@su-record/vibe 2.8.23 → 2.8.25

package/skills/seo-checklist/frameworks/structured-data.md

@@ -0,0 +1,153 @@
+---
+name: structured-data
+type: framework
+applies-to: [seo-checklist]
+format: JSON-LD
+---
+
+# Structured Data — JSON-LD Schema Templates
+
+Embed in `<script type="application/ld+json">` in `<head>` or before `</body>`.
+
+## Article
+
+```json
+{
+  "@context": "https://schema.org",
+  "@type": "Article",
+  "headline": "Article Title (max 110 chars)",
+  "description": "Article summary (max 160 chars)",
+  "image": "https://example.com/article-image.jpg",
+  "author": {
+    "@type": "Person",
+    "name": "Author Name",
+    "url": "https://example.com/authors/name"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "Publisher Name",
+    "logo": {
+      "@type": "ImageObject",
+      "url": "https://example.com/logo.png"
+    }
+  },
+  "datePublished": "2024-01-15T08:00:00+00:00",
+  "dateModified": "2024-01-20T10:00:00+00:00",
+  "mainEntityOfPage": {
+    "@type": "WebPage",
+    "@id": "https://example.com/article-slug"
+  }
+}
+```
+
+**Required by Google**: `headline`, `image`, `datePublished`, `author`
+
+## Product
+
+```json
+{
+  "@context": "https://schema.org",
+  "@type": "Product",
+  "name": "Product Name",
+  "description": "Product description",
+  "image": ["https://example.com/product-1.jpg", "https://example.com/product-2.jpg"],
+  "sku": "PROD-123",
+  "brand": {
+    "@type": "Brand",
+    "name": "Brand Name"
+  },
+  "offers": {
+    "@type": "Offer",
+    "url": "https://example.com/product",
+    "priceCurrency": "USD",
+    "price": "29.99",
+    "availability": "https://schema.org/InStock",
+    "itemCondition": "https://schema.org/NewCondition"
+  },
+  "aggregateRating": {
+    "@type": "AggregateRating",
+    "ratingValue": "4.5",
+    "reviewCount": "127"
+  }
+}
+```
+
+**Required by Google**: `name` + one of `review`, `aggregateRating`, or `offers`
+
+## FAQ
+
+```json
+{
+  "@context": "https://schema.org",
+  "@type": "FAQPage",
+  "mainEntity": [
+    {
+      "@type": "Question",
+      "name": "What is the return policy?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "We accept returns within 30 days of purchase. Items must be unused and in original packaging."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "How long does shipping take?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Standard shipping takes 3-5 business days. Express shipping is available for 1-2 day delivery."
+      }
+    }
+  ]
+}
+```
+
+**Note**: Each Q&A must appear as visible content on the page. Do not use for ad content.
+
+## BreadcrumbList
+
+```json
+{
+  "@context": "https://schema.org",
+  "@type": "BreadcrumbList",
+  "itemListElement": [
+    {
+      "@type": "ListItem",
+      "position": 1,
+      "name": "Home",
+      "item": "https://example.com"
+    },
+    {
+      "@type": "ListItem",
+      "position": 2,
+      "name": "Category",
+      "item": "https://example.com/category"
+    },
+    {
+      "@type": "ListItem",
+      "position": 3,
+      "name": "Product Name",
+      "item": "https://example.com/category/product"
+    }
+  ]
+}
+```
+
+**Note**: `position` must be sequential starting at 1. Last item does not require `item` URL.
+
+## Validation
+
+| Tool | URL |
+|------|-----|
+| Google Rich Results Test | https://search.google.com/test/rich-results |
+| Schema.org Validator | https://validator.schema.org |
+| Chrome DevTools → Network | Filter for `application/ld+json` |
+
+## Common Mistakes
+
+| Mistake | Fix |
+|---------|-----|
+| Price without currency | Always include `priceCurrency` with `price` |
+| Missing `datePublished` on Article | Required for Google News eligibility |
+| FAQ content not visible on page | Google penalizes hidden Q&A markup |
+| Breadcrumb positions not sequential | Use 1, 2, 3 — no skipping |
+| Image URL not absolute | Always use full `https://` URLs |

