npm - @vibedrift/cli - Versions diffs - 0.4.5 → 0.5.0 - Mend

@vibedrift/cli 0.4.5 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -2985,83 +2985,95 @@ var dependenciesAnalyzer = {
     return findings;
   }
 };
-function analyzeJsDeps(ctx) {
-  const findings = [];
-  const pkg = ctx.packageJson;
-  const declared = /* @__PURE__ */ new Set([
-    ...Object.keys(pkg.dependencies ?? {}),
-    ...Object.keys(pkg.devDependencies ?? {}),
-    ...Object.keys(pkg.peerDependencies ?? {}),
-    ...Object.keys(pkg.optionalDependencies ?? {})
-  ]);
-  const isMonorepo = [
-    ...Object.values(pkg.dependencies ?? {}),
-    ...Object.values(pkg.devDependencies ?? {})
-  ].some(
-    (v) => typeof v === "string" && (v.startsWith("workspace:") || v === "*")
-  );
-  const hasWorkspaces = !!pkg.workspaces;
+function collectImportedPackages(files) {
   const imported = /* @__PURE__ */ new Set();
   const importLocations = /* @__PURE__ */ new Map();
-  const jsFiles = ctx.files.filter(
-    (f) => (f.language === "javascript" || f.language === "typescript") && !FIXTURE_PATH_PATTERN.test(f.relativePath)
-  );
-  for (const file of jsFiles) {
+  for (const file of files) {
     for (const pattern of JS_IMPORT_PATTERNS) {
       const regex = new RegExp(pattern.source, pattern.flags);
       let match;
       while ((match = regex.exec(file.content)) !== null) {
-        const pkg2 = extractJsPackageName(match[1]);
-        if (NODE_BUILTINS.has(pkg2) || pkg2.startsWith("node:") || pkg2.startsWith("@/") || pkg2.startsWith("~")) continue;
-        imported.add(pkg2);
-        if (!importLocations.has(pkg2)) importLocations.set(pkg2, []);
-        importLocations.get(pkg2).push({
+        const pkg = extractJsPackageName(match[1]);
+        if (NODE_BUILTINS.has(pkg) || pkg.startsWith("node:") || pkg.startsWith("@/") || pkg.startsWith("~")) continue;
+        imported.add(pkg);
+        if (!importLocations.has(pkg)) importLocations.set(pkg, []);
+        importLocations.get(pkg).push({
           file: file.relativePath,
           line: file.content.slice(0, match.index).split("\n").length
         });
       }
     }
   }
+  return { imported, importLocations };
+}
+function detectPhantomDeps(declared, imported, devToolPatterns) {
   const phantom = [...declared].filter((d) => !imported.has(d));
   const realPhantom = phantom.filter(
-    (p) => !DEV_TOOL_PATTERNS.some((pat) => p.includes(pat))
+    (p) => !devToolPatterns.some((pat) => p.includes(pat))
   );
   if (realPhantom.length > 0) {
-    findings.push({
+    return [{
       analyzerId: "dependencies",
       severity: realPhantom.length > 5 ? "error" : "warning",
       confidence: 0.75,
       message: `${realPhantom.length} phantom dependencies (declared but unused): ${realPhantom.slice(0, 5).join(", ")}${realPhantom.length > 5 ? "..." : ""}`,
       locations: realPhantom.map((p) => ({ file: "package.json" })),
       tags: ["deps", "phantom", "js"]
-    });
-  }
-  const ALIAS_PATTERNS = [
-    /^#/,
-    /^virtual:/,
-    /^vite\//,
-    /^next\//,
-    /^\$/,
-    /^server-only$/,
-    /^client-only$/
-  ];
+    }];
+  }
+  return [];
+}
+var ALIAS_PATTERNS = [
+  /^#/,
+  /^virtual:/,
+  /^vite\//,
+  /^next\//,
+  /^\$/,
+  /^server-only$/,
+  /^client-only$/
+];
+function detectMissingDeps(declared, imported, isMonorepo, importLocations) {
   const missing = [...imported].filter((i) => {
     if (declared.has(i)) return false;
     if (ALIAS_PATTERNS.some((p) => p.test(i))) return false;
     return true;
   });
-  const missingConfidence = isMonorepo || hasWorkspaces ? 0.4 : 0.75;
-  const missingSeverity = isMonorepo || hasWorkspaces ? "warning" : "error";
+  const missingConfidence = isMonorepo ? 0.4 : 0.75;
