@topogram/cli 0.3.34

package/src/import/extractors/api/openapi.js

@@ -0,0 +1,232 @@
+import { findImportFiles, makeCandidateRecord, normalizeOpenApiPath, relativeTo, selectPreferredImportFiles, slugify, titleCase } from "../../core/shared.js";
+
+function openApiRefName(ref) {
+  return typeof ref === "string" ? ref.split("/").pop() || null : null;
+}
+
+function resolveOpenApiSchema(document, schema, seen = new Set()) {
+  if (!schema || typeof schema !== "object") return null;
+  if (schema.$ref) {
+    if (seen.has(schema.$ref) || !schema.$ref.startsWith("#/")) return null;
+    seen.add(schema.$ref);
+    let current = document;
+    for (const segment of schema.$ref.slice(2).split("/")) {
+      current = current?.[segment];
+      if (current == null) return null;
+    }
+    return resolveOpenApiSchema(document, current, seen) || current;
+  }
+  return schema;
+}
+
+function collectOpenApiObjectFields(document, schema, fields = new Set(), seen = new Set()) {
+  const resolved = resolveOpenApiSchema(document, schema, seen);
+  if (!resolved || typeof resolved !== "object") return fields;
+  if (resolved.type === "array" && resolved.items) {
+    collectOpenApiObjectFields(document, resolved.items, fields, seen);
+    return fields;
+  }
+  for (const propertyName of Object.keys(resolved.properties || {})) fields.add(propertyName);
+  for (const entry of resolved.allOf || []) collectOpenApiObjectFields(document, entry, fields, seen);
+  for (const entry of resolved.oneOf || []) collectOpenApiObjectFields(document, entry, fields, seen);
+  for (const entry of resolved.anyOf || []) collectOpenApiObjectFields(document, entry, fields, seen);
+  return fields;
+}
+
+function extractOpenApiSchemaFieldHints(document, schema) {
+  return {
+    schema_ref: openApiRefName(schema?.$ref || null),
+    body_fields: [...collectOpenApiObjectFields(document, schema)].sort()
+  };
+}
+
+function collectOpenApiParameters(endpointPath, operation) {
+  const pathParams = [...String(endpointPath || "").matchAll(/\{([^}]+)\}/g)].map((match) => ({
+    name: match[1],
+    in: "path",
+    required: true
+  }));
+  return [...pathParams, ...((operation.parameters || []).filter(Boolean))];
+}
+
+function extractOpenApiParameterHints(document, endpointPath, operation) {
+  const grouped = { path: [], query: [], header: [] };
+  for (const parameter of collectOpenApiParameters(endpointPath, operation)) {
+    const schema = resolveOpenApiSchema(document, parameter.schema || null);
+    const target = parameter.in === "query" ? "query" : parameter.in === "header" ? "header" : "path";
+    grouped[target].push({
+      name: parameter.name,
+      required: Boolean(parameter.required),
+      type: schema?.type || null
+    });
+  }
+  for (const key of Object.keys(grouped)) {
+    grouped[key] = grouped[key].sort((a, b) => a.name.localeCompare(b.name));
+  }
+  return grouped;
+}
+
+function extractOpenApiSecuritySchemes(document, operation) {
+  const schemes = new Set();
+  for (const entry of [...(operation.security || []), ...(document.security || [])]) {
+    for (const key of Object.keys(entry || {})) schemes.add(key);
+  }
+  return [...schemes].sort();
+}
+
+function parseOpenApiYaml(text) {
+  const doc = { paths: {} };
+  let currentPath = null;
+  let currentMethod = null;
+  let inRequestBody = false;
+  let inResponses = false;
+  let currentResponseStatus = null;
+  for (const rawLine of text.split(/\r?\n/)) {
+    const line = rawLine.replace(/#.*$/, "");
+    if (!line.trim()) continue;
+    const pathMatch = line.match(/^\s{2}(\/[^:]+):\s*$/);
+    if (pathMatch) {
+      currentPath = pathMatch[1];
+      currentMethod = null;
+      doc.paths[currentPath] = doc.paths[currentPath] || {};
+      inRequestBody = false;
+      inResponses = false;
+      currentResponseStatus = null;
+      continue;
+    }
+    const methodMatch = line.match(/^\s{4}(get|post|put|patch|delete):\s*$/i);
+    if (methodMatch && currentPath) {
