@vibedrift/cli 0.4.4 → 0.5.0

package/dist/index.js

@@ -24,6 +24,7 @@ __export(function_extractor_exports, {
   extractAllFunctions: () => extractAllFunctions,
   extractFunctionsFromFile: () => extractFunctionsFromFile,
   simpleHash: () => simpleHash,
+  toFunctionRef: () => toFunctionRef,
   tokenizeBody: () => tokenizeBody
 });
 function detectDomainCategory(name, body) {
@@ -149,6 +150,9 @@ function extractAllFunctions(files) {
   }
   return allFunctions;
 }
+function toFunctionRef(fn) {
+  return { file: fn.file, relativePath: fn.relativePath, name: fn.name, line: fn.line };
+}
 var init_function_extractor = __esm({
   "src/codedna/function-extractor.ts"() {
     "use strict";
@@ -254,12 +258,9 @@ function fnv1aHash(str) {
   const h2 = (hash2 >>> 0).toString(16).padStart(8, "0");
   return h1 + h2;
 }
-function toRef(fn) {
-  return { file: fn.file, relativePath: fn.relativePath, name: fn.name, line: fn.line };
-}
 function computeSemanticFingerprints(functions) {
   return functions.map((fn) => ({
-    functionRef: toRef(fn),
+    functionRef: toFunctionRef(fn),
     normalizedHash: fnv1aHash(normalizeBody(fn.rawBody, fn.language))
   }));
 }
@@ -321,6 +322,7 @@ var init_semantic_fingerprint = __esm({
   "src/codedna/semantic-fingerprint.ts"() {
     "use strict";
     init_esm_shims();
+    init_function_extractor();
   }
 });
 
@@ -366,9 +368,6 @@ function classifyLine(line, language) {
   }
   return null;
 }
-function toRef2(fn) {
-  return { file: fn.file, relativePath: fn.relativePath, name: fn.name, line: fn.line };
-}
 function extractOperationSequences(functions) {
   return functions.map((fn) => {
     const lines = fn.rawBody.split("\n");
@@ -381,7 +380,7 @@ function extractOperationSequences(functions) {
         }
       }
     }
-    return { functionRef: toRef2(fn), sequence };
+    return { functionRef: toFunctionRef(fn), sequence };
   });
 }
 function lcsLength(a, b) {
@@ -456,6 +455,7 @@ var init_operation_sequence = __esm({
   "src/codedna/operation-sequence.ts"() {
     "use strict";
     init_esm_shims();
+    init_function_extractor();
   }
 });
 
@@ -2985,83 +2985,95 @@ var dependenciesAnalyzer = {
     return findings;
   }
 };
-function analyzeJsDeps(ctx) {
-  const findings = [];
-  const pkg = ctx.packageJson;
-  const declared = /* @__PURE__ */ new Set([
-    ...Object.keys(pkg.dependencies ?? {}),
-    ...Object.keys(pkg.devDependencies ?? {}),
-    ...Object.keys(pkg.peerDependencies ?? {}),
-    ...Object.keys(pkg.optionalDependencies ?? {})
-  ]);
-  const isMonorepo = [
-    ...Object.values(pkg.dependencies ?? {}),
-    ...Object.values(pkg.devDependencies ?? {})
-  ].some(
-    (v) => typeof v === "string" && (v.startsWith("workspace:") || v === "*")
-  );
-  const hasWorkspaces = !!pkg.workspaces;
+function collectImportedPackages(files) {
   const imported = /* @__PURE__ */ new Set();
   const importLocations = /* @__PURE__ */ new Map();
-  const jsFiles = ctx.files.filter(
-    (f) => (f.language === "javascript" || f.language === "typescript") && !FIXTURE_PATH_PATTERN.test(f.relativePath)
-  );
-  for (const file of jsFiles) {
+  for (const file of files) {
     for (const pattern of JS_IMPORT_PATTERNS) {
       const regex = new RegExp(pattern.source, pattern.flags);
       let match;
       while ((match = regex.exec(file.content)) !== null) {
-        const pkg2 = extractJsPackageName(match[1]);
-        if (NODE_BUILTINS.has(pkg2) || pkg2.startsWith("node:") || pkg2.startsWith("@/") || pkg2.startsWith("~")) continue;
-        imported.add(pkg2);
-        if (!importLocations.has(pkg2)) importLocations.set(pkg2, []);
-        importLocations.get(pkg2).push({
+        const pkg = extractJsPackageName(match[1]);
+        if (NODE_BUILTINS.has(pkg) || pkg.startsWith("node:") || pkg.startsWith("@/") || pkg.startsWith("~")) continue;
+        imported.add(pkg);
+        if (!importLocations.has(pkg)) importLocations.set(pkg, []);
+        importLocations.get(pkg).push({
           file: file.relativePath,
           line: file.content.slice(0, match.index).split("\n").length
         });
       }
     }
   }
+  return { imported, importLocations };
+}
+function detectPhantomDeps(declared, imported, devToolPatterns) {
   const phantom = [...declared].filter((d) => !imported.has(d));
   const realPhantom = phantom.filter(
-    (p) => !DEV_TOOL_PATTERNS.some((pat) => p.includes(pat))
+    (p) => !devToolPatterns.some((pat) => p.includes(pat))
   );
   if (realPhantom.length > 0) {
-    findings.push({
+    return [{
       analyzerId: "dependencies",
       severity: realPhantom.length > 5 ? "error" : "warning",
       confidence: 0.75,
       message: `${realPhantom.length} phantom dependencies (declared but unused): ${realPhantom.slice(0, 5).join(", ")}${realPhantom.length > 5 ? "..." : ""}`,
       locations: realPhantom.map((p) => ({ file: "package.json" })),
       tags: ["deps", "phantom", "js"]
-    });
-  }
-  const ALIAS_PATTERNS = [
-    /^#/,
-    /^virtual:/,
-    /^vite\//,
-    /^next\//,
-    /^\$/,
-    /^server-only$/,
-    /^client-only$/
-  ];
+    }];
+  }
+  return [];
+}
+var ALIAS_PATTERNS = [
+  /^#/,
+  /^virtual:/,
+  /^vite\//,
+  /^next\//,
+  /^\$/,
+  /^server-only$/,
+  /^client-only$/
+];
+function detectMissingDeps(declared, imported, isMonorepo, importLocations) {
