@vibecheckai/cli 3.5.0 → 3.5.1

package/bin/runners/runScan.js

@@ -1,43 +1,44 @@
 /**
- * vibecheck Scan - Quick Code Analysis (FREE)
+ * vibecheck Scan - Route Integrity & Code Analysis
  * 
- * Fast scan running only 5 essential engines:
- * - hardcoded-secrets-engine (security)
- * - console-logs-engine (code hygiene)
- * - ai-hallucination-engine (vibecheck core)
- * - type-aware-engine (type safety)
- * - error-handling-engine (reliability)
+ * The ultimate scanner combining:
+ * - Route integrity (dead links, orphan routes, coverage)
+ * - Security analysis (secrets, auth, vulnerabilities)
+ * - Code quality (mocks, placeholders, hygiene)
  * 
- * Target: < 3 seconds on medium project (100-500 files)
- * 
- * For comprehensive analysis (17+ engines + validators), use: vibecheck ship [PRO]
+ * Modes:
+ * - vibecheck scan: Layer 1 (AST) - Fast static analysis
+ * - vibecheck scan --truth: Layer 1+2 (+ build manifests) - CI/ship
+ * - vibecheck scan --reality --url <url>: Layer 1+2+3 (+ Playwright) - Full proof
  */
 
 const path = require("path");
 const fs = require("fs");
 const { withErrorHandling, createUserError } = require("./lib/error-handler");
-const { enforceLimit, trackUsage, getCurrentTier } = require("./lib/entitlements-v2");
+const { enforceLimit, trackUsage } = require("./lib/entitlements");
 const { emitScanStart, emitScanComplete } = require("./lib/audit-bridge");
 const { parseGlobalFlags, shouldShowBanner } = require("./lib/global-flags");
-const { EXIT, verdictToExitCode } = require("./lib/exit-codes");
-
-// Import orchestrator for engine management
-const { runScanEngines, SCAN_ENGINES } = require("./lib/engines/orchestrator");
 
 // ═══════════════════════════════════════════════════════════════════════════════
-// TERMINAL UI
+// ENHANCED TERMINAL UI & OUTPUT MODULES
 // ═══════════════════════════════════════════════════════════════════════════════
 
 const {
   ansi,
   colors,
   Spinner,
+  PhaseProgress,
+  renderBanner,
+  renderSection,
   formatDuration,
 } = require("./lib/terminal-ui");
 
 const {
+  formatScanOutput,
   formatSARIF,
   getExitCode,
+  printError,
+  EXIT_CODES,
   calculateScore,
 } = require("./lib/scan-output");
 
@@ -50,7 +51,7 @@ ${ansi.rgb(120, 120, 255)}   ╚████╔╝ ██║██████
 ${ansi.rgb(150, 100, 255)}    ╚═══╝  ╚═╝╚═════╝ ╚══════╝ ╚═════╝╚═╝  ╚═╝╚══════╝ ╚═════╝╚═╝  ╚═╝${ansi.reset}
 
 ${ansi.dim}  ┌─────────────────────────────────────────────────────────────────────┐${ansi.reset}
-${ansi.dim}  │${ansi.reset}  ${ansi.rgb(255, 255, 255)}${ansi.bold}Quick Scan${ansi.reset} ${ansi.dim}•${ansi.reset} ${ansi.rgb(200, 200, 200)}5 Essential Engines${ansi.reset} ${ansi.dim}•${ansi.reset} ${ansi.rgb(150, 150, 150)}< 3 seconds${ansi.reset}            ${ansi.dim}│${ansi.reset}
+${ansi.dim}  │${ansi.reset}  ${ansi.rgb(255, 255, 255)}${ansi.bold}Route Integrity${ansi.reset} ${ansi.dim}•${ansi.reset} ${ansi.rgb(200, 200, 200)}Security${ansi.reset} ${ansi.dim}•${ansi.reset} ${ansi.rgb(150, 150, 150)}Quality${ansi.reset} ${ansi.dim}•${ansi.reset} ${ansi.rgb(100, 100, 100)}Ship with Confidence${ansi.reset}  ${ansi.dim}│${ansi.reset}
 ${ansi.dim}  └─────────────────────────────────────────────────────────────────────┘${ansi.reset}
 `;
 
@@ -58,29 +59,62 @@ function printBanner() {
   console.log(BANNER);
 }
 
+// Legacy compatibility functions - now use enhanced modules
+function printCoverageMap(coverageMap) {
+  const { renderCoverageMap } = require("./lib/scan-output");
+  console.log(renderCoverageMap(coverageMap));
+}
+
+function printBreakdown(breakdown) {
+  const { renderBreakdown } = require("./lib/scan-output");
+  console.log(renderBreakdown(breakdown));
+}
+
+function printBlockers(blockers) {
+  const { renderBlockers } = require("./lib/scan-output");
+  console.log(renderBlockers(blockers));
+}
+
+function printLayers(layers) {
+  const { renderLayers } = require("./lib/scan-output");
+  console.log(renderLayers(layers));
+}
+
 // ═══════════════════════════════════════════════════════════════════════════════
 // ARGS PARSER
 // ═══════════════════════════════════════════════════════════════════════════════
 
 function parseArgs(args) {
+  // Parse global flags first
   const { flags: globalFlags, cleanArgs } = parseGlobalFlags(args);
   
   const opts = {
     path: globalFlags.path || process.cwd(),
+    truth: false,
+    reality: false,
+    realitySniff: false,
+    baseUrl: null,
     json: globalFlags.json || false,
     sarif: false,
     verbose: globalFlags.verbose || false,
     help: globalFlags.help || false,
-    save: true,
+    autofix: false,
+    save: true, // Always save results by default
     noBanner: globalFlags.noBanner || false,
     ci: globalFlags.ci || false,
     quiet: globalFlags.quiet || false,
   };
 
+  // Parse command-specific args from cleanArgs
   for (let i = 0; i < cleanArgs.length; i++) {
     const arg = cleanArgs[i];
     