+      currentMethod = methodMatch[1].toLowerCase();
+      doc.paths[currentPath][currentMethod] = { responses: {} };
+      inRequestBody = false;
+      inResponses = false;
+      currentResponseStatus = null;
+      continue;
+    }
+    if (!currentPath || !currentMethod) continue;
+    const operation = doc.paths[currentPath][currentMethod];
+    const operationIdMatch = line.match(/^\s{6}operationId:\s*(.+)$/);
+    if (operationIdMatch) {
+      operation.operationId = operationIdMatch[1].trim().replace(/^["']|["']$/g, "");
+      continue;
+    }
+    const summaryMatch = line.match(/^\s{6}summary:\s*(.+)$/);
+    if (summaryMatch) {
+      operation.summary = summaryMatch[1].trim().replace(/^["']|["']$/g, "");
+      continue;
+    }
+    if (/^\s{6}requestBody:\s*$/.test(line)) {
+      inRequestBody = true;
+      inResponses = false;
+      currentResponseStatus = null;
+      continue;
+    }
+    if (/^\s{6}responses:\s*$/.test(line)) {
+      inResponses = true;
+      inRequestBody = false;
+      currentResponseStatus = null;
+      continue;
+    }
+    const responseStatusMatch = line.match(/^\s{8}['"]?([0-9Xx]{3})['"]?:\s*$/);
+    if (inResponses && responseStatusMatch) {
+      currentResponseStatus = responseStatusMatch[1];
+      operation.responses[currentResponseStatus] = operation.responses[currentResponseStatus] || {};
+      continue;
+    }
+    const refMatch = line.match(/^\s+\$ref:\s*(.+)$/);
+    if (refMatch) {
+      const ref = refMatch[1].trim().replace(/^["']|["']$/g, "");
+      if (inRequestBody) {
+        operation.requestBody = operation.requestBody || { content: { "application/json": { schema: {} } } };
+        operation.requestBody.content["application/json"].schema.$ref = ref;
+      } else if (inResponses && currentResponseStatus) {
+        operation.responses[currentResponseStatus].content = operation.responses[currentResponseStatus].content || { "application/json": { schema: {} } };
+        operation.responses[currentResponseStatus].content["application/json"].schema.$ref = ref;
+      }
+    }
+  }
+  return doc;
+}
+
+function parseOpenApiDocument(document, provenance, sourceKind = "openapi") {
+  const capabilities = [];
+  const routes = [];
+  for (const [endpointPath, operations] of Object.entries(document.paths || {})) {
+    for (const [method, operation] of Object.entries(operations || {})) {
+      const normalizedMethod = method.toUpperCase();
+      const operationId = operation.operationId || `candidate_${normalizedMethod.toLowerCase()}_${slugify(endpointPath)}`;
+      const successResponse = Object.entries(operation.responses || {}).find(([status]) => /^2/.test(status));
+      const requestFieldHints = extractOpenApiSchemaFieldHints(document, operation.requestBody?.content?.["application/json"]?.schema);
+      const responseFieldHints = extractOpenApiSchemaFieldHints(document, successResponse?.[1]?.content?.["application/json"]?.schema);
+      const parameterHints = extractOpenApiParameterHints(document, endpointPath, operation);
+      const securitySchemes = extractOpenApiSecuritySchemes(document, operation);
+      capabilities.push(makeCandidateRecord({
+        kind: "capability",
+        idHint: operationId,
+        label: operation.summary || titleCase(operationId.replace(/^cap_/, "")),
+        confidence: "high",
+        sourceKind,
+        provenance: `${provenance}#${normalizedMethod} ${endpointPath}`,
+        endpoint: { method: normalizedMethod, path: endpointPath },
+        input_hint: operation.requestBody?.content?.["application/json"]?.schema?.$ref || operation.requestBody?.content?.["application/json"]?.schema?.type || null,
+        output_hint: successResponse?.[1]?.content?.["application/json"]?.schema?.$ref || successResponse?.[1]?.content?.["application/json"]?.schema?.type || null,
+        input_fields: requestFieldHints.body_fields,
+        output_fields: responseFieldHints.body_fields,