package/skills/seo-checklist/rubrics/content-seo.md

@@ -0,0 +1,42 @@
+# Content SEO Checklist
+
+## Heading Structure
+
+- [ ] Single `<h1>` per page — matches primary keyword intent
+- [ ] Logical hierarchy: `h1 → h2 → h3` (no skipping levels)
+- [ ] `<h2>` tags cover major subtopics (crawlers use for content outline)
+- [ ] No headings used purely for styling — use CSS classes instead
+
+## Keyword Placement
+
+- [ ] Primary keyword in `<title>`, `<h1>`, first 100 words of body
+- [ ] Secondary keywords in `<h2>` tags and body naturally
+- [ ] Keyword in image `alt` text where relevant (descriptive, not stuffed)
+- [ ] URL slug contains primary keyword (lowercase, hyphens, no stop words)
+
+## Internal Linking
+
+- [ ] Every important page reachable within 3 clicks from homepage
+- [ ] Anchor text is descriptive ("authentication guide") not generic ("click here")
+- [ ] New content links back to related existing content
+- [ ] Orphan pages (no inbound internal links) have at least one link added
+
+## Content Quality Signals
+
+- [ ] Word count appropriate for topic depth (informational: 1000+, landing: 300-600)
+- [ ] No duplicate content across pages — each URL has unique value
+- [ ] Pagination uses `rel="next"` / `rel="prev"` or canonical to main page
+- [ ] Thin content pages (< 300 words) either expanded or `noindex` applied
+
+## Images & Media
+
+- [ ] Every `<img>` has descriptive `alt` text (empty `alt=""` for decorative images)
+- [ ] File names descriptive: `product-dashboard-screenshot.webp` not `IMG_4821.jpg`
+- [ ] Use WebP or AVIF format where possible
+- [ ] Videos have transcript or caption for accessibility and crawlability
+
+## Localization (if applicable)
+
+- [ ] `hreflang` tags on all translated pages
+- [ ] Each locale version has its own canonical URL
+- [ ] `hreflang` includes `x-default` for language selector page

package/skills/seo-checklist/rubrics/technical-seo.md

@@ -0,0 +1,48 @@
+# Technical SEO Checklist
+
+## Meta Tags
+
+- [ ] `<title>` unique per page, 50-60 characters
+- [ ] `<meta name="description">` unique per page, 150-160 characters
+- [ ] `<link rel="canonical">` on every page (including paginated, filtered)
+- [ ] `<meta name="robots" content="index,follow">` — verify `noindex` is NOT in production
+- [ ] `<html lang="{{LOCALE}}">` set correctly
+
+## Open Graph / Social
+
+- [ ] `og:title` — matches page title or optimized variant
+- [ ] `og:description` — matches meta description or optimized variant
+- [ ] `og:image` — exactly **1200x630px**, under 8MB
+- [ ] `og:type` — `website` for homepage, `article` for posts, `product` for products
+- [ ] `og:url` — canonical URL
+- [ ] `twitter:card` — `summary_large_image` for image-rich pages
+- [ ] `twitter:image` — same as og:image (some crawlers check separately)
+
+## Structured Data (JSON-LD)
+
+- [ ] Correct `@type` for content: `Article`, `Product`, `FAQPage`, `LocalBusiness`, `BreadcrumbList`
+- [ ] `BreadcrumbList` on all non-root pages
+- [ ] Validated with [Google Rich Results Test](https://search.google.com/test/rich-results)
+- [ ] No structured data describing content not visible on the page
+
+## Crawlability
+
+- [ ] `robots.txt` present at domain root
+  - `Allow: /` for public pages
+  - `Disallow: /api/`, `/admin/`, `/_next/` (static assets excepted)
+  - `Sitemap: https://{{DOMAIN}}/sitemap.xml`
+- [ ] `sitemap.xml` auto-generated, includes `<lastmod>` with real dates
+- [ ] Sitemap submitted to Google Search Console
+
+## Performance (Core Web Vitals)
+
+| Metric | Target | Common Fix |
+|--------|--------|------------|
+| LCP | ≤ 2.5s | `<link rel="preload">` on hero image |
+| INP | ≤ 200ms | Defer non-critical JS |
+| CLS | ≤ 0.1 | Set `width`/`height` on all images; `min-height` on dynamic containers |
+
+- [ ] Images have explicit `width` and `height` attributes
+- [ ] Below-fold images use `loading="lazy"`
+- [ ] Hero/LCP image uses `fetchpriority="high"` (not lazy)
+- [ ] No render-blocking scripts without `defer` or `async`