-    if (arg === '--sarif') opts.sarif = true;
+    if (arg === '--truth' || arg === '-t') opts.truth = true;
+    else if (arg === '--reality' || arg === '-r') { opts.reality = true; opts.truth = true; }
+    else if (arg === '--reality-sniff' || arg === '--sniff') opts.realitySniff = true;
+    else if (arg === '--url' || arg === '-u') { opts.baseUrl = cleanArgs[++i]; opts.reality = true; opts.truth = true; }
+    else if (arg === '--sarif') opts.sarif = true;
+    else if (arg === '--autofix' || arg === '--fix' || arg === '-f') opts.autofix = true;
     else if (arg === '--no-save') opts.save = false;
     else if (arg === '--path' || arg === '-p') opts.path = cleanArgs[++i] || process.cwd();
     else if (arg.startsWith('--path=')) opts.path = arg.split('=')[1];
@@ -95,51 +129,319 @@ function printHelp(showBanner = true) {
     console.log(BANNER);
   }
   console.log(`
-  ${ansi.bold}USAGE${ansi.reset}
-    ${colors.accent}vibecheck scan${ansi.reset} [path] [options]
-
-  ${ansi.bold}QUICK SCAN${ansi.reset} - Runs 5 essential engines in < 3 seconds:
-    • hardcoded-secrets-engine ${ansi.dim}(security)${ansi.reset}
-    • console-logs-engine ${ansi.dim}(code hygiene)${ansi.reset}
-    • ai-hallucination-engine ${ansi.dim}(vibecheck core)${ansi.reset}
-    • type-aware-engine ${ansi.dim}(type safety)${ansi.reset}
-    • error-handling-engine ${ansi.dim}(reliability)${ansi.reset}
-
-  ${ansi.bold}OUTPUT OPTIONS${ansi.reset}
-    ${colors.accent}--json${ansi.reset}            Output as JSON
-    ${colors.accent}--sarif${ansi.reset}           SARIF format (GitHub code scanning)
-    ${colors.accent}--no-save${ansi.reset}         Don't save results to .vibecheck/results/
-    ${colors.accent}--verbose, -v${ansi.reset}     Show detailed progress
-
-  ${ansi.bold}GLOBAL OPTIONS${ansi.reset}
-    ${colors.accent}--path, -p <dir>${ansi.reset}  Run in specified directory
-    ${colors.accent}--quiet, -q${ansi.reset}       Suppress non-essential output
-    ${colors.accent}--ci${ansi.reset}              CI mode (quiet + no-banner)
-    ${colors.accent}--help, -h${ansi.reset}        Show this help
-
-  ${ansi.bold}💡 EXAMPLES${ansi.reset}
-
-    ${ansi.dim}# Quick scan (default)${ansi.reset}
+  ${ansi.bold}Usage:${ansi.reset} vibecheck scan ${ansi.dim}(s)${ansi.reset} [path] [options]
+  
+  ${ansi.bold}Aliases:${ansi.reset} ${ansi.dim}s${ansi.reset}
+
+  ${ansi.bold}Scan Modes:${ansi.reset}
+    ${colors.accent}(default)${ansi.reset}       Layer 1: AST static analysis ${ansi.dim}(fast)${ansi.reset}
+    ${colors.accent}--truth, -t${ansi.reset}     Layer 1+2: Include build manifest verification ${ansi.dim}(CI/ship)${ansi.reset}
+    ${colors.accent}--reality, -r${ansi.reset}   Layer 1+2+3: Include Playwright runtime proof ${ansi.dim}(full)${ansi.reset}
+    ${colors.accent}--reality-sniff${ansi.reset} Include Reality Sniff AI artifact detection ${ansi.dim}(recommended)${ansi.reset}
+
+  ${ansi.bold}Fix Mode:${ansi.reset}
+    ${colors.accent}--autofix, -f${ansi.reset}   Apply safe fixes + generate AI missions ${ansi.rgb(0, 200, 255)}[STARTER]${ansi.reset}
+
+  ${ansi.bold}Options:${ansi.reset}
+    ${colors.accent}--url, -u${ansi.reset}       Base URL for reality testing (e.g., http://localhost:3000)
+    ${colors.accent}--verbose, -v${ansi.reset}   Show detailed progress
+    ${colors.accent}--json${ansi.reset}          Output results as JSON
+    ${colors.accent}--sarif${ansi.reset}         Output in SARIF format (GitHub code scanning)
+    ${colors.accent}--no-save${ansi.reset}       Don't save results to .vibecheck/results/
+    ${colors.accent}--help, -h${ansi.reset}      Show this help
+
+  ${ansi.bold}Examples:${ansi.reset}
+    ${ansi.dim}# Quick scan (AST only)${ansi.reset}
     vibecheck scan
 
-    ${ansi.dim}# Quick scan with JSON output${ansi.reset}
-    vibecheck scan --json
+    ${ansi.dim}# Scan + autofix with missions${ansi.reset}
+    vibecheck scan --autofix
 
-    ${ansi.dim}# Scan a specific directory${ansi.reset}
-    vibecheck scan ./my-project
+    ${ansi.dim}# CI/CD scan with manifest verification${ansi.reset}
+    vibecheck scan --truth
 
-  ${ansi.bold}🚀 COMPREHENSIVE ANALYSIS${ansi.reset}
+    ${ansi.dim}# Full proof with Playwright${ansi.reset}
+    vibecheck scan --reality --url http://localhost:3000
 
-    For 17+ engines plus ship-only validators, use:
-    ${colors.accent}vibecheck ship${ansi.reset} ${ansi.magenta}[PRO]${ansi.reset}
-
-  ${ansi.dim}─────────────────────────────────────────────────────────────${ansi.reset}
-  ${ansi.dim}Documentation: https://docs.vibecheckai.dev/cli/scan${ansi.reset}
+  ${ansi.bold}Output:${ansi.reset}
+    Results saved to: .vibecheck/results/latest.json
+    Missions saved to: .vibecheck/missions/ ${ansi.dim}(with --autofix)${ansi.reset}
   `);
 }
 