+        path_params: parameterHints.path,
+        query_params: parameterHints.query,
+        header_params: parameterHints.header,
+        security_schemes: securitySchemes,
+        auth_hint: securitySchemes.length > 0 ? "secured" : "unknown",
+        track: "api"
+      }));
+      routes.push({
+        path: endpointPath,
+        method: normalizedMethod,
+        source_kind: sourceKind,
+        provenance: `${provenance}#${normalizedMethod} ${endpointPath}`
+      });
+    }
+  }
+  return { capabilities, routes };
+}
+
+export const openApiExtractor = {
+  id: "api.openapi",
+  track: "api",
+  detect(context) {
+    const files = selectPreferredImportFiles(
+      context.paths,
+      findImportFiles(context.paths, (filePath) => /(openapi|swagger)\.(json|ya?ml)$/i.test(filePath)),
+      "openapi"
+    );
+    return {
+      score: files.length > 0 ? 100 : 0,
+      reasons: files.length > 0 ? ["Found OpenAPI source"] : []
+    };
+  },
+  extract(context) {
+    const openApiFiles = selectPreferredImportFiles(
+      context.paths,
+      findImportFiles(context.paths, (filePath) => /(openapi|swagger)\.(json|ya?ml)$/i.test(filePath)),
+      "openapi"
+    );
+    const findings = [];
+    const candidates = { capabilities: [], routes: [], stacks: [] };
+    for (const filePath of openApiFiles) {
+      const provenance = relativeTo(context.paths.repoRoot, filePath);
+      const text = context.helpers.readTextIfExists(filePath) || "";
+      const document = filePath.endsWith(".json") ? JSON.parse(text) : parseOpenApiYaml(text);
+      const parsed = parseOpenApiDocument(document, provenance, "openapi");
+      findings.push({ kind: "openapi", file: provenance, capability_count: parsed.capabilities.length });
+      candidates.capabilities.push(...parsed.capabilities);
+      candidates.routes.push(...parsed.routes.map((route) => ({
+        path: route.path,
+        method: route.method,
+        confidence: "high",
+        source_kind: route.source_kind,
+        provenance: route.provenance
+      })));
+    }
+    return { findings, candidates };
+  }
+};

package/src/import/extractors/api/rails-routes.js

@@ -0,0 +1,230 @@
+import path from "node:path";
+
+import {
+  dedupeCandidateRecords,
+  findImportFiles,
+  inferApiEntityIdFromPath,
+  inferRouteCapabilityId,
+  makeCandidateRecord,
+  normalizeOpenApiPath,
+  relativeTo,
+  titleCase
+} from "../../core/shared.js";
+
+const RESOURCE_ACTIONS = {
+  index: "GET",
+  create: "POST",
+  show: "GET",
+  update: "PUT",
+  destroy: "DELETE"
+};
+
+function singularControllerName(resourceName) {
+  return String(resourceName || "")
+    .replace(/ies$/, "y")
+    .replace(/s$/, "");
+}
+
+function parseOnlyActions(rawOptions) {
+  if (!rawOptions) return null;
+  const arrayMatch = rawOptions.match(/only:\s*(\[[^\]]+\]|:[A-Za-z_][A-Za-z0-9_]*)/);
+  if (!arrayMatch) return null;
+  const rawValue = arrayMatch[1];
+  if (rawValue.startsWith(":")) {
+    return [rawValue.slice(1)];
+  }
+  return [...rawValue.matchAll(/:([A-Za-z_][A-Za-z0-9_]*)/g)].map((entry) => entry[1]);
+}
+
+function parseParamName(rawOptions) {
+  const match = String(rawOptions || "").match(/param:\s*:([A-Za-z_][A-Za-z0-9_]*)/);
+  return match ? match[1] : "id";
+}
+
+function joinRoutePath(...parts) {
+  const normalized = parts
+    .filter(Boolean)
+    .join("/")
+    .replace(/\/+/g, "/");
+  return normalized.startsWith("/") ? normalized : `/${normalized}`;
+}
+
+function buildResourceRoutes(state, resourceName, rawOptions = "") {
+  const onlyActions = parseOnlyActions(rawOptions) || ["index", "create", "show", "update", "destroy"];
+  const paramName = parseParamName(rawOptions);
+  const parentBasePath = state.controller ? (state.memberPath || state.collectionPath) : state.collectionPath;
+  const collectionPath = joinRoutePath(parentBasePath, resourceName);
+  const memberPath = joinRoutePath(collectionPath, `:${paramName}`);