+  const missingSeverity = isMonorepo ? "warning" : "error";
   if (missing.length > 0) {
-    findings.push({
+    return [{
       analyzerId: "dependencies",
       severity: missingSeverity,
       confidence: missingConfidence,
-      message: `${missing.length} packages imported but not in package.json: ${missing.slice(0, 5).join(", ")}${missing.length > 5 ? "..." : ""}${isMonorepo || hasWorkspaces ? " (may be workspace packages)" : ""}`,
+      message: `${missing.length} packages imported but not in package.json: ${missing.slice(0, 5).join(", ")}${missing.length > 5 ? "..." : ""}${isMonorepo ? " (may be workspace packages)" : ""}`,
       locations: missing.slice(0, 5).flatMap((p) => importLocations.get(p) ?? []),
       tags: ["deps", "missing", "js"]
-    });
+    }];
   }
+  return [];
+}
+function analyzeJsDeps(ctx) {
+  const findings = [];
+  const pkg = ctx.packageJson;
+  const declared = /* @__PURE__ */ new Set([
+    ...Object.keys(pkg.dependencies ?? {}),
+    ...Object.keys(pkg.devDependencies ?? {}),
+    ...Object.keys(pkg.peerDependencies ?? {}),
+    ...Object.keys(pkg.optionalDependencies ?? {})
+  ]);
+  const isMonorepo = [
+    ...Object.values(pkg.dependencies ?? {}),
+    ...Object.values(pkg.devDependencies ?? {})
+  ].some(
+    (v) => typeof v === "string" && (v.startsWith("workspace:") || v === "*")
+  );
+  const hasWorkspaces = !!pkg.workspaces;
+  const jsFiles = ctx.files.filter(
+    (f) => (f.language === "javascript" || f.language === "typescript") && !FIXTURE_PATH_PATTERN.test(f.relativePath)
+  );
+  const { imported, importLocations } = collectImportedPackages(jsFiles);
+  findings.push(...detectPhantomDeps(declared, imported, DEV_TOOL_PATTERNS));
+  findings.push(...detectMissingDeps(declared, imported, isMonorepo || hasWorkspaces, importLocations));
   return findings;
 }
 function analyzeGoDeps(ctx) {
@@ -4392,43 +4404,24 @@ function detectLongFunctions(ctx) {
   }
   return findings;
 }
-function detectLowDocumentation(ctx) {
-  const findings = [];
-  const underdocumented = [];
-  for (const file of ctx.files) {
-    if (file.lineCount < 100) continue;
-    const lines = file.content.split("\n");
-    let commentLines = 0;
-    for (const line of lines) {
-      const trimmed = line.trim();
-      if (trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("/*") || trimmed.startsWith("*") || trimmed.startsWith("///") || trimmed.startsWith('"""')) {
-        commentLines++;
-      }
-    }
-    const ratio = commentLines / file.lineCount;
-    if (ratio < 0.05) {
-      underdocumented.push({
-        file: file.relativePath,
-        lines: file.lineCount,
-        commentRatio: Math.round(ratio * 100)
-      });
+function countFileCommentDensity(file) {
+  const lines = file.content.split("\n");
+  let commentLines = 0;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("/*") || trimmed.startsWith("*") || trimmed.startsWith("///") || trimmed.startsWith('"""')) {
+      commentLines++;
     }
   }
-  if (underdocumented.length > 2) {
-    findings.push({
-      analyzerId: "intent-clarity",
-      severity: underdocumented.length > 5 ? "warning" : "info",
-      confidence: 0.6,
-      message: `${underdocumented.length} files over 100 lines have <5% comment density \u2014 intent may be unclear to maintainers`,
-      locations: underdocumented.slice(0, 10).map((f) => ({
-        file: f.file,
-        snippet: `${f.lines} lines, ${f.commentRatio}% comments`
-      })),
-      tags: ["intent", "documentation"]
-    });
-  }
+  return {
+    lines: file.lineCount,
+    commentLines,
+    density: commentLines / file.lineCount
+  };
+}
+function findUndocumentedExports(files) {
   const undocumentedExports = [];
-  for (const file of ctx.files) {