   const missing = [...imported].filter((i) => {
     if (declared.has(i)) return false;
     if (ALIAS_PATTERNS.some((p) => p.test(i))) return false;
     return true;
   });
-  const missingConfidence = isMonorepo || hasWorkspaces ? 0.4 : 0.75;
-  const missingSeverity = isMonorepo || hasWorkspaces ? "warning" : "error";
+  const missingConfidence = isMonorepo ? 0.4 : 0.75;
+  const missingSeverity = isMonorepo ? "warning" : "error";
   if (missing.length > 0) {
-    findings.push({
+    return [{
       analyzerId: "dependencies",
       severity: missingSeverity,
       confidence: missingConfidence,
-      message: `${missing.length} packages imported but not in package.json: ${missing.slice(0, 5).join(", ")}${missing.length > 5 ? "..." : ""}${isMonorepo || hasWorkspaces ? " (may be workspace packages)" : ""}`,
+      message: `${missing.length} packages imported but not in package.json: ${missing.slice(0, 5).join(", ")}${missing.length > 5 ? "..." : ""}${isMonorepo ? " (may be workspace packages)" : ""}`,
       locations: missing.slice(0, 5).flatMap((p) => importLocations.get(p) ?? []),
       tags: ["deps", "missing", "js"]
-    });
+    }];
   }
+  return [];
+}
+function analyzeJsDeps(ctx) {
+  const findings = [];
+  const pkg = ctx.packageJson;
+  const declared = /* @__PURE__ */ new Set([
+    ...Object.keys(pkg.dependencies ?? {}),
+    ...Object.keys(pkg.devDependencies ?? {}),
+    ...Object.keys(pkg.peerDependencies ?? {}),
+    ...Object.keys(pkg.optionalDependencies ?? {})
+  ]);
+  const isMonorepo = [
+    ...Object.values(pkg.dependencies ?? {}),
+    ...Object.values(pkg.devDependencies ?? {})
+  ].some(
+    (v) => typeof v === "string" && (v.startsWith("workspace:") || v === "*")
+  );
+  const hasWorkspaces = !!pkg.workspaces;
+  const jsFiles = ctx.files.filter(
+    (f) => (f.language === "javascript" || f.language === "typescript") && !FIXTURE_PATH_PATTERN.test(f.relativePath)
+  );
+  const { imported, importLocations } = collectImportedPackages(jsFiles);
+  findings.push(...detectPhantomDeps(declared, imported, DEV_TOOL_PATTERNS));
+  findings.push(...detectMissingDeps(declared, imported, isMonorepo || hasWorkspaces, importLocations));
   return findings;
 }
 function analyzeGoDeps(ctx) {
@@ -4392,43 +4404,24 @@ function detectLongFunctions(ctx) {
   }
   return findings;
 }
-function detectLowDocumentation(ctx) {
-  const findings = [];
-  const underdocumented = [];
-  for (const file of ctx.files) {
-    if (file.lineCount < 100) continue;
-    const lines = file.content.split("\n");
-    let commentLines = 0;
-    for (const line of lines) {
-      const trimmed = line.trim();
-      if (trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("/*") || trimmed.startsWith("*") || trimmed.startsWith("///") || trimmed.startsWith('"""')) {
-        commentLines++;
-      }
-    }
-    const ratio = commentLines / file.lineCount;
-    if (ratio < 0.05) {
-      underdocumented.push({
-        file: file.relativePath,
-        lines: file.lineCount,
-        commentRatio: Math.round(ratio * 100)
-      });
+function countFileCommentDensity(file) {
+  const lines = file.content.split("\n");
+  let commentLines = 0;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("/*") || trimmed.startsWith("*") || trimmed.startsWith("///") || trimmed.startsWith('"""')) {
+      commentLines++;
     }
   }
-  if (underdocumented.length > 2) {
-    findings.push({
-      analyzerId: "intent-clarity",
-      severity: underdocumented.length > 5 ? "warning" : "info",
-      confidence: 0.6,
-      message: `${underdocumented.length} files over 100 lines have <5% comment density \u2014 intent may be unclear to maintainers`,
-      locations: underdocumented.slice(0, 10).map((f) => ({
-        file: f.file,
-        snippet: `${f.lines} lines, ${f.commentRatio}% comments`
-      })),
-      tags: ["intent", "documentation"]
-    });
-  }
+  return {
+    lines: file.lineCount,
+    commentLines,
+    density: commentLines / file.lineCount
+  };
+}
+function findUndocumentedExports(files) {
   const undocumentedExports = [];
-  for (const file of ctx.files) {
+  for (const file of files) {
     if (!file.language) continue;
     const lines = file.content.split("\n");
     for (let i = 0; i < lines.length; i++) {
@@ -4452,6 +4445,36 @@ function detectLowDocumentation(ctx) {
       }
     }
   }
+  return undocumentedExports;
+}
+function detectLowDocumentation(ctx) {
+  const findings = [];
+  const underdocumented = [];
+  for (const file of ctx.files) {
+    if (file.lineCount < 100) continue;
+    const { density } = countFileCommentDensity(file);
+    if (density < 0.05) {
+      underdocumented.push({
+        file: file.relativePath,
+        lines: file.lineCount,
+        commentRatio: Math.round(density * 100)
+      });
+    }
+  }
+  if (underdocumented.length > 2) {
+    findings.push({
+      analyzerId: "intent-clarity",
+      severity: underdocumented.length > 5 ? "warning" : "info",
+      confidence: 0.6,
+      message: `${underdocumented.length} files over 100 lines have <5% comment density \u2014 intent may be unclear to maintainers`,
+      locations: underdocumented.slice(0, 10).map((f) => ({
+        file: f.file,
+        snippet: `${f.lines} lines, ${f.commentRatio}% comments`
+      })),
+      tags: ["intent", "documentation"]
+    });