+  const controllerName = resourceName;
+  const routes = [];
+
+  for (const action of onlyActions) {
+    const method = RESOURCE_ACTIONS[action];
+    if (!method) continue;
+    routes.push({
+      method,
+      path: action === "index" || action === "create" ? collectionPath : memberPath,
+      handler_hint: null,
+      controller: controllerName,
+      action,
+      auth_hint: "unknown"
+    });
+  }
+
+  return {
+    routes,
+    nextState: {
+      collectionPath,
+      memberPath,
+      controller: controllerName,
+      singular: singularControllerName(resourceName)
+    }
+  };
+}
+
+function buildExplicitRoute(state, method, rawPath, rawOptions = "") {
+  const pathValue = rawPath.startsWith(":") ? rawPath.slice(1) : rawPath.replace(/^["']|["']$/g, "");
+  const collectionScoped = /on:\s*:collection/.test(rawOptions);
+  const memberScoped = /on:\s*:member/.test(rawOptions);
+  const basePath = collectionScoped
+    ? (state.collectionPath || state.memberPath || "")
+    : memberScoped
+      ? (state.memberPath || state.collectionPath || "")
+      : (state.memberPath || state.collectionPath || "");
+  const pathValueWithLeadingSlash = pathValue.startsWith("/") ? pathValue : `/${pathValue}`;
+  const combinedPath = state.controller && !/^\//.test(rawPath)
+    ? joinRoutePath(basePath, pathValue)
+    : joinRoutePath(state.collectionPath, pathValueWithLeadingSlash);
+
+  const toMatch = String(rawOptions || "").match(/to:\s*["']([^#"']+)#([^"']+)["']/);
+  const controllerName = toMatch ? toMatch[1] : state.controller;
+  const actionName = toMatch ? toMatch[2] : pathValue;
+  const singular = singularControllerName(controllerName || state.singular || "item");
+  const preferPathInference = new Set(["index", "show", "create", "update", "destroy", "login", "current", "custom_update"]);
+  const handlerHint = actionName && !preferPathInference.has(actionName)
+    ? `${actionName}_${singular}`
+    : null;
+
+  return {
+    method: method.toUpperCase(),
+    path: combinedPath,
+    handler_hint: handlerHint,
+    controller: controllerName,
+    action: actionName,
+    auth_hint: /auth\/login/.test(combinedPath) ? "public" : "unknown"
+  };
+}
+
+function parseRailsRoutes(routesText) {
+  const routes = [];
+  const stack = [{ collectionPath: "", memberPath: "", controller: null, singular: null }];
+  const lines = String(routesText || "").split(/\r?\n/);
+
+  for (const rawLine of lines) {
+    const line = rawLine.trim();
+    if (!line || line.startsWith("#") || line === "Rails.application.routes.draw do") continue;
+
+    if (line === "end") {
+      if (stack.length > 1) stack.pop();
+      continue;
+    }
+
+    const state = stack[stack.length - 1];
+
+    const scopeMatch = line.match(/^scope\s+:([A-Za-z_][A-Za-z0-9_]*)\s+do$/);
+    if (scopeMatch) {
+      const segment = scopeMatch[1];
+      stack.push({
+        ...state,
+        collectionPath: joinRoutePath(state.collectionPath, segment),
+        memberPath: joinRoutePath(state.memberPath || state.collectionPath, segment)
+      });
+      continue;
+    }
+
+    const resourcesMatch = line.match(/^resources\s+:([A-Za-z_][A-Za-z0-9_]*)(?:,\s*(.*?))?\s*(do)?$/);
+    if (resourcesMatch) {
+      const [, resourceName, rawOptions = "", hasBlock] = resourcesMatch;
+      const built = buildResourceRoutes(state, resourceName, rawOptions);
+      routes.push(...built.routes);
+      if (hasBlock) {
+        stack.push(built.nextState);
+      }
+      continue;
+    }
+
+    const explicitRouteMatch = line.match(/^(get|post|put|patch|delete)\s+(:[A-Za-z_][A-Za-z0-9_]*|["'][^"']+["'])(?:,\s*(.*))?$/);
+    if (explicitRouteMatch) {
+      const [, method, rawPath, rawOptions = ""] = explicitRouteMatch;
+      routes.push(buildExplicitRoute(state, method, rawPath, rawOptions));
+    }
+  }
+
+  return routes;
+}
+
+export const railsRoutesExtractor = {
+  id: "api.rails-routes",
+  track: "api",
+  detect(context) {