+  for (const file of files) {
     if (!file.language) continue;
     const lines = file.content.split("\n");
     for (let i = 0; i < lines.length; i++) {
@@ -4452,6 +4445,36 @@ function detectLowDocumentation(ctx) {
       }
     }
   }
+  return undocumentedExports;
+}
+function detectLowDocumentation(ctx) {
+  const findings = [];
+  const underdocumented = [];
+  for (const file of ctx.files) {
+    if (file.lineCount < 100) continue;
+    const { density } = countFileCommentDensity(file);
+    if (density < 0.05) {
+      underdocumented.push({
+        file: file.relativePath,
+        lines: file.lineCount,
+        commentRatio: Math.round(density * 100)
+      });
+    }
+  }
+  if (underdocumented.length > 2) {
+    findings.push({
+      analyzerId: "intent-clarity",
+      severity: underdocumented.length > 5 ? "warning" : "info",
+      confidence: 0.6,
+      message: `${underdocumented.length} files over 100 lines have <5% comment density \u2014 intent may be unclear to maintainers`,
+      locations: underdocumented.slice(0, 10).map((f) => ({
+        file: f.file,
+        snippet: `${f.lines} lines, ${f.commentRatio}% comments`
+      })),
+      tags: ["intent", "documentation"]
+    });
+  }
+  const undocumentedExports = findUndocumentedExports(ctx.files);
   if (undocumentedExports.length > 10) {
     const ratio = ctx.files.length > 0 ? Math.round(undocumentedExports.length / ctx.files.length * 10) / 10 : 0;
     findings.push({
@@ -4538,8 +4561,7 @@ var deadCodeAnalyzer = {
     return findings;
   }
 };
-function analyzeJsDeadExports(files) {
-  const findings = [];
+function buildExportMap(files) {
   const exports = [];
   for (const file of files) {
     if (isEntryPoint(file.relativePath)) continue;
@@ -4586,6 +4608,9 @@ function analyzeJsDeadExports(files) {
       }
     }
   }
+  return exports;
+}
+function buildImportSet(files) {
   const importedNames = /* @__PURE__ */ new Set();
   for (const file of files) {
     for (const pattern of IMPORT_PATTERNS_JS) {
@@ -4604,10 +4629,19 @@ function analyzeJsDeadExports(files) {
       }
     }
   }
-  const allContent = files.map((f) => f.content).join("\n");
-  const deadExports = exports.filter(
+  return importedNames;
+}
+function identifyDeadExports(exports, importedNames, allContent) {
+  return exports.filter(
     (e) => !importedNames.has(e.name) && countOccurrences(allContent, e.name) <= 1
   );
+}
+function analyzeJsDeadExports(files) {
+  const findings = [];
+  const exports = buildExportMap(files);
+  const importedNames = buildImportSet(files);
+  const allContent = files.map((f) => f.content).join("\n");
+  const deadExports = identifyDeadExports(exports, importedNames, allContent);
   if (deadExports.length > 3) {
     findings.push({
       analyzerId: "dead-code",
@@ -4749,19 +4783,13 @@ var languageSpecificAnalyzer = {
     return findings;
   }
 };
-function analyzeGo(files) {
-  const findings = [];
-  let uncheckedErrors = 0;
-  const uncheckedLocations = [];
-  let nakedGoroutines = 0;
-  const goroutineLocations = [];
-  let unsafeMutex = 0;
-  const mutexLocations = [];
+function detectGoUncheckedErrors(files) {
+  let count = 0;
+  const locations = [];
   for (const file of files) {
     const lines = file.content.split("\n");
     for (let i = 0; i < lines.length; i++) {
-      const line = lines[i];
-      const trimmed = line.trim();
+      const trimmed = lines[i].trim();
       if (/\berr\s*[:=]/.test(trimmed) && !trimmed.startsWith("//")) {
         let nextLine = "";
         for (let j = i + 1; j < Math.min(i + 4, lines.length); j++) {
@@ -4772,57 +4800,86 @@ function analyzeGo(files) {
           }
         }
         if (nextLine && !nextLine