+  }
+  const undocumentedExports = findUndocumentedExports(ctx.files);
   if (undocumentedExports.length > 10) {
     const ratio = ctx.files.length > 0 ? Math.round(undocumentedExports.length / ctx.files.length * 10) / 10 : 0;
     findings.push({
@@ -4538,8 +4561,7 @@ var deadCodeAnalyzer = {
     return findings;
   }
 };
-function analyzeJsDeadExports(files) {
-  const findings = [];
+function buildExportMap(files) {
   const exports = [];
   for (const file of files) {
     if (isEntryPoint(file.relativePath)) continue;
@@ -4586,6 +4608,9 @@ function analyzeJsDeadExports(files) {
       }
     }
   }
+  return exports;
+}
+function buildImportSet(files) {
   const importedNames = /* @__PURE__ */ new Set();
   for (const file of files) {
     for (const pattern of IMPORT_PATTERNS_JS) {
@@ -4604,10 +4629,19 @@ function analyzeJsDeadExports(files) {
       }
     }
   }
-  const allContent = files.map((f) => f.content).join("\n");
-  const deadExports = exports.filter(
+  return importedNames;
+}
+function identifyDeadExports(exports, importedNames, allContent) {
+  return exports.filter(
     (e) => !importedNames.has(e.name) && countOccurrences(allContent, e.name) <= 1
   );
+}
+function analyzeJsDeadExports(files) {
+  const findings = [];
+  const exports = buildExportMap(files);
+  const importedNames = buildImportSet(files);
+  const allContent = files.map((f) => f.content).join("\n");
+  const deadExports = identifyDeadExports(exports, importedNames, allContent);
   if (deadExports.length > 3) {
     findings.push({
       analyzerId: "dead-code",
@@ -4749,19 +4783,13 @@ var languageSpecificAnalyzer = {
     return findings;
   }
 };
-function analyzeGo(files) {
-  const findings = [];
-  let uncheckedErrors = 0;
-  const uncheckedLocations = [];
-  let nakedGoroutines = 0;
-  const goroutineLocations = [];
-  let unsafeMutex = 0;
-  const mutexLocations = [];
+function detectGoUncheckedErrors(files) {
+  let count = 0;
+  const locations = [];
   for (const file of files) {
     const lines = file.content.split("\n");
     for (let i = 0; i < lines.length; i++) {
-      const line = lines[i];
-      const trimmed = line.trim();
+      const trimmed = lines[i].trim();
       if (/\berr\s*[:=]/.test(trimmed) && !trimmed.startsWith("//")) {
         let nextLine = "";
         for (let j = i + 1; j < Math.min(i + 4, lines.length); j++) {
@@ -4772,57 +4800,86 @@ function analyzeGo(files) {
           }
         }
         if (nextLine && !nextLine.includes("err") && !nextLine.startsWith("return")) {
-          uncheckedErrors++;
-          uncheckedLocations.push({
+          count++;
+          locations.push({
             file: file.relativePath,
             line: i + 1,
             snippet: trimmed.slice(0, 80)
           });
         }
       }
+    }
+  }
+  return { count, locations };
+}
+function detectGoNakedGoroutines(files) {
+  let count = 0;
+  const locations = [];
+  for (const file of files) {
+    const lines = file.content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
       if (/^\s*go\s+func\s*\(/.test(line) || /^\s*go\s+\w+\s*\(/.test(line)) {
         const nearby = lines.slice(Math.max(0, i - 2), i + 3).join(" ");
         if (!/\bctx\b/.test(nearby) && !/context\./.test(nearby)) {
-          nakedGoroutines++;
-          goroutineLocations.push({ file: file.relativePath, line: i + 1 });
+          count++;
+          locations.push({ file: file.relativePath, line: i + 1 });
         }
       }
+    }
+  }
+  return { count, locations };
+}
+function detectGoUnsafeMutex(files) {
+  let count = 0;
+  const locations = [];
+  for (const file of files) {
+    const lines = file.content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+      const trimmed = lines[i].trim();
       if (/\.Lock\(\)/.test(trimmed)) {
         const nextLines = lines.slice(i + 1, i + 4).join(" ");
         if (!/defer\s+.*\.Unlock\(\)/.test(nextLines) && !/\.Unlock\(\)/.test(trimmed)) {
-          unsafeMutex++;
-          mutexLocations.push({ file: file.relativePath, line: i + 1 });
+          count++;
+          locations.push({ file: file.relativePath, line: i + 1 });
         }
       }
     }
   }
-  if (uncheckedErrors > 0) {
+  return { count, locations };
+}
+function analyzeGo(files) {
+  const findings = [];
+  const uncheckedErrors = detectGoUncheckedErrors(files);
+  const nakedGoroutines = detectGoNakedGoroutines(files);
+  const unsafeMutex = detectGoUnsafeMutex(files);
+  if (uncheckedErrors.count > 0) {
     findings.push({
       analyzerId: "language-specific",
-      severity: uncheckedErrors > 10 ? "error" : "warning",
+      severity: uncheckedErrors.count > 10 ? "error" : "warning",
       confidence: 0.7,
-      message: `${uncheckedErrors} potentially unchecked errors in Go code`,
-      locations: uncheckedLocations.slice(0, 10),
+      message: `${uncheckedErrors.count} potentially unchecked errors in Go code`,
+      locations: uncheckedErrors.locations.slice(0, 10),
       tags: ["go", "error-handling", "unchecked-error"]
     });
   }
-  if (nakedGoroutines > 0) {
+  if (nakedGoroutines.count > 0) {
     findings.push({
       analyzerId: "language-specific",
       severity: "warning",
       confidence: 0.6,
-      message: `${nakedGoroutines} goroutines launched without context \u2014 potential leak risk`,