package/skills/techdebt/agents/analyzer.md

@@ -0,0 +1,50 @@
+---
+name: techdebt-analyzer
+role: Analyzes severity and blast radius of each scanned finding
+tools: [Read, Grep]
+---
+
+# Techdebt Analyzer
+
+## Role
+Receives raw scan findings and evaluates each item's severity, effort to fix, and risk of breakage. Classifies findings into auto-fixable vs. manual-review categories and assigns a priority score to guide the fixer.
+
+## Responsibilities
+- Classify each finding by severity: Critical / High / Medium / Low
+- Assess auto-fix safety: safe (delete line), risky (needs refactor), manual-only
+- Estimate fix effort: trivial (1 line), minor (< 10 lines), major (multi-file)
+- Detect clusters — multiple related findings that should be fixed together
+- Flag findings in test files separately (lower priority, different rules apply)
+
+## Input
+Raw findings JSON array from `techdebt-scanner` with file, line, category, and snippet fields.
+
+## Output
+Enriched findings list with severity and fix metadata:
+```json
+[
+  {
+    "category": "console-log",
+    "file": "src/api/auth.ts",
+    "line": 12,
+    "snippet": "console.log(token)",
+    "severity": "High",
+    "autoFixable": true,
+    "effort": "trivial",
+    "fixMethod": "delete-line"
+  }
+]
+```
+Plus a summary: total counts by severity, estimated total fix time.
+
+## Communication
+- Reports enriched findings to: `techdebt-fixer` (auto-fixable items) and orchestrator (manual items)
+- Receives instructions from: techdebt orchestrator (SKILL.md)
+
+## Domain Knowledge
+Severity heuristics:
+- **Critical**: `any` in public API surface, `console.log` logging credentials/tokens
+- **High**: `any` in business logic, `console.log` in production paths
+- **Medium**: magic numbers, unused imports, commented-out blocks
+- **Low**: unused imports in test files, minor style issues
+Auto-fix safety rules: never auto-fix type changes, logic extractions, or multi-file changes.

package/skills/techdebt/agents/fixer.md

@@ -0,0 +1,41 @@
+---
+name: techdebt-fixer
+role: Generates safe auto-fix patches for trivially fixable techdebt items
+tools: [Read, Edit]
+---
+
+# Techdebt Fixer
+
+## Role
+Applies safe, deterministic fixes to auto-fixable findings identified by the analyzer. Operates strictly within the boundaries set by the analyzer — never attempts fixes marked `manual-only` or `risky`. Each fix is atomic and targets a single file at a time.
+
+## Responsibilities
+- Delete `console.log`, `console.error`, `console.warn`, and `debugger` lines
+- Remove unused import statements (single-identifier and named imports)
+- Delete commented-out code blocks that contain dead code constructs
+- Preserve surrounding blank lines and indentation conventions
+- Record every change made for the reviewer's diff check
+
+## Input
+Filtered findings list from `techdebt-analyzer` where `autoFixable: true` and `effort: "trivial"`, plus the full file content via Read.
+
+## Output
+A change log of all edits applied:
+```json
+[
+  { "file": "src/api/auth.ts", "line": 12, "action": "deleted", "was": "console.log(token)" },
+  { "file": "src/components/Button.tsx", "line": 3, "action": "deleted", "was": "import React from 'react'" }
+]
+```
+Edited files are modified in place using the Edit tool.
+
+## Communication
+- Reports change log to: `techdebt-reviewer`
+- Receives instructions from: techdebt orchestrator (SKILL.md)
+
+## Domain Knowledge
+Fix safety rules:
+- Only delete lines — never rewrite or rearrange code
+- When removing a named import `{ A, B }`, if only `A` is unused, rewrite to `{ B }`, not delete the line
+- Never remove imports flagged as side-effect imports (e.g., `import './styles.css'`)
+- Stop and escalate if a file has been modified by another agent in the same session