 // ═══════════════════════════════════════════════════════════════════════════════
-// MAIN SCAN FUNCTION
+// AUTOFIX & MISSION GENERATION
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Normalize severity values to standard format
+ */
+function normalizeSeverity(severity) {
+  if (!severity) return 'medium';
+  const sev = String(severity).toLowerCase();
+  if (sev === 'block' || sev === 'critical') return 'critical';
+  if (sev === 'high') return 'high';
+  if (sev === 'warn' || sev === 'warning' || sev === 'medium') return 'medium';
+  if (sev === 'info' || sev === 'low') return 'low';
+  return 'medium'; // Default fallback
+}
+
+async function generateMissions(findings, projectPath, opts) {
+  const missionsDir = path.join(projectPath, '.vibecheck', 'missions');
+  
+  // Ensure missions directory exists
+  if (!fs.existsSync(missionsDir)) {
+    fs.mkdirSync(missionsDir, { recursive: true });
+  }
+  
+  const missions = [];
+  const missionIndex = [];
+  
+  for (let i = 0; i < findings.length; i++) {
+    const finding = findings[i];
+    const missionId = `mission-${String(i + 1).padStart(3, '0')}`;
+    const normalizedSeverity = normalizeSeverity(finding.severity);
+    
+    // Generate AI-ready mission prompt
+    const mission = {
+      id: missionId,
+      createdAt: new Date().toISOString(),
+      finding: {
+        id: finding.id || `finding-${i + 1}`,
+        severity: normalizedSeverity,
+        originalSeverity: finding.severity, // Keep original for reference
+        category: finding.category,
+        title: finding.title || finding.message,
+        file: finding.file,
+        line: finding.line,
+      },
+      prompt: generateMissionPrompt(finding),
+      constraints: generateConstraints(finding),
+      verification: generateVerificationSteps(finding),
+      status: 'pending',
+    };
+    
+    missions.push(mission);
+    missionIndex.push({
+      id: missionId,
+      severity: normalizedSeverity,
+      title: finding.title || finding.message,
+      file: finding.file,
+      status: 'pending',
+    });
+    
+    // Save individual mission JSON
+    const missionPath = path.join(missionsDir, `${missionId}.json`);
+    fs.writeFileSync(missionPath, JSON.stringify(mission, null, 2));
+  }
+  
+  // Generate MISSIONS.md index
+  const missionsMarkdown = generateMissionsMarkdown(missionIndex, projectPath);
+  fs.writeFileSync(path.join(missionsDir, 'MISSIONS.md'), missionsMarkdown);
+  
+  // Save missions summary
+  const summary = {
+    generatedAt: new Date().toISOString(),
+    totalMissions: missions.length,
+    bySeverity: {
+      critical: missionIndex.filter(m => m.severity === 'critical').length,
+      high: missionIndex.filter(m => m.severity === 'high').length,
+      medium: missionIndex.filter(m => m.severity === 'medium').length,
+      low: missionIndex.filter(m => m.severity === 'low').length,
+    },
+    missions: missionIndex,
+  };
+  fs.writeFileSync(path.join(missionsDir, 'summary.json'), JSON.stringify(summary, null, 2));
+  
+  return { missions, summary };
+}
+
+function generateMissionPrompt(finding) {
+  const file = finding.file || 'unknown file';
+  const line = finding.line ? ` at line ${finding.line}` : '';
+  const title = finding.title || finding.message || 'Unknown issue';
+  const category = finding.category || 'general';
+  
+  let prompt = `## Mission: Fix ${title}
+
+**File:** \`${file}\`${line}
+**Category:** ${category}
+**Severity:** ${finding.severity || 'medium'}
+
+### Problem
+${finding.message || title}
+
+### Context
+`;
+
+  // Add category-specific context
+  if (category === 'ROUTE' || category === 'routes') {
+    prompt += `This is a route integrity issue. The route may be:
+- Referenced but not defined
+- Defined but not reachable
+- Missing proper error handling
+`;
+  } else if (category === 'ENV' || category === 'env') {
+    prompt += `This is an environment variable issue. The variable may be:
+- Used but not defined in .env
+- Missing from .env.example
+- Not documented
+`;
+  } else if (category === 'AUTH' || category === 'auth' || category === 'security') {
+    prompt += `This is a security/authentication issue. Check for:
+- Proper authentication middleware
+- Authorization checks
+- Secure defaults
+`;
+  } else if (category === 'MOCK' || category === 'mock') {
+    prompt += `This is a mock/placeholder issue. The code may contain:
+- TODO comments that need implementation
+- Placeholder data that should be real
+- Fake success responses
+`;
+  }
+
+  prompt += `
+### Requirements
+1. Fix the issue while maintaining existing functionality
+2. Follow the project's coding style and patterns
+3. Add appropriate error handling
+4. Update tests if they exist
+
+### Verification
+After making changes:
+1. Run \`vibecheck scan\` to verify the issue is resolved
+2. Run any existing tests for the affected file
+3. Manually verify the functionality if applicable
+`;
+
+  if (finding.fix || finding.fixSuggestion) {
+    prompt += `
+### Suggested Fix
+${finding.fix || finding.fixSuggestion}
+`;
+  }
+
+  return prompt;
+}
+
+function generateConstraints(finding) {
+  const constraints = [
+    'Do not break existing functionality',
+    'Follow existing code patterns in the project',
+    'Add error handling where appropriate',
+  ];
+  
+  if (finding.category === 'security' || finding.category === 'AUTH') {
+    constraints.push('Ensure no security regressions');
+    constraints.push('Follow OWASP security guidelines');
+  }
+  
+  if (finding.category === 'ROUTE' || finding.category === 'routes') {
+    constraints.push('Maintain API backwards compatibility');
+    constraints.push('Update route documentation if changed');
+  }
+  
+  return constraints;
+}
+
+function generateVerificationSteps(finding) {
+  const steps = [
+    'Run `vibecheck scan` and confirm this issue no longer appears',
+    'Run `vibecheck checkpoint` to ensure no regressions',
+  ];
+  
+  if (finding.file) {
+    steps.push(`Review changes in \`${finding.file}\``);
+  }
+  
+  if (finding.category === 'ROUTE' || finding.category === 'routes') {
+    steps.push('Test the affected route(s) manually or with automated tests');
+  }
+  
+  if (finding.category === 'ENV' || finding.category === 'env') {
+    steps.push('Verify environment variable is properly documented');
+    steps.push('Check .env.example is updated');
+  }
+  
+  return steps;
+}
+
+function generateMissionsMarkdown(missionIndex, projectPath) {
+  const projectName = path.basename(projectPath);
+  const now = new Date().toISOString();
+  
+  let md = `# Vibecheck Missions
+
+> Generated: ${now}
+> Project: ${projectName}
+
+## Summary
+
+| Severity | Count |
+|----------|-------|
+| Critical | ${missionIndex.filter(m => m.severity === 'critical').length} |
+| High | ${missionIndex.filter(m => m.severity === 'high').length} |
+| Medium | ${missionIndex.filter(m => m.severity === 'medium').length} |
+| Low | ${missionIndex.filter(m => m.severity === 'low').length} |
+| **Total** | **${missionIndex.length}** |
+
+## Missions
+
+`;
+
+  // Group by severity
+  const bySeverity = {
+    critical: missionIndex.filter(m => m.severity === 'critical'),
+    high: missionIndex.filter(m => m.severity === 'high'),
+    medium: missionIndex.filter(m => m.severity === 'medium'),
+    low: missionIndex.filter(m => m.severity === 'low'),
+  };
+
+  for (const [severity, missions] of Object.entries(bySeverity)) {
+    if (missions.length === 0) continue;
+    
+    const emoji = severity === 'critical' ? '🔴' : severity === 'high' ? '🟠' : severity === 'medium' ? '🟡' : '🔵';
+    md += `### ${emoji} ${severity.charAt(0).toUpperCase() + severity.slice(1)} (${missions.length})\n\n`;
+    
+    for (const mission of missions) {
+      const checkbox = mission.status === 'completed' ? '[x]' : '[ ]';
+      md += `- ${checkbox} **${mission.id}**: ${mission.title}\n`;
+      if (mission.file) {
+        md += `  - File: \`${mission.file}\`\n`;
+      }
+    }
+    md += '\n';
+  }
+
+  md += `---
+
+## How to Use
+
+1. **Review missions**: Read each mission file in \`.vibecheck/missions/\`
+2. **Copy prompts**: Use the prompt in each mission file with your AI assistant
+3. **Verify fixes**: Run \`vibecheck scan\` after each fix
+4. **Track progress**: Update mission status in this file
+
+## Commands
+
+\`\`\`bash
+# Re-scan after fixes
+vibecheck scan
+
+# Check progress
+vibecheck checkpoint
+
+# Final verification
+vibecheck ship
+\`\`\`
+`;
+
+  return md;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// MAIN SCAN FUNCTION - ROUTE INTEGRITY SYSTEM
 // ═══════════════════════════════════════════════════════════════════════════════
 