-      locations: goroutineLocations.slice(0, 10),
+      message: `${nakedGoroutines.count} goroutines launched without context \u2014 potential leak risk`,
+      locations: nakedGoroutines.locations.slice(0, 10),
       tags: ["go", "goroutine", "leak"]
     });
   }
-  if (unsafeMutex > 0) {
+  if (unsafeMutex.count > 0) {
     findings.push({
       analyzerId: "language-specific",
       severity: "warning",
       confidence: 0.75,
-      message: `${unsafeMutex} mutex locks without defer Unlock \u2014 risk of deadlock`,
-      locations: mutexLocations.slice(0, 10),
+      message: `${unsafeMutex.count} mutex locks without defer Unlock \u2014 risk of deadlock`,
+      locations: unsafeMutex.locations.slice(0, 10),
       tags: ["go", "mutex", "concurrency"]
     });
   }
@@ -4967,9 +5024,6 @@ var DRIFT_WEIGHTS = {
 
 // src/drift/architectural-contradiction.ts
 init_esm_shims();
-function getLine(content, index) {
-  return content.slice(0, index).split("\n").length;
-}
 function getLineContent(content, lineNum) {
   return (content.split("\n")[lineNum - 1] ?? "").trim();
 }
@@ -4978,7 +5032,7 @@ function extractEvidence(content, pattern, maxResults = 3) {
   const regex = new RegExp(pattern.source, pattern.flags);
   let match;
   while ((match = regex.exec(content)) !== null && evidence.length < maxResults) {
-    const line = getLine(content, match.index);
+    const line = getLineNumber(content, match.index);
     evidence.push({ line, code: getLineContent(content, line) });
   }
   return evidence;
@@ -5072,27 +5126,35 @@ function buildProfile(file) {
   if (dataAccess.length === 0 && errorHandling.length === 0) return null;
   return { file: file.path, language: file.language, dataAccess, errorHandling, config, di };
 }
-function analyzePatternDistribution(profiles, patternNames) {
+function detectFilePattern(patterns) {
+  const fileCounts = /* @__PURE__ */ new Map();
+  for (const { pattern } of patterns) {
+    fileCounts.set(pattern, (fileCounts.get(pattern) ?? 0) + 1);
+  }
+  let primaryPattern = null;
+  let maxCount = 0;
+  for (const [pat, count] of fileCounts) {
+    if (count > maxCount) {
+      maxCount = count;
+      primaryPattern = pat;
+    }
+  }
+  return primaryPattern;
+}
+function buildPatternDistribution(profiles) {
   const counts = /* @__PURE__ */ new Map();
   for (const p of profiles) {
-    const fileCounts = /* @__PURE__ */ new Map();
-    for (const { pattern } of p.patterns) {
-      fileCounts.set(pattern, (fileCounts.get(pattern) ?? 0) + 1);
-    }
-    let primaryPattern = null;
-    let maxCount = 0;
-    for (const [pat, count] of fileCounts) {
-      if (count > maxCount) {
-        maxCount = count;
-        primaryPattern = pat;
-      }
-    }
+    const primaryPattern = detectFilePattern(p.patterns);
     if (!primaryPattern) continue;
     if (!counts.has(primaryPattern)) counts.set(primaryPattern, { count: 0, files: [] });
     const entry = counts.get(primaryPattern);
     entry.count++;
     entry.files.push(p.file);
   }
+  return counts;
+}
+function analyzePatternDistribution(profiles, patternNames) {
+  const counts = buildPatternDistribution(profiles);
   if (counts.size < 2) return null;
   let dominant = null;
   let dominantCount = 0;
@@ -5263,29 +5325,40 @@ function extractSymbols(file) {
   }
   return symbols;
 }
-function analyzeFileNaming(files) {
-  const fileNameConventions = /* @__PURE__ */ new Map();
-  for (const file of files) {
-    const basename2 = file.path.split("/").pop()?.replace(/\.[^.]+$/, "") ?? "";
-    if (basename2.length <= 1) continue;
-    if (/(?:test|spec|config|setup|__)/i.test(basename2)) continue;
-    const conv = classifyName(basename2);
-    if (!conv) continue;
-    if (!fileNameConventions.has(conv)) fileNameConventions.set(conv, []);
-    fileNameConventions.get(conv).push(file.path);
-  }
-  if (fileNameConventions.size < 2) return null;
+function classifyBaseName(filePath) {
+  const basename2 = filePath.split("/").pop()?.replace(/\.[^.]+$/, "") ?? "";
+  if (basename2.length <= 1) return null;
+  if (/(?:test|spec|config|setup|__)/i.test(basename2)) return null;
+  const convention = classifyName(basename2);
+  if (!convention) return null;
+  return { basename: basename2, convention };
+}
+function findDominantConvention(fileNameConventions) {
   let dominant = null;
   let maxCount = 0;
   let totalFiles = 0;
-  for (const [conv, files2] of fileNameConventions) {
-    totalFiles += files2.length;
-    if (files2.length > maxCount) {
-      maxCount = files2.length;
+  for (const [conv, files] of fileNameConventions) {
+    totalFiles += files.length;
+    if (files.length > maxCount) {
+      maxCount = files.length;
       dominant = conv;
     }
   }
   if (!dominant || maxCount === totalFiles) return null;
+  return { dominant, maxCount, totalFiles };
+}
+function analyzeFileNaming(files) {
+  const fileNameConventions = /* @__PURE__ */ new Map();
+  for (const file of files) {
+    const classified = classifyBaseName(file.path);
+    if (!classified) continue;
+    if (!fileNameConventions.has(classified.convention)) fileNameConventions.set(classified.convention, []);
+    fileNameConventions.get(classified.convention).push(file.path);
+  }
+  if (fileNameConventions.size < 2) return null;
+  const result = findDominantConvention(fileNameConventions);