package/skills/techdebt/agents/reviewer.md

@@ -0,0 +1,47 @@
+---
+name: techdebt-reviewer
+role: Reviews auto-fix patches for correctness and safety before presenting to user
+tools: [Read, Grep]
+---
+
+# Techdebt Reviewer
+
+## Role
+Acts as the final quality gate before fixes are presented to the user for confirmation. Re-reads every modified file, verifies that only the intended lines were changed, and checks that no new issues were introduced. Produces a human-readable summary with before/after context.
+
+## Responsibilities
+- Re-read each modified file and diff against the change log from `techdebt-fixer`
+- Verify no unintended lines were altered (scope creep check)
+- Confirm removed imports were genuinely unused by re-scanning usage in file body
+- Check that removing a `console.log` did not break a surrounding `if` block structure
+- Produce a formatted summary grouped by category for user confirmation
+
+## Input
+Change log JSON from `techdebt-fixer` plus current file content from Read tool.
+
+## Output
+Human-readable review report:
+```markdown
+## Techdebt Fix Review
+
+### Ready to Apply (N changes)
+- src/api/auth.ts:12 — removed console.log(token) [verified safe]
+- src/components/Button.tsx:3 — removed unused React import [verified safe]
+
+### Flagged for Manual Review (N items)
+- src/services/user.ts:45 — any type, needs proper interface definition
+
+All changes are reversible with git checkout.
+```
+Final confirmation prompt to user before any edits are committed.
+
+## Communication
+- Reports review summary to: orchestrator / user
+- Receives instructions from: techdebt orchestrator (SKILL.md)
+
+## Domain Knowledge
+Verification checklist:
+- Import removal: identifier must appear zero times outside the import line
+- Console removal: surrounding block must remain syntactically valid
+- Commented code removal: must not be a doc comment (`/** */`) or license header
+- Scope rule: reviewer changes nothing — read-only gate only

package/skills/techdebt/agents/scanner.md

@@ -0,0 +1,44 @@
+---
+name: techdebt-scanner
+role: Scans codebase for code smells — any types, console.log, unused imports, magic numbers
+tools: [Grep, Glob, Read]
+---
+
+# Techdebt Scanner
+
+## Role
+Performs broad pattern-based scanning across the codebase to locate instances of known code smells. Produces a raw findings list with file paths and line numbers. Does not assess severity — that is the analyzer's job.
+
+## Responsibilities
+- Scan for `any` and `as any` TypeScript type violations
+- Detect `console.log`, `console.error`, `console.warn`, `debugger` statements
+- Find unused import statements by cross-referencing declaration vs. usage
+- Locate magic numbers and hardcoded string literals outside constant files
+- Detect commented-out code blocks containing code constructs
+
+## Input
+- Root directory path to scan
+- Optional glob filter (e.g., `src/**/*.{ts,tsx}`)
+- Optional category filter (e.g., scan only `any-types`)
+
+## Output
+Structured findings list in JSON format:
+```json
+[
+  { "category": "any-type", "file": "src/services/user.ts", "line": 34, "snippet": ": any" },
+  { "category": "console-log", "file": "src/api/auth.ts", "line": 12, "snippet": "console.log(token)" },
+  { "category": "magic-number", "file": "src/utils/calc.ts", "line": 10, "snippet": "* 365" }
+]
+```
+
+## Communication
+- Reports findings to: `techdebt-analyzer`
+- Receives instructions from: techdebt orchestrator (SKILL.md)
+
+## Domain Knowledge
+Scan patterns:
+- `any` types: `: any\b`, `as any\b`, `<any>`
+- Debug code: `console\.(log|error|warn|debug|info)`, `\bdebugger\b`
+- Magic numbers: numeric literals outside `const` declarations, ignoring 0, 1, -1, 100
+- Commented code: `^\s*//.*\b(function|const|let|var|class|import)\b`
+- Unused imports: declared in `import { X }` but `X` never referenced in file body