 async function runScan(args) {
@@ -151,7 +453,7 @@ async function runScan(args) {
     return 0;
   }
 
-  // Entitlement check (scan is FREE)
+  // Entitlement check (graceful offline handling)
   try {
     await enforceLimit('scans');
     await trackUsage('scans');
@@ -160,239 +462,562 @@ async function runScan(args) {
       console.error(err.upgradePrompt || err.message);
       return 1;
     }
-    // Network errors - continue with free tier
-    if (!['ECONNREFUSED', 'ETIMEDOUT', 'ENOTFOUND'].includes(err.code) && err.name !== 'NetworkError') {
-      throw err;
+    // Network error - fall back to free tier only (SECURITY: never grant paid features offline)
+    if (err.code === 'ECONNREFUSED' || err.code === 'ETIMEDOUT' || err.code === 'ENOTFOUND' || err.name === 'NetworkError') {
+      console.warn(`  ${colors.warning}⚠${ansi.reset} API unavailable, running in ${colors.success}FREE${ansi.reset} tier mode`);
+      console.warn(`  ${ansi.dim}Paid features require API connection. Continuing with free features only.${ansi.reset}\n`);
+      // Continue with free tier features only - scan command is free tier
+    } else {
+      throw err; // Re-throw unexpected errors
     }
   }
 
-  // Print banner
+  // Print banner (respects --no-banner, VIBECHECK_NO_BANNER, --ci, --quiet, --json)
   if (shouldShowBanner(opts)) {
     printBanner();
   }
 
   const projectPath = path.resolve(opts.path);
   const startTime = Date.now();
-  const projectName = path.basename(projectPath);
 
-  // Emit audit event
+  // Emit audit event for scan start
   emitScanStart(projectPath, args);
+  const projectName = path.basename(projectPath);
 
   // Validate project path
   if (!fs.existsSync(projectPath)) {
     throw createUserError(`Project path does not exist: ${projectPath}`, "ValidationError");
   }
 
+  // Determine layers
+  const layers = {
+    ast: true,
+    truth: opts.truth,
+    reality: opts.reality,
+    realitySniff: opts.realitySniff,
+  };
+
   // Print scan info
-  if (!opts.json && !opts.quiet) {
-    console.log(`  ${ansi.dim}Project:${ansi.reset}  ${ansi.bold}${projectName}${ansi.reset}`);
-    console.log(`  ${ansi.dim}Path:${ansi.reset}     ${projectPath}`);
-    console.log(`  ${ansi.dim}Mode:${ansi.reset}     ${colors.accent}Quick Scan${ansi.reset} ${ansi.dim}(${SCAN_ENGINES.length} engines)${ansi.reset}`);
+  const layerNames = [];
+  if (layers.ast) layerNames.push('AST');
+  if (layers.truth) layerNames.push('Truth');
+  if (layers.reality) layerNames.push('Reality');
+  if (layers.realitySniff) layerNames.push('Reality Sniff');
+
+  console.log(`  ${ansi.dim}Project:${ansi.reset}  ${ansi.bold}${projectName}${ansi.reset}`);
+  console.log(`  ${ansi.dim}Path:${ansi.reset}     ${projectPath}`);
+  console.log(`  ${ansi.dim}Layers:${ansi.reset}   ${colors.accent}${layerNames.join(' → ')}${ansi.reset}`);
+  console.log();
+
+  // Reality layer requires URL
+  if (opts.reality && !opts.baseUrl) {
+    console.log(`  ${colors.warning}⚠${ansi.reset} ${ansi.bold}Reality layer requires --url${ansi.reset}`);
+    console.log(`  ${ansi.dim}Example: vibecheck scan --reality --url http://localhost:3000${ansi.reset}`);
     console.log();
+    return 1;
   }
 