+  if (!result) return null;
+  const { dominant, maxCount, totalFiles } = result;
   const deviating = [];
   for (const [conv, filePaths] of fileNameConventions) {
     if (conv === dominant) continue;
@@ -5851,131 +5924,147 @@ function buildUsageGraph(files) {
   }
   return usage;
 }
+function isReferencedExternally(name, usage, currentFile, allRoutes) {
+  const references = usage.get(name);
+  const usedExternally = references && [...references].some((f) => f !== currentFile);
+  const isRouted = allRoutes.some(
+    (r) => r.handlerName.includes(name) || r.handlerName.endsWith("." + name)
+  );
+  return !!(usedExternally || isRouted);
+}
+function detectScaffoldingPattern(filePath, crudFunctions, usage, allRoutes) {
+  const usedFunctions = [];
+  const unusedFunctions = [];
+  for (const fn of crudFunctions) {
+    if (isReferencedExternally(fn.name, usage, filePath, allRoutes)) {
+      usedFunctions.push(fn);
+    } else {
+      unusedFunctions.push(fn);
+    }
+  }
+  if (unusedFunctions.length < 2 || usedFunctions.length < 1) return null;
+  const usedTypes = usedFunctions.map((f) => f.crudType);
+  const unusedTypes = unusedFunctions.map((f) => f.crudType);
+  const isScaffoldingLike = usedTypes.some((t) => t === "read" || t === "list") && unusedTypes.some((t) => t === "create" || t === "update" || t === "delete");
+  return {
+    detector: "phantom_scaffolding",
+    driftCategory: "phantom_scaffolding",
+    severity: isScaffoldingLike ? "warning" : "info",
+    confidence: isScaffoldingLike ? 0.8 : 0.6,
+    finding: `CRUD scaffolding detected in ${filePath} \u2014 ${usedFunctions.length} functions used, ${unusedFunctions.length} appear unused`,
+    dominantPattern: "used CRUD operations",
+    dominantCount: usedFunctions.length,
+    totalRelevantFiles: usedFunctions.length + unusedFunctions.length,
+    consistencyScore: Math.round(usedFunctions.length / (usedFunctions.length + unusedFunctions.length) * 100),
+    deviatingFiles: [{
+      path: filePath,
+      detectedPattern: `unused: ${unusedFunctions.map((f) => f.name).join(", ")}`,
+      evidence: unusedFunctions.slice(0, 5).map((f) => ({
+        line: f.line,
+        code: `${f.name} (${f.crudType}) \u2014 defined but not routed or imported`
+      }))
+    }],
+    recommendation: `${unusedFunctions.map((f) => f.name).join(", ")} are defined in ${filePath.split("/").pop()} but never registered in routes or called externally. This looks like AI-generated CRUD scaffolding \u2014 remove unused handlers or wire them to routes.`
+  };
+}
+function detectUnroutedHandlers(allExports, allRoutes, usage) {
+  const findings = [];
+  const handlerFiles = /* @__PURE__ */ new Map();
+  for (const exp of allExports) {
+    if (exp.crudType === "other") continue;
+    if (!handlerFiles.has(exp.file)) handlerFiles.set(exp.file, []);
+    handlerFiles.get(exp.file).push(exp);
+  }
+  for (const [filePath, functions] of handlerFiles) {
+    const crudFunctions = functions.filter((f) => f.crudType !== "other");
+    if (crudFunctions.length < 2) continue;
+    const finding = detectScaffoldingPattern(filePath, crudFunctions, usage, allRoutes);
+    if (finding) findings.push(finding);
+  }
+  return findings;
+}
+function detectUnusedTypeScaffolding(files, usage) {
+  const findings = [];
+  const typeDefinitions = [];
+  const goMethodReceivers = /* @__PURE__ */ new Set();
+  for (const file of files) {
+    if (file.language !== "go") continue;
+    const receiverPattern = /func\s+\(\s*\w+\s+\*?(\w+)\s*\)/g;
+    let m;
+    while ((m = receiverPattern.exec(file.content)) !== null) {
+      goMethodReceivers.add(m[1]);
+    }
+  }
+  for (const file of files) {
+    if (!file.language) continue;
+    const lines = file.content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      let typeName = null;
+      if (file.language === "go") {
+        const m = line.match(/^type\s+([A-Z]\w+)\s+struct\b/);
+        if (m) typeName = m[1];
+      } else if (file.language === "javascript" || file.language === "typescript") {
+        const m = line.match(/export\s+(?:interface|type|class)\s+(\w+)/);
+        if (m) typeName = m[1];
+      }
+      if (!typeName) continue;
+      if (file.language === "go" && goMethodReceivers.has(typeName)) continue;
+      if (/(?:Request|Response|Params|Config|Options|Input|Output|Payload|Body|DTO)$/i.test(typeName)) continue;
+      typeDefinitions.push({ name: typeName, file: file.path, line: i + 1 });
+    }
+  }
+  const unusedTypesByFile = /* @__PURE__ */ new Map();
+  for (const td of typeDefinitions) {
+    const refs = usage.get(td.name);
+    const usedExternally = refs && [...refs].some((f) => f !== td.file);
+    if (!usedExternally) {
+      if (!unusedTypesByFile.has(td.file)) unusedTypesByFile.set(td.file, []);
+      unusedTypesByFile.get(td.file).push(td);
+    }
+  }
+  for (const [filePath, unusedTypes] of unusedTypesByFile) {
+    if (unusedTypes.length < 3) continue;
+    findings.push({
+      detector: "phantom_scaffolding",
+      subCategory: "unused_types",
+      driftCategory: "phantom_scaffolding",
+      severity: "info",
+      confidence: 0.55,
+      finding: `${unusedTypes.length} types/structs in ${filePath} appear unused outside their file`,
+      dominantPattern: "used types",