+    const routeFiles = findImportFiles(context.paths, (filePath) => /config\/routes\.rb$/i.test(filePath));
+    return {
+      score: routeFiles.length > 0 ? 90 : 0,
+      reasons: routeFiles.length > 0 ? ["Found Rails routes.rb"] : []
+    };
+  },
+  extract(context) {
+    const routeFiles = findImportFiles(context.paths, (filePath) => /config\/routes\.rb$/i.test(filePath));
+    const findings = [];
+    const candidates = { capabilities: [], routes: [], stacks: [] };
+
+    for (const filePath of routeFiles) {
+      let routes = parseRailsRoutes(context.helpers.readTextIfExists(filePath) || "");
+      if (routes.some((route) => normalizeOpenApiPath(route.path).startsWith("/api/"))) {
+        routes = routes.filter((route) => normalizeOpenApiPath(route.path).startsWith("/api/"));
+      }
+
+      const provenanceBase = relativeTo(context.paths.repoRoot, filePath);
+      findings.push({
+        kind: "rails_routes",
+        file: provenanceBase,
+        route_count: routes.length
+      });
+
+      candidates.capabilities.push(...routes.map((route) => makeCandidateRecord({
+        kind: "capability",
+        idHint: inferRouteCapabilityId(route),
+        label: route.handler_hint ? titleCase(route.handler_hint) : `${route.method} ${route.path}`,
+        confidence: "high",
+        sourceKind: "route_code",
+        provenance: `${provenanceBase}#${route.method} ${route.path}`,
+        endpoint: { method: route.method, path: normalizeOpenApiPath(route.path) },
+        path_params: [...normalizeOpenApiPath(route.path).matchAll(/\{([^}]+)\}/g)].map((entry) => ({ name: entry[1], required: true, type: null })),
+        query_params: [],
+        header_params: [],
+        input_fields: [],
+        output_fields: [],
+        auth_hint: route.auth_hint || "unknown",
+        entity_id: inferApiEntityIdFromPath(route.path),
+        track: "api"
+      })));
+
+      candidates.routes.push(...routes.map((route) => ({
+        path: normalizeOpenApiPath(route.path),
+        method: route.method,
+        confidence: "high",
+        source_kind: "route_code",
+        provenance: `${provenanceBase}#${route.method} ${route.path}`
+      })));
+    }
+
+    candidates.capabilities = dedupeCandidateRecords(candidates.capabilities, (record) => record.id_hint);
+    candidates.routes = dedupeCandidateRecords(
+      candidates.routes.map((route) => ({ ...route, id_hint: `${route.method}_${route.path}` })),
+      (record) => `${record.method}:${record.path}:${record.source_kind}`
+    ).map(({ id_hint, ...route }) => route);
+    candidates.stacks = ["rails"];
+
+    return { findings, candidates };
+  }
+};

package/src/import/extractors/api/react-native-repository.js

@@ -0,0 +1,128 @@
+import {
+  canonicalCandidateTerm,
+  dedupeCandidateRecords,
+  findImportFiles,
+  makeCandidateRecord,
+  relativeTo,
+  titleCase
+} from "../../core/shared.js";
+
+function pluralizeStem(stem) {
+  if (stem.endsWith("s")) return stem;
+  return `${stem}s`;
+}
+
+function stemFromRepoPath(filePath) {
+  return canonicalCandidateTerm(filePath.match(/\/src\/([^/]+)\//)?.[1] || "item");
+}
+
+function capabilityIdFor(stem, methodName, httpMethod) {
+  const normalizedMethod = String(methodName || "").toLowerCase();
+  if (httpMethod === "GET" && /^find/.test(normalizedMethod)) {
+    return `cap_get_${stem}`;
+  }
+  if (httpMethod === "GET") {
+    return `cap_list_${pluralizeStem(stem)}`;
+  }
+  if (httpMethod === "POST") {
+    return `cap_create_${stem}`;
+  }
+  if (httpMethod === "PATCH" || httpMethod === "PUT") {
+    return `cap_update_${stem}`;
+  }
+  if (httpMethod === "DELETE") {
+    return `cap_delete_${stem}`;
+  }
+  return `cap_${normalizedMethod}_${stem}`;
+}
+
+function parseRepositoryFile(text, provenance, filePath) {
+  const stem = stemFromRepoPath(filePath);
+  const baseUrlMatch = String(text || "").match(/baseUrl\s*=\s*["'`]([^"'`]+)["'`]/);
+  const basePath = baseUrlMatch?.[1] || `/${pluralizeStem(stem)}`;