package/skills/techdebt/orchestrator.md

@@ -0,0 +1,70 @@
+---
+name: techdebt-orchestrator
+type: orchestrator
+agents: [scanner, analyzer, fixer, reviewer]
+---
+
+# Techdebt Orchestrator
+
+## Workflow
+
+### Phase 1: Scan
+- **Agent**: scanner
+- **Input**: Changed file paths (or root dir + glob filter)
+- **Output**: Raw findings list `[{category, file, line, snippet}]`
+- **Parallel**: yes — each file scanned independently
+
+### Phase 2: Analyze
+- **Agent**: analyzer
+- **Input**: Raw findings list from Phase 1
+- **Output**: Scored findings with severity (P0–P3) and auto-fix eligibility flag
+- **Parallel**: no — requires full findings set for deduplication
+
+### Phase 3: Fix
+- **Agent**: fixer
+- **Input**: Findings flagged `auto-fixable: true` from Phase 2
+- **Output**: Patch set (file edits) for each auto-fixable item
+- **Parallel**: yes — patches per file are independent
+
+### Phase 4: Review
+- **Agent**: reviewer
+- **Input**: Patch set from Phase 3
+- **Output**: Approved patches + rejected patches with rejection reason
+- **Parallel**: no — needs holistic view to catch patch conflicts
+
+### Phase 5: Apply
+- **Agent**: orchestrator (self)
+- **Input**: Approved patches from Phase 4 + manual-review items from Phase 2
+- **Output**: Applied fixes + final report with manual-review list
+- **Parallel**: no — sequential file writes to avoid conflicts
+
+## DAG (Dependency Graph)
+
+```mermaid
+graph TD
+    A[Phase 1: Scanner\nparallel per file] --> B[Phase 2: Analyzer]
+    B --> C[Phase 3: Fixer\nparallel per file]
+    B --> E[Manual Review Items]
+    C --> D[Phase 4: Reviewer]
+    D --> F[Phase 5: Apply]
+    E --> F
+```
+
+## Error Handling
+
+| Phase | Failure Mode | Strategy |
+|-------|-------------|----------|
+| Phase 1 | File unreadable / binary file | Skip file, log warning, continue |
+| Phase 1 | Glob returns 0 files | Escalate — prompt user to verify path |
+| Phase 2 | Analyzer returns 0 findings | Skip phases 3–4, output clean report |
+| Phase 3 | Patch generation fails for a file | Skip that file, flag for manual review |
+| Phase 4 | Reviewer rejects all patches | Fallback to manual-review-only report |
+| Phase 5 | Write conflict detected | Abort apply, show diff for manual resolution |
+
+## Scalability Modes
+
+| Mode | When | Agents Used |
+|------|------|-------------|
+| Full | Normal operation | scanner + analyzer + fixer + reviewer |
+| Reduced | Time pressure / large repo | scanner + analyzer only (no auto-fix) |
+| Single | Quick scan / pre-commit check | scanner only — raw findings, no scoring |

package/skills/techdebt/rubrics/severity.md

@@ -0,0 +1,51 @@
+# Techdebt Severity Rubric
+
+## P1 — Blocks Merge
+
+Issues that introduce bugs, security holes, or break type safety. Must fix before merging.
+
+| Pattern | Why P1 |
+|---------|--------|
+| `: any` / `as any` | Breaks TypeScript safety guarantee |
+| `@ts-ignore` | Hides real type errors |
+| `debugger` statement | Halts execution in production |
+| Hardcoded secrets / credentials | Security risk |
+| Circular imports causing runtime errors | Breaks module loading |
+
+**Rule**: P1 count must be 0 before merge.
+
+## P2 — Fix Before PR
+
+Issues that reduce maintainability, performance, or correctness. Should be resolved before PR review.
+
+| Pattern | Why P2 |
+|---------|--------|
+| `console.log` / `console.warn` | Debug noise in production logs |
+| Functions > 50 lines | Violates complexity limit; hard to test |
+| Nesting depth > 4 | Cognitive overload; obscures logic |
+| Unused imports | Bundle bloat; misleading code |
+| TODO/FIXME without ticket | Ambiguous ownership |
+| Duplicate logic (2+ files) | Maintenance hazard |
+
+**Rule**: P2 items are warnings. Resolve or create a tracked P3 ticket before merge.
+
+## P3 — Backlog
+
+Issues that are cosmetic or nice-to-have. Address during scheduled cleanup sessions.
+
+| Pattern | Why P3 |
+|---------|--------|
+| Magic numbers (non-critical) | Readability |
+| Commented-out code | Noise |
+| Inconsistent naming | Style drift |
+| Missing JSDoc on internal helpers | Documentation gap |
+| Slightly long files (200–499 lines) | Future extraction candidate |
+
+**Rule**: P3 items never block. Review weekly; archive when resolved.
+
+## Convergence Rule
+
+- Round 1: address all P1 + P2
+- Round 2: address remaining P1 + P2 only
+- Round 3+: P1 only
+- Same findings as previous round → stop immediately