+      dominantCount: typeDefinitions.length - unusedTypes.length,
+      totalRelevantFiles: typeDefinitions.length,
+      consistencyScore: Math.round((typeDefinitions.length - unusedTypes.length) / typeDefinitions.length * 100),
+      deviatingFiles: [{
+        path: filePath,
+        detectedPattern: `unused types: ${unusedTypes.map((t) => t.name).join(", ")}`,
+        evidence: unusedTypes.slice(0, 5).map((t) => ({
+          line: t.line,
+          code: `type ${t.name} \u2014 defined but never imported`
+        }))
+      }],
+      recommendation: `${unusedTypes.length} types in ${filePath.split("/").pop()} are never used outside their file. They may be AI-generated scaffolding that was never needed.`
+    });
+  }
+  return findings;
+}
 var phantomScaffolding = {
   id: "phantom-scaffolding",
   name: "Phantom Scaffolding",
   category: "phantom_scaffolding",
   detect(ctx) {
-    const findings = [];
     const allExports = [];
     const allRoutes = [];
     for (const file of ctx.files) {
       allExports.push(...extractExportedFunctions(file));
       allRoutes.push(...extractRouteRegistrations(file));
     }
-    if (allExports.length < 3) return findings;
+    if (allExports.length < 3) return [];
     const usage = buildUsageGraph(ctx.files);
-    const handlerFiles = /* @__PURE__ */ new Map();
-    for (const exp of allExports) {
-      if (exp.crudType === "other") continue;
-      if (!handlerFiles.has(exp.file)) handlerFiles.set(exp.file, []);
-      handlerFiles.get(exp.file).push(exp);
-    }
-    for (const [filePath, functions] of handlerFiles) {
-      const crudFunctions = functions.filter((f) => f.crudType !== "other");
-      if (crudFunctions.length < 2) continue;
-      const usedFunctions = [];
-      const unusedFunctions = [];
-      for (const fn of crudFunctions) {
-        const references = usage.get(fn.name);
-        const usedExternally = references && [...references].some((f) => f !== filePath);
-        const isRouted = allRoutes.some(
-          (r) => r.handlerName.includes(fn.name) || r.handlerName.endsWith("." + fn.name)
-        );
-        if (usedExternally || isRouted) {
-          usedFunctions.push(fn);
-        } else {
-          unusedFunctions.push(fn);
-        }
-      }
-      if (unusedFunctions.length >= 2 && usedFunctions.length >= 1) {
-        const usedTypes = usedFunctions.map((f) => f.crudType);
-        const unusedTypes = unusedFunctions.map((f) => f.crudType);
-        const isScaffoldingPattern = usedTypes.some((t) => t === "read" || t === "list") && unusedTypes.some((t) => t === "create" || t === "update" || t === "delete");
-        findings.push({
-          detector: "phantom_scaffolding",
-          driftCategory: "phantom_scaffolding",
-          severity: isScaffoldingPattern ? "warning" : "info",
-          confidence: isScaffoldingPattern ? 0.8 : 0.6,
-          finding: `CRUD scaffolding detected in ${filePath} \u2014 ${usedFunctions.length} functions used, ${unusedFunctions.length} appear unused`,
-          dominantPattern: "used CRUD operations",
-          dominantCount: usedFunctions.length,
-          totalRelevantFiles: usedFunctions.length + unusedFunctions.length,
-          consistencyScore: Math.round(usedFunctions.length / (usedFunctions.length + unusedFunctions.length) * 100),
-          deviatingFiles: [{
-            path: filePath,
-            detectedPattern: `unused: ${unusedFunctions.map((f) => f.name).join(", ")}`,
-            evidence: unusedFunctions.slice(0, 5).map((f) => ({
-              line: f.line,
-              code: `${f.name} (${f.crudType}) \u2014 defined but not routed or imported`
-            }))
-          }],
-          recommendation: `${unusedFunctions.map((f) => f.name).join(", ")} are defined in ${filePath.split("/").pop()} but never registered in routes or called externally. This looks like AI-generated CRUD scaffolding \u2014 remove unused handlers or wire them to routes.`
-        });
-      }
-    }
-    const typeDefinitions = [];
-    const goMethodReceivers = /* @__PURE__ */ new Set();
-    for (const file of ctx.files) {
-      if (file.language !== "go") continue;
-      const receiverPattern = /func\s+\(\s*\w+\s+\*?(\w+)\s*\)/g;
-      let m;
-      while ((m = receiverPattern.exec(file.content)) !== null) {
-        goMethodReceivers.add(m[1]);
-      }
-    }
-    for (const file of ctx.files) {
-      if (!file.language) continue;
-      const lines = file.content.split("\n");
-      for (let i = 0; i < lines.length; i++) {
-        const line = lines[i];
-        let typeName = null;
-        if (file.language === "go") {
-          const m = line.match(/^type\s+([A-Z]\w+)\s+struct\b/);
-          if (m) typeName = m[1];
-        } else if (file.language === "javascript" || file.language === "typescript") {
-          const m = line.match(/export\s+(?:interface|type|class)\s+(\w+)/);
-          if (m) typeName = m[1];
-        }
-        if (!typeName) continue;
-        if (file.language === "go" && goMethodReceivers.has(typeName)) continue;
-        if (/(?:Request|Response|Params|Config|Options|Input|Output|Payload|Body|DTO)$/i.test(typeName)) continue;
-        typeDefinitions.push({ name: typeName, file: file.path, line: i + 1 });
-      }
-    }
-    const unusedTypesByFile = /* @__PURE__ */ new Map();
-    for (const td of typeDefinitions) {