+  // Initialize spinner outside try block for error handling
   let spinner = null;
   
   try {
-    // Start spinner
-    if (!opts.json && !opts.quiet) {
-      spinner = new Spinner({ color: colors.primary });
-      spinner.start(`Running quick scan...`);
+    // Import systems - try TypeScript compiled first, fallback to JS runtime
+    let scanRouteIntegrity;
+    let useFallbackScanner = false;
+    
+    try {
+      scanRouteIntegrity = require('../../dist/lib/route-integrity').scanRouteIntegrity;
+    } catch (e) {
+      // Fallback to JS-based scanner using truth.js and analyzers.js
+      useFallbackScanner = true;
+      const { buildTruthpack } = require('./lib/truth');
+      const { findMissingRoutes, findEnvGaps, findFakeSuccess, findGhostAuth } = require('./lib/analyzers');
+      
+      scanRouteIntegrity = async function({ projectPath, layers, baseUrl, verbose }) {
+        // Build truthpack for route analysis
+        const truthpack = await buildTruthpack({ repoRoot: projectPath });
+        
+        // Run analyzers
+        const findings = [];
+        findings.push(...findMissingRoutes(truthpack));
+        findings.push(...findEnvGaps(truthpack));
+        findings.push(...findFakeSuccess(projectPath));
+        findings.push(...findGhostAuth(truthpack, projectPath));
+        
+        // Convert to scan format matching TypeScript scanner output
+        const shipBlockers = findings.map((f, i) => ({
+          id: f.id || `finding-${i}`,
+          ruleId: f.category,
+          category: f.category,
+          severity: f.severity === 'BLOCK' ? 'critical' : f.severity === 'WARN' ? 'warning' : 'info',
+          title: f.title,
+          message: f.title,
+          description: f.why,
+          file: f.evidence?.[0]?.file || '',
+          line: parseInt(f.evidence?.[0]?.lines?.split('-')[0]) || 1,
+          evidence: f.evidence || [],
+          fixHints: f.fixHints || [],
+          autofixAvailable: false,
+          verdict: f.severity === 'BLOCK' ? 'FAIL' : 'WARN',
+        }));
+        
+        // Return structure matching TypeScript scanner
+        return {
+          report: {
+            shipBlockers,
+            realitySniffFindings: [],
+            routeMap: truthpack.routes,
+            summary: {
+              total: shipBlockers.length,
+              critical: shipBlockers.filter(f => f.severity === 'critical').length,
+              warning: shipBlockers.filter(f => f.severity === 'warning').length,
+            },
+            verdict: shipBlockers.some(f => f.severity === 'critical') ? 'BLOCK' : 
+                     shipBlockers.some(f => f.severity === 'warning') ? 'WARN' : 'SHIP'
+          },
+          outputPaths: {},
+          truthpack
+        };
+      };
     }
-
-    // Run the 5 quick scan engines via orchestrator
-    const scanResult = await runScanEngines(projectPath, {
-      maxFiles: 500,
-      onProgress: opts.verbose ? (phase, pct) => {
-        if (spinner) spinner.text = `${phase}: ${pct}%`;
-      } : undefined,
-    });
     
-    const duration = Date.now() - startTime;
-
-    if (spinner) {
-      spinner.succeed(`Quick scan complete (${scanResult.findings.length} findings in ${formatDuration(duration)})`);
+    // Try to import new unified output system (may not be compiled yet)
+    let buildVerdictOutput, normalizeFinding, formatStandardOutput, formatScanOutputFromUnified, getExitCodeFromUnified, CacheManager;
+    let useUnifiedOutput = false;
+    
+    try {
+      const outputContract = require('../../dist/lib/cli/output-contract');
+      buildVerdictOutput = outputContract.buildVerdictOutput;
+      normalizeFinding = outputContract.normalizeFinding;
+      formatStandardOutput = outputContract.formatStandardOutput;
+      
+      const unifiedOutput = require('./lib/unified-output');
+      formatScanOutputFromUnified = unifiedOutput.formatScanOutput;
+      getExitCodeFromUnified = unifiedOutput.getExitCode;
+      
+      const cacheModule = require('../../dist/lib/cli/cache-manager');
+      CacheManager = cacheModule.CacheManager;
+      useUnifiedOutput = true;
+    } catch (error) {
+      // Fallback to old system if new one not available
+      if (opts.verbose) {
+        console.warn('Unified output system not available, using enhanced format');
+      }
+      useUnifiedOutput = false;
     }
 
-    // Normalize findings
-    const findings = scanResult.findings.map((f, i) => ({
-      id: f.id || `finding-${i}`,
-      ruleId: f.type || f.category,
-      category: f.category || 'CodeQuality',
-      severity: normalizeSeverity(f.severity),
-      title: f.title || f.message,
-      message: f.message || f.title,
-      file: f.file || '',
-      line: f.line || 1,
-      confidence: f.confidence || 'medium',
-      engine: f.engine,
-      fixHint: f.fixHint,
-    }));
+    // Initialize cache if available
+    let cache = null;
+    let cached = false;
+    let cachedResult = null;
     
-    // Calculate verdict
-    const blockers = findings.filter(f => f.severity === 'critical');
-    const warnings = findings.filter(f => f.severity === 'warning');
-    const verdict = blockers.length > 0 ? 'BLOCK' : warnings.length > 0 ? 'WARN' : 'PASS';
-    const score = calculateScore({ 
-      critical: blockers.length, 
-      high: 0, 
-      medium: warnings.length, 
-      low: findings.length - blockers.length - warnings.length 
+    if (CacheManager) {
+      cache = new CacheManager(projectPath);
+      const cacheKey = 'scan';
+      
+      // Compute project hash for caching
+      const sourceFiles = await findSourceFiles(projectPath);
+      const projectHash = await cache.computeProjectHash(sourceFiles, { layers, baseUrl: opts.baseUrl });
+
+      // Check cache
+      if (!opts.verbose) {
+        cachedResult = await cache.get(cacheKey, projectHash);
+        if (cachedResult && buildVerdictOutput) {
+          cached = true;
+          // Use cached result
+          const verdict = buildVerdictOutput(cachedResult.findings, cachedResult.timings, true);
+          const output = formatStandardOutput(verdict, cachedResult.findings, cachedResult.scanId, projectPath, {
+            version: require('../../package.json').version || '1.0.0',
+            nodeVersion: process.version,
+            platform: process.platform,
+          });
+
+          if (opts.json) {
+            console.log(JSON.stringify(output, null, 2));
+            return getExitCode(verdict);
+          }
+
+          console.log(formatScanOutput({ verdict, findings: cachedResult.findings, cached }, { verbose: opts.verbose }));
+          return getExitCode(verdict);
+        }
+      }
+    }
+
+    // Start scanning with enhanced spinner
+    const timings = { discovery: 0, analysis: 0, verification: 0, detection: 0, total: 0 };
+    timings.discovery = Date.now();
+
+    spinner = new Spinner({ color: colors.primary });
+    spinner.start('Analyzing codebase...');
+
+    const result = await scanRouteIntegrity({
+      projectPath,
+      layers,
+      baseUrl: opts.baseUrl,
+      verbose: opts.verbose,
+      onProgress: opts.verbose ? (phase, progress) => {
+        spinner.succeed(`${phase}: ${Math.round(progress)}%`);
+        if (progress < 100) spinner.start(`Running ${phase}...`);
+      } : undefined,
     });
 
