1, files.length, relPath);
+        const stat = fs.statSync(file);
+        if (stat.size > MAX_FILE_SIZE_BYTES)
+            continue;
+        const parser = (0, parsers_1.getParserForFile)(file);
+        if (!parser)
+            continue;
+        const functions = parser.extractFunctions(file);
+        allFunctions.push(...functions);
+    }
+    return allFunctions;
+}
+/**
+ * Populate file_functions index from pre-extracted FunctionInfo array.
+ * Used by the graph pipeline to avoid scanning files twice — extractAllFunctions()
+ * already has all the data needed for the index.
+ */
+function populateFileIndex(db, functions) {
+    const byFile = new Map();
+    for (const fn of functions) {
+        const existing = byFile.get(fn.filePath) || [];
+        existing.push(fn);
+        byFile.set(fn.filePath, existing);
+    }
+    const deleteFileEntries = db.prepare("DELETE FROM file_functions WHERE file_path = ?");
+    const insertFileFunction = db.prepare(`INSERT OR REPLACE INTO file_functions (file_path, function_name, content_hash, file_mtime, language, entity_type, start_line)
+     VALUES (?, ?, ?, ?, ?, ?, ?)`);
+    const tx = db.transaction(() => {
+        for (const [filePath, fns] of byFile) {
+            const mtime = Math.floor(fs.statSync(filePath).mtimeMs);
+            deleteFileEntries.run(filePath);
+            for (const fn of fns) {
+                insertFileFunction.run(filePath, fn.name, fn.contentHash, mtime, fn.language, fn.entityType, fn.startLine);
+            }
+        }
+    });
+    tx();
+}