-      const refs = usage.get(td.name);
-      const usedExternally = refs && [...refs].some((f) => f !== td.file);
-      if (!usedExternally) {
-        if (!unusedTypesByFile.has(td.file)) unusedTypesByFile.set(td.file, []);
-        unusedTypesByFile.get(td.file).push(td);
-      }
-    }
-    for (const [filePath, unusedTypes] of unusedTypesByFile) {
-      if (unusedTypes.length < 3) continue;
-      findings.push({
-        detector: "phantom_scaffolding",
-        subCategory: "unused_types",
-        driftCategory: "phantom_scaffolding",
-        severity: "info",
-        confidence: 0.55,
-        finding: `${unusedTypes.length} types/structs in ${filePath} appear unused outside their file`,
-        dominantPattern: "used types",
-        dominantCount: typeDefinitions.length - unusedTypes.length,
-        totalRelevantFiles: typeDefinitions.length,
-        consistencyScore: Math.round((typeDefinitions.length - unusedTypes.length) / typeDefinitions.length * 100),
-        deviatingFiles: [{
-          path: filePath,
-          detectedPattern: `unused types: ${unusedTypes.map((t) => t.name).join(", ")}`,
-          evidence: unusedTypes.slice(0, 5).map((t) => ({
-            line: t.line,
-            code: `type ${t.name} \u2014 defined but never imported`
-          }))
-        }],
-        recommendation: `${unusedTypes.length} types in ${filePath.split("/").pop()} are never used outside their file. They may be AI-generated scaffolding that was never needed.`
-      });
-    }
+    const findings = [];
+    findings.push(...detectUnroutedHandlers(allExports, allRoutes, usage));
+    findings.push(...detectUnusedTypeScaffolding(ctx.files, usage));
     return findings;
   }
 };
@@ -8042,6 +8131,16 @@ function previewToken(token) {
   if (token.length <= 12) return token.slice(0, 4) + "\u2026";
   return token.slice(0, 12) + "\u2026";
 }
+function describeSource(source) {
+  switch (source) {
+    case "flag":
+      return "command-line flag";
+    case "env":
+      return "VIBEDRIFT_TOKEN environment variable";
+    case "config":
+      return "~/.vibedrift/config.json";
+  }
+}
 
 // src/auth/api.ts
 init_esm_shims();
@@ -8157,18 +8256,7 @@ async function createPortalSession(token, opts) {
 }
 
 // src/cli/commands/scan.ts
-async function runScan(targetPath, options) {
-  const rootDir = resolve(targetPath);
-  try {
-    const info2 = await stat3(rootDir);
-    if (!info2.isDirectory()) {
-      console.error(`Error: ${rootDir} is not a directory`);
-      process.exit(1);
-    }
-  } catch {
-    console.error(`Error: ${rootDir} does not exist`);
-    process.exit(1);
-  }
+async function resolveAuthAndBanner(options) {
   let bearerToken = null;
   let apiUrl = options.apiUrl;
   if (options.deep) {
@@ -8215,10 +8303,11 @@ async function runScan(targetPath, options) {
       console.log("");
     }
   }
-  const startTime = Date.now();
-  const timings = {};
+  return { bearerToken, apiUrl };
+}
+async function runAnalysisPipeline(rootDir, options, spinner) {
   const isTerminal = options.format === "terminal" && !options.json;
-  const spinner = isTerminal ? ora("Discovering files...").start() : null;
+  const timings = {};
   const t0 = Date.now();
   const { ctx, warnings } = await buildAnalysisContext(rootDir);
   const includes = options.include ?? [];
@@ -8281,30 +8370,33 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
       console.error(`[codedna] ${codeDnaResult.duplicateGroups.length} fingerprint duplicates, ${codeDnaResult.sequenceSimilarities.length} sequence matches, ${codeDnaResult.taintFlows.length} taint flows`);
     }
   }
+  return { ctx, allFindings, driftResult, codeDnaResult, timings };
+}
+async function runDeepAnalysis(pipeline, options, bearerToken, apiUrl, spinner) {
+  const { allFindings, ctx, codeDnaResult, driftResult } = pipeline;
+  const timings = {};
   let mlMediumConfidence = [];
-  if (options.deep && bearerToken) {
-    const t5 = Date.now();
-    if (spinner) spinner.text = "Running AI deep analysis (may take ~30s on cold start)...";
-    try {
-      const { runMlAnalysis: runMlAnalysis2 } = await Promise.resolve().then(() => (init_ml_client(), ml_client_exports));
-      const mlResult = await runMlAnalysis2(ctx, codeDnaResult, allFindings, {
-        token: bearerToken,
-        apiUrl,
-        verbose: options.verbose,
-        driftFindings: driftResult.driftFindings,
-        projectName: options.projectName
-      });
-      allFindings.push(...mlResult.highConfidence);
-      mlMediumConfidence = mlResult.mediumConfidence;
-      if (options.verbose) {
-        console.error(`[deep] ${mlResult.highConfidence.length} high-confidence findings shipped, ${mlResult.mediumConfidence.length} sent to LLM, ${mlResult.droppedCount} dropped`);
-      }
-    } catch (err) {
-      console.error(chalk2.red(`[deep] AI analysis failed: ${err.message}`));
-      console.error(chalk2.dim("       The local scan will continue. Run `vibedrift doctor` if this persists."));
+  const t5 = Date.now();
+  if (spinner) spinner.text = "Running AI deep analysis (may take ~30s on cold start)...";
+  try {
+    const { runMlAnalysis: runMlAnalysis2 } = await Promise.resolve().then(() => (init_ml_client(), ml_client_exports));
+    const mlResult = await runMlAnalysis2(ctx, codeDnaResult, allFindings, {