-    // ═══════════════════════════════════════════════════════════════════════════
-    // OUTPUT
-    // ═══════════════════════════════════════════════════════════════════════════
+    timings.analysis = Date.now() - timings.discovery;
     
-    // JSON output
-    if (opts.json) {
-      const jsonOutput = {
-        version: "1.0.0",
-        command: "scan",
-        mode: "quick",
-        engines: SCAN_ENGINES,
-        verdict,
-        score,
-        summary: {
-          total: findings.length,
-          blockers: blockers.length,
-          warnings: warnings.length,
-          filesScanned: scanResult.stats.filesScanned,
-          duration,
-        },
-        findings: findings.map(f => ({
-          id: f.id,
-          category: f.category,
-          severity: f.severity,
-          title: f.title,
-          message: f.message,
-          file: f.file,
-          line: f.line,
-          engine: f.engine,
-        })),
-        timestamp: new Date().toISOString(),
-      };
-      console.log(JSON.stringify(jsonOutput, null, 2));
-      return verdictToExitCode(verdict);
+    // Run new detection engines (Dead UI, Billing Bypass, Fake Success)
+    let detectionFindings = [];
+    try {
+      startSpinner('Running detection engines...');
+      const detectionStart = Date.now();
+      
+      // Dynamic import for TypeScript detection engines
+      const { DeadUIDetector } = require('../../dist/engines/detection/dead-ui-detector');
+      const { BillingBypassDetector } = require('../../dist/engines/detection/billing-bypass-detector');
+      const { FakeSuccessDetector } = require('../../dist/engines/detection/fake-success-detector');
+      
+      const exclude = ['node_modules', '.git', 'dist', 'build', '.next', 'coverage', '_archive'];
+      
+      // Run detectors in parallel
+      const [deadUIResult, billingResult, fakeSuccessResult] = await Promise.all([
+        new DeadUIDetector(projectPath).scan({ exclude }),
+        new BillingBypassDetector(projectPath).scan({ exclude }),
+        new FakeSuccessDetector(projectPath).scan({ exclude }),
+      ]);
+      
+      // Convert to normalized findings format
+      for (const finding of deadUIResult.findings) {
+        detectionFindings.push({
+          id: finding.id,
+          ruleId: finding.type,
+          category: 'DEAD_UI',
+          severity: finding.severity,
+          title: finding.message,
+          description: finding.suggestion,
+          file: finding.file,
+          line: finding.line,
+          evidence: finding.evidence,
+          autofixAvailable: false,
+          verdict: 'FAIL',
+        });
+      }
+      
+      for (const finding of billingResult.findings) {
+        detectionFindings.push({
+          id: finding.id,
+          ruleId: finding.type,
+          category: 'BILLING',
+          severity: finding.severity,
+          title: finding.message,
+          description: finding.suggestion,
+          file: finding.file,
+          line: finding.line,
+          evidence: finding.evidence,
+          autofixAvailable: false,
+          verdict: 'FAIL',
+        });
+      }
+      
+      for (const finding of fakeSuccessResult.findings) {
+        detectionFindings.push({
+          id: finding.id,
+          ruleId: finding.type,
+          category: 'FAKE_SUCCESS',
+          severity: finding.severity,
+          title: finding.message,
+          description: finding.suggestion,
+          file: finding.file,
+          line: finding.line,
+          evidence: finding.evidence,
+          autofixAvailable: false,
+          verdict: 'FAIL',
+        });
+      }
+      
+      timings.detection = Date.now() - detectionStart;
+      spinner.succeed(`Detection complete (${detectionFindings.length} findings)`);
+    } catch (detectionError) {
+      // Detection engines not compiled yet - continue without them
+      if (opts.verbose) {
+        console.log(`  ${ansi.dim}Detection engines not available: ${detectionError.message}${ansi.reset}`);
+      }
+      spinner.warn('Detection skipped (not compiled)');
     }
     