package/skills/techdebt/scripts/scan.js

@@ -0,0 +1,90 @@
+#!/usr/bin/env node
+/**
+ * techdebt/scripts/scan.js
+ * Scan a directory for technical debt patterns.
+ * Usage: node scan.js <directory>
+ * Output: JSON array of findings to stdout.
+ */
+
+import fs from 'fs';
+import path from 'path';
+
+const TARGET_EXTENSIONS = new Set(['.ts', '.tsx', '.js', '.jsx']);
+
+/** @returns {string[]} */
+function collectFiles(dir) {
+  const results = [];
+  for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+    if (entry.name.startsWith('.') || entry.name === 'node_modules' || entry.name === 'dist') continue;
+    const full = path.join(dir, entry.name);
+    if (entry.isDirectory()) results.push(...collectFiles(full));
+    else if (TARGET_EXTENSIONS.has(path.extname(entry.name))) results.push(full);
+  }
+  return results;
+}
+
+/** @param {string} file @returns {import('./scan.js').Finding[]} */
+function scanFile(file) {
+  const lines = fs.readFileSync(file, 'utf-8').split('\n');
+  const findings = [];
+  let functionLineStart = -1;
+  let braceDepth = 0;
+  let functionLineCount = 0;
+  let maxNesting = 0;
+  let currentNesting = 0;
+
+  const push = (line, type, severity, message) =>
+    findings.push({ file, line: line + 1, type, severity, message });
+
+  for (let i = 0; i < lines.length; i++) {
+    const raw = lines[i];
+    const trimmed = raw.trim();
+
+    if (/:\s*any\b|as\s+any\b/.test(trimmed)) push(i, 'any-type', 'P1', `'any' type usage detected`);
+    if (/console\.(log|warn|error|debug)\s*\(/.test(trimmed)) push(i, 'console-log', 'P2', `console statement found`);
+    if (/^import\s+/.test(trimmed)) {
+      const match = trimmed.match(/^import\s+\{([^}]+)\}/);
+      if (match) {
+        const names = match[1].split(',').map(n => n.trim().split(/\s+as\s+/).pop());
+        for (const name of names) {
+          const usedElsewhere = lines.slice(i + 1).some(l => new RegExp(`\\b${name}\\b`).test(l));
+          if (!usedElsewhere) push(i, 'unused-import', 'P2', `Possibly unused import: ${name}`);
+        }
+      }
+    }
+    const magicNumber = trimmed.match(/(?<![A-Za-z_$'"`])\b([2-9]\d{2,}|\d{4,})\b(?![A-Za-z_$'"`])/);
+    if (magicNumber && !/^\s*(\/\/|\/\*)/.test(raw)) push(i, 'magic-number', 'P3', `Magic number: ${magicNumber[1]}`);
+
+    const opens = (raw.match(/\{/g) || []).length;
+    const closes = (raw.match(/\}/g) || []).length;
+    if (/\bfunction\b|\=\>/.test(raw) && opens > closes) {
+      functionLineStart = i;
+      functionLineCount = 0;
+      braceDepth = opens - closes;
+    } else if (functionLineStart >= 0) {
+      braceDepth += opens - closes;
+      functionLineCount++;
+      if (braceDepth <= 0) {
+        if (functionLineCount > 50) push(functionLineStart, 'long-function', 'P2', `Function is ${functionLineCount} lines (limit: 50)`);
+        functionLineStart = -1;
+      }
+    }
+
+    const indent = raw.match(/^(\s*)/)[1].length;
+    currentNesting = Math.floor(indent / 2);
+    if (currentNesting > maxNesting) maxNesting = currentNesting;
+    if (currentNesting > 4) push(i, 'deep-nesting', 'P2', `Nesting depth ${currentNesting} exceeds limit of 4`);
+  }
+
+  return findings;
+}
+
+const dir = process.argv[2] || process.cwd();
+if (!fs.existsSync(dir)) {
+  process.stderr.write(`Directory not found: ${dir}\n`);
+  process.exit(1);
+}
+
+const files = collectFiles(path.resolve(dir));
+const findings = files.flatMap(scanFile);
+process.stdout.write(JSON.stringify(findings, null, 2) + '\n');