+      token: bearerToken,
+      apiUrl,
+      verbose: options.verbose,
+      driftFindings: driftResult.driftFindings,
+      projectName: options.projectName
+    });
+    allFindings.push(...mlResult.highConfidence);
+    mlMediumConfidence = mlResult.mediumConfidence;
+    if (options.verbose) {
+      console.error(`[deep] ${mlResult.highConfidence.length} high-confidence findings shipped, ${mlResult.mediumConfidence.length} sent to LLM, ${mlResult.droppedCount} dropped`);
     }
-    timings.deep = Date.now() - t5;
+  } catch (err) {
+    console.error(chalk2.red(`[deep] AI analysis failed: ${err.message}`));
+    console.error(chalk2.dim("       The local scan will continue. Run `vibedrift doctor` if this persists."));
   }
+  timings.deep = Date.now() - t5;
   const { deduplicateFindingsAcrossLayers: deduplicateFindingsAcrossLayers2 } = await Promise.resolve().then(() => (init_dedup(), dedup_exports));
   const dedupedCount = allFindings.length;
   const dedupedFindings = deduplicateFindingsAcrossLayers2(allFindings);
@@ -8313,6 +8405,12 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
   }
   allFindings.length = 0;
   allFindings.push(...dedupedFindings);
+  void mlMediumConfidence;
+  return { timings };
+}
+async function buildScanResult(pipeline, options, startTime, timings, bearerToken, apiUrl, spinner) {
+  const { ctx, allFindings, driftResult, codeDnaResult } = pipeline;
+  const rootDir = ctx.rootDir;
   const previousScores = await loadPreviousScores(rootDir);
   if (spinner) spinner.text = "Computing scores...";
   const { scores, compositeScore, maxCompositeScore, perFileScores } = computeScores(
@@ -8362,7 +8460,10 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
       if (options.verbose) console.error(`[summary] Failed: ${err.message}`);
     }
   }
-  await saveScanResult(rootDir, scores, compositeScore);
+  return result;
+}
+async function logAndRender(result, options, bearerToken, apiUrl, rootDir, codeDnaResult) {
+  const { findings: allFindings, compositeScore, maxCompositeScore, scanTimeMs } = result;
   if (bearerToken) {
     try {
       const { logScan: logScan2 } = await Promise.resolve().then(() => (init_log_scan(), log_scan_exports));
@@ -8398,8 +8499,8 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
         payload: {
           project_hash: projectIdentity.hash,
           project_name: projectIdentity.name,
-          language: ctx.dominantLanguage ?? "unknown",
-          file_count: ctx.files.length,
+          language: result.context.dominantLanguage ?? "unknown",
+          file_count: result.context.files.length,
           function_count: codeDnaResult?.functions?.length ?? 0,
           finding_count: allFindings.length,
           score: compositeScore,
@@ -8472,6 +8573,29 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
     process.exit(1);
   }
 }
+async function runScan(targetPath, options) {
+  const rootDir = resolve(targetPath);
+  try {
+    const info2 = await stat3(rootDir);
+    if (!info2.isDirectory()) {
+      console.error(`Error: ${rootDir} is not a directory`);
+      process.exit(1);
+    }
+  } catch {
+    console.error(`Error: ${rootDir} does not exist`);
+    process.exit(1);
+  }
+  const { bearerToken, apiUrl } = await resolveAuthAndBanner(options);
+  const startTime = Date.now();
+  const isTerminal = options.format === "terminal" && !options.json;
+  const spinner = isTerminal ? ora("Discovering files...").start() : null;
+  const pipeline = await runAnalysisPipeline(rootDir, options, spinner);
+  const deepTimings = options.deep && bearerToken ? await runDeepAnalysis(pipeline, options, bearerToken, apiUrl, spinner) : { timings: {} };
+  const timings = { ...pipeline.timings, ...deepTimings.timings };
+  const result = await buildScanResult(pipeline, options, startTime, timings, bearerToken, apiUrl, spinner);
+  await saveScanResult(rootDir, result.scores, result.compositeScore);
+  await logAndRender(result, options, bearerToken, apiUrl, rootDir, pipeline.codeDnaResult);
+}
 
 // src/cli/commands/update.ts
 init_esm_shims();
@@ -8840,16 +8964,6 @@ async function runStatus() {
   }
   console.log("");
 }
-function describeSource(source) {
-  switch (source) {
-    case "flag":
-      return "command-line flag";
-    case "env":
-      return "VIBEDRIFT_TOKEN environment variable";
-    case "config":
-      return "~/.vibedrift/config.json";
-  }
-}
 
 // src/cli/commands/usage.ts
 init_esm_shims();
@@ -9046,7 +9160,7 @@ async function runDoctor() {
   if (!resolved) {
     info("Login state", "not logged in");
   } else {
-    ok("Token source", describeSource2(resolved.source));
+    ok("Token source", describeSource(resolved.source));
     ok("Token preview", previewToken(resolved.token));
     if (resolved.source === "config") {
       if (config.email) ok("Email", config.email);
@@ -9118,16 +9232,6 @@ function bad(value) {
 function info(label, value) {
   console.log(`    ${chalk10.dim("\xB7")} ${label.padEnd(14)} ${chalk10.dim(value)}`);
 }
-function describeSource2(source) {
-  switch (source) {
-    case "flag":
-      return "command-line flag";
-    case "env":
-      return "VIBEDRIFT_TOKEN environment variable";
-    case "config":
-      return "~/.vibedrift/config.json";
-  }
-}
 
 // src/cli/commands/feedback.ts
 init_esm_shims();