-    // SARIF output
+    timings.verification = Date.now() - timings.analysis - timings.discovery;
+    timings.total = Date.now() - startTime;
+
+    spinner.succeed('Analysis complete');
+
+    const { report, outputPaths } = result;
+
+    // Use new unified output if available, otherwise fallback to enhanced format
+    if (useUnifiedOutput && buildVerdictOutput && normalizeFinding && formatScanOutputFromUnified) {
+      // Normalize findings with stable IDs
+      const existingIDs = new Set();
+      const normalizedFindings = [];
+      
+      // Normalize route integrity findings
+      if (report.shipBlockers) {
+        for (let i = 0; i < report.shipBlockers.length; i++) {
+          const blocker = report.shipBlockers[i];
+          const category = blocker.category || 'ROUTE';
+          const normalized = normalizeFinding(blocker, category, i, existingIDs);
+          normalizedFindings.push(normalized);
+        }
+      }
+
+      // Normalize Reality Sniff findings if present
+      if (report.realitySniffFindings) {
+        for (let i = 0; i < report.realitySniffFindings.length; i++) {
+          const finding = report.realitySniffFindings[i];
+          const category = finding.ruleId?.startsWith('auth') ? 'AUTH' : 'REALITY';
+          const normalized = normalizeFinding(finding, category, normalizedFindings.length, existingIDs);
+          normalizedFindings.push(normalized);
+        }
+      }
+      
+      // Add detection engine findings (Dead UI, Billing, Fake Success)
+      for (const finding of detectionFindings) {
+        normalizedFindings.push(finding);
+      }
+
+      // Build verdict
+      const verdict = buildVerdictOutput(normalizedFindings, timings, false);
+      const scanId = `scan_${Date.now()}`;
+
+      // Cache result
+      if (cache) {
+        const sourceFiles = await findSourceFiles(projectPath);
+        const projectHash = await cache.computeProjectHash(sourceFiles, { layers, baseUrl: opts.baseUrl });
+        await cache.set('scan', projectHash, {
+          findings: normalizedFindings,
+          timings,
+          scanId,
+        }, {
+          filesScanned: sourceFiles.length,
+          findings: normalizedFindings.length,
+          duration: timings.total,
+        });
+      }
+
+      // Build standard output
+      const standardOutput = formatStandardOutput(verdict, normalizedFindings, scanId, projectPath, {
+        version: require('../../package.json').version || '1.0.0',
+        nodeVersion: process.version,
+        platform: process.platform,
+      });
+
+    // JSON output mode
+    if (opts.json) {
+      console.log(JSON.stringify(standardOutput, null, 2));
+      return getExitCodeFromUnified ? getExitCodeFromUnified(verdict) : getExitCode(verdict);
+    }
+
+    // SARIF output mode
     if (opts.sarif) {
-      const sarif = formatSARIF(findings, { 
+      const sarif = formatSARIF(normalizedFindings, { 
         projectPath, 
         version: require('../../package.json').version || '1.0.0' 
       });
       console.log(JSON.stringify(sarif, null, 2));
-      return verdictToExitCode(verdict);
+      return getExitCodeFromUnified ? getExitCodeFromUnified(verdict) : getExitCode(verdict);
     }
-    
-    // Human-readable output
-    console.log();
-    
-    // Verdict
-    const verdictColor = verdict === 'PASS' ? colors.success : verdict === 'WARN' ? colors.warning : colors.error;
-    const verdictIcon = verdict === 'PASS' ? '✓' : verdict === 'WARN' ? '⚠' : '✗';
-    
-    console.log(`  ${verdictColor}${ansi.bold}${verdictIcon} ${verdict}${ansi.reset} ${ansi.dim}Score: ${score}/100${ansi.reset}`);
-    console.log(`  ${ansi.dim}${findings.length} findings (${blockers.length} blockers, ${warnings.length} warnings)${ansi.reset}`);
-    console.log(`  ${ansi.dim}${scanResult.stats.filesScanned} files scanned in ${formatDuration(duration)}${ansi.reset}`);
-    console.log();
-    
-    // Show blockers
-    if (blockers.length > 0) {
-      console.log(`  ${colors.error}${ansi.bold}Blockers (${blockers.length})${ansi.reset}`);
-      for (const f of blockers.slice(0, 5)) {
-        console.log(`    ${colors.error}●${ansi.reset} ${f.title}`);
-        if (f.file) console.log(`      ${ansi.dim}${f.file}:${f.line}${ansi.reset}`);
-      }
-      if (blockers.length > 5) {
-        console.log(`    ${ansi.dim}... and ${blockers.length - 5} more${ansi.reset}`);
-      }
+
+    // ═══════════════════════════════════════════════════════════════════════════
+    // ENHANCED OUTPUT
+    // ═══════════════════════════════════════════════════════════════════════════
+
+    // Use enhanced output formatter (from scan-output.js)
+    const resultForOutput = {
+      verdict,
+      findings: normalizedFindings,
+      layers: report.layers || [],
+      coverage: report.coverageMap,
+      breakdown: report.score?.breakdown,
+      timings,
+      cached,
+    };
+    console.log(formatScanOutput(resultForOutput, { verbose: opts.verbose }));
+
+    // Additional details if verbose
+    if (opts.verbose) {
+      printBreakdown(report.score.breakdown);
+      printCoverageMap(report.coverageMap);
+      printLayers(report.layers);
+      
+      printSection('REPORTS', '📄');
       console.log();
-    }
-    
-    // Show warnings (verbose only)
-    if (warnings.length > 0 && opts.verbose) {
-      console.log(`  ${colors.warning}${ansi.bold}Warnings (${warnings.length})${ansi.reset}`);
-      for (const f of warnings.slice(0, 5)) {
-        console.log(`    ${colors.warning}◐${ansi.reset} ${f.title}`);
-        if (f.file) console.log(`      ${ansi.dim}${f.file}:${f.line}${ansi.reset}`);
+      console.log(`  ${c.cyan}${outputPaths.md}${c.reset}`);
+      console.log(`  ${c.dim}${outputPaths.json}${c.reset}`);
+      if (outputPaths.sarif) {
+        console.log(`  ${c.dim}${outputPaths.sarif}${c.reset}`);
       }
-      if (warnings.length > 5) {
-        console.log(`    ${ansi.dim}... and ${warnings.length - 5} more${ansi.reset}`);
-      }
-      console.log();
-    }
-    
-    // Pro upsell
-    if (!opts.quiet) {
-      console.log(`  ${ansi.dim}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${ansi.reset}`);
-      console.log(`  ${ansi.dim}Quick scan ran ${SCAN_ENGINES.length} engines.${ansi.reset}`);
-      console.log(`  ${colors.accent}For comprehensive analysis (17+ engines + validators):${ansi.reset}`);
-      console.log(`    ${colors.success}vibecheck ship${ansi.reset} ${ansi.dim}[PRO]${ansi.reset}`);
-      console.log();
     }
-    
-    // Emit completion
-    emitScanComplete(projectPath, verdict === 'PASS' ? 'success' : 'failure', {
-      score,
-      issueCount: findings.length,
-      durationMs: duration,
-    });
 
-    // Save results
+    // ═══════════════════════════════════════════════════════════════════════════
+    // SAVE RESULTS
+    // ═══════════════════════════════════════════════════════════════════════════
+    
     if (opts.save) {
       const resultsDir = path.join(projectPath, '.vibecheck', 'results');
       if (!fs.existsSync(resultsDir)) {
         fs.mkdirSync(resultsDir, { recursive: true });
       }
       
-      fs.writeFileSync(
-        path.join(resultsDir, 'latest.json'),
-        JSON.stringify({
-          verdict,
-          score,
-          findings,
-          timestamp: new Date().toISOString(),
-          mode: 'quick',
-          engines: SCAN_ENGINES,
-          stats: scanResult.stats,
-        }, null, 2)
-      );
+      // Save latest.json
+      const latestPath = path.join(resultsDir, 'latest.json');
+      fs.writeFileSync(latestPath, JSON.stringify(standardOutput, null, 2));
+      
+      // Save timestamped copy
+      const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+      const historyDir = path.join(resultsDir, 'history');
+      if (!fs.existsSync(historyDir)) {
+        fs.mkdirSync(historyDir, { recursive: true });
+      }
+      fs.writeFileSync(path.join(historyDir, `scan-${timestamp}.json`), JSON.stringify(standardOutput, null, 2));
+      
+      if (!opts.json) {
+        console.log(`\n  ${ansi.dim}Results saved to: ${latestPath}${ansi.reset}`);
+      }
     }
     