+  const capabilities = [];
+  const methods = [...String(text || "").matchAll(/public\s+async\s+([A-Za-z_][A-Za-z0-9_]*)\(([\s\S]*?)\)\s*(?::\s*[\s\S]*?)?\s*\{/g)];
+  for (let index = 0; index < methods.length; index += 1) {
+    const [, methodName, argsSource] = methods[index];
+    const bodyStart = methods[index].index + methods[index][0].length;
+    const bodyEnd = index + 1 < methods.length ? methods[index + 1].index : String(text || "").length;
+    const body = String(text || "").slice(bodyStart, bodyEnd);
+    const callMatch = body.match(/this\.httpClient\.(get|post|patch|put|delete)(?:<[\s\S]*?>)?\(([\s\S]*?)\)/i);
+    if (!callMatch) continue;
+    const httpMethod = callMatch[1].toUpperCase();
+    const path = /\$\{this\.baseUrl\}\/\$\{/.test(callMatch[2])
+      ? `${basePath}/{id}`
+      : basePath;
+    const pathParams = /\{id\}/.test(path) ? [{ name: "id", required: true, type: "int" }] : [];
+    const inputFields = [...new Set([
+      ...[...String(argsSource || "").matchAll(/([A-Za-z_][A-Za-z0-9_]*)\s*:/g)].map((entry) => entry[1]),
+      ...[...String(body || "").matchAll(/payload\.([A-Za-z_][A-Za-z0-9_]*)/g)].map((entry) => entry[1])
+    ])].filter((field) => field !== "id");
+    const outputFields = httpMethod === "GET"
+      ? (/count/.test(body) ? [pluralizeStem(stem), "count"] : (/map\(/.test(body) ? [pluralizeStem(stem)] : ["id", "title", "body"]))
+      : [];
+    capabilities.push(makeCandidateRecord({
+      kind: "capability",
+      idHint: capabilityIdFor(stem, methodName, httpMethod),
+      label: titleCase(capabilityIdFor(stem, methodName, httpMethod).replace(/^cap_/, "")),
+      confidence: "high",
+      sourceKind: "route_code",
+      provenance: `${provenance}#${methodName}`,
+      endpoint: { method: httpMethod, path },
+      path_params: pathParams,
+      query_params: [],
+      header_params: [],
+      input_fields: inputFields,
+      output_fields: outputFields,
+      auth_hint: "public",
+      entity_id: `entity_${stem}`,
+      track: "api"
+    }));
+  }
+  return capabilities;
+}
+
+export const reactNativeRepositoryExtractor = {
+  id: "api.react-native-repository",
+  track: "api",
+  detect(context) {
+    const files = findImportFiles(
+      context.paths,
+      (filePath) => /\/src\/.+\/infrastructure\/implementations\/.+Repository\.ts$/i.test(filePath)
+    );
+    const score = files.some((filePath) => /this\.httpClient\.(get|post|patch|put|delete)\(/.test(context.helpers.readTextIfExists(filePath) || "")) ? 84 : 0;
+    return {
+      score,
+      reasons: score > 0 ? ["Found React Native repositories backed by an HTTP client"] : []
+    };
+  },
+  extract(context) {
+    const files = findImportFiles(
+      context.paths,
+      (filePath) => /\/src\/.+\/infrastructure\/implementations\/.+Repository\.ts$/i.test(filePath)
+    );
+    const capabilities = [];
+    for (const filePath of files) {
+      const provenance = relativeTo(context.paths.repoRoot, filePath);
+      capabilities.push(...parseRepositoryFile(context.helpers.readTextIfExists(filePath) || "", provenance, filePath));
+    }
+    return {
+      findings: capabilities.length > 0 ? [{
+        kind: "react_native_repository",
+        files: [...new Set(capabilities.flatMap((entry) => entry.provenance || []).map((entry) => String(entry).split("#")[0]))],
+        capability_count: capabilities.length
+      }] : [],
+      candidates: {
+        capabilities: dedupeCandidateRecords(capabilities, (record) => `${record.id_hint}:${record.endpoint?.method}:${record.endpoint?.path}`),
+        routes: capabilities.map((entry) => ({
+          path: entry.endpoint.path,
+          method: entry.endpoint.method,
+          confidence: entry.confidence,
+          source_kind: entry.source_kind,
+          provenance: entry.provenance?.[0] || null
+        })),
+        stacks: capabilities.length > 0 ? ["react_native_http"] : []
+      }
+    };
+  }
+};