-    return verdictToExitCode(verdict);
+    // ═══════════════════════════════════════════════════════════════════════════
+    // AUTOFIX MODE - Generate missions
+    // ═══════════════════════════════════════════════════════════════════════════
+    
+    if (opts.autofix && normalizedFindings.length > 0) {
+      // Check entitlement
+      const entitlementsV2 = require("./lib/entitlements-v2");
+      const access = await entitlementsV2.enforce("scan.autofix", { 
+        projectPath,
+        silent: false,
+      });
+      
+      if (!access.allowed) {
+        console.log(`\n  ${colors.warning}${icons.warning}${ansi.reset} ${ansi.bold}--autofix requires STARTER plan${ansi.reset}`);
+        console.log(`  ${ansi.dim}Upgrade at: https://vibecheckai.dev/pricing${ansi.reset}`);
+        console.log(`  ${ansi.dim}Scan results saved. Run 'vibecheck fix' for manual mission generation.${ansi.reset}\n`);
+      } else {
+        console.log(`\n  ${colors.accent}${icons.lightning}${ansi.reset} ${ansi.bold}Generating AI missions...${ansi.reset}\n`);
+        
+        const { missions, summary } = await generateMissions(normalizedFindings, projectPath, opts);
+        
+        console.log(`  ${colors.success}✓${ansi.reset} Generated ${missions.length} missions`);
+        console.log(`    ${ansi.dim}Critical: ${summary.bySeverity.critical}${ansi.reset}`);
+        console.log(`    ${ansi.dim}High: ${summary.bySeverity.high}${ansi.reset}`);
+        console.log(`    ${ansi.dim}Medium: ${summary.bySeverity.medium}${ansi.reset}`);
+        console.log(`    ${ansi.dim}Low: ${summary.bySeverity.low}${ansi.reset}`);
+        console.log();
+        console.log(`  ${ansi.dim}Missions saved to: .vibecheck/missions/${ansi.reset}`);
+        console.log(`  ${ansi.dim}Open MISSIONS.md for prompts to use with your AI assistant.${ansi.reset}`);
+        console.log();
+      }
+    }
+
+    // Emit audit event for scan complete
+    emitScanComplete(projectPath, verdict.verdict === 'PASS' ? 'success' : 'failure', {
+      score: report.score?.overall || (verdict.verdict === 'PASS' ? 100 : 50),
+      grade: report.score?.grade || (verdict.verdict === 'PASS' ? 'A' : 'F'),
+      issueCount: verdict.summary.blockers,
+      durationMs: timings.total,
+    });
+
+    return getExitCodeFromUnified ? getExitCodeFromUnified(verdict) : getExitCode(verdict);
+    } else {
+      // Legacy fallback output when unified output system isn't available
+      const findings = [...(report.shipBlockers || []), ...detectionFindings];
+      const criticalCount = findings.filter(f => f.severity === 'critical' || f.severity === 'BLOCK').length;
+      const warningCount = findings.filter(f => f.severity === 'warning' || f.severity === 'WARN').length;
+      
+      const verdict = criticalCount > 0 ? 'BLOCK' : warningCount > 0 ? 'WARN' : 'SHIP';
+      
+      // Use enhanced output formatter for legacy fallback
+      const severityCounts = {
+        critical: criticalCount,
+        high: 0,
+        medium: warningCount,
+        low: findings.length - criticalCount - warningCount,
+      };
+      const score = calculateScore(severityCounts);
+      
+      const result = {
+        verdict: { verdict, score },
+        findings: findings.map(f => ({
+          severity: f.severity === 'critical' || f.severity === 'BLOCK' ? 'critical' :
+                   f.severity === 'warning' || f.severity === 'WARN' ? 'medium' : 'low',
+          category: f.category || 'ROUTE',
+          title: f.title || f.message,
+          message: f.message || f.title,
+          file: f.file,
+          line: f.line,
+          fix: f.fixSuggestion,
+        })),
+        layers: [],
+        timings,
+      };
+      
+      console.log(formatScanOutput(result, { verbose: opts.verbose }));
+      
+      // Emit audit event
+      emitScanComplete(projectPath, verdict === 'SHIP' ? 'success' : 'failure', {
+        score: verdict === 'SHIP' ? 100 : verdict === 'WARN' ? 70 : 40,
+        issueCount: criticalCount + warningCount,
+        durationMs: timings.total,
+      });
+      
+      return verdict === 'SHIP' ? 0 : verdict === 'WARN' ? 1 : 2;
+    }
 
   } catch (error) {
     if (spinner) {
       spinner.fail(`Scan failed: ${error.message}`);
     }
     
-    console.error(`\n  ${colors.error}✗${ansi.reset} ${ansi.bold}Error:${ansi.reset} ${error.message}`);
-    if (opts.verbose) {
-      console.error(`  ${ansi.dim}${error.stack}${ansi.reset}`);
-    }
+    // Use enhanced error handling
+    const exitCode = printError(error, 'Scan');
     
+    // Emit audit event for scan error
     emitScanComplete(projectPath, 'error', {
       errorCode: error.code || 'SCAN_ERROR',
       errorMessage: error.message,
       durationMs: Date.now() - startTime,
     });
     
-    return EXIT.INTERNAL_ERROR;
+    return exitCode;
   }
 }
 
-// Helper to normalize severity
-function normalizeSeverity(sev) {
-  if (!sev) return 'info';
-  const s = String(sev).toLowerCase();
-  if (s === 'block' || s === 'critical' || s === 'high') return 'critical';
-  if (s === 'warn' || s === 'warning' || s === 'medium') return 'warning';
-  return 'info';
+// Helper function to find source files for cache hash
+async function findSourceFiles(projectPath) {
+  const files = [];
+  const fs = require('fs');
+  const path = require('path');
+  
+  async function walk(dir) {
+    try {
+      const entries = await fs.promises.readdir(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+        if (entry.isDirectory()) {
+          if (!entry.name.startsWith('.') && entry.name !== 'node_modules') {
+            await walk(fullPath);
+          }
+        } else if (entry.isFile()) {
+          const ext = path.extname(entry.name).toLowerCase();
+          if (['.ts', '.tsx', '.js', '.jsx'].includes(ext)) {
+            files.push(fullPath);
+          }
+        }
+      }
+    } catch {
+      // Skip inaccessible directories
+    }
+  }
+  
+  await walk(projectPath);
+  return files;
 }
 
-// Export
+// Export with error handling wrapper
 module.exports = {
   runScan: withErrorHandling(runScan, "Scan failed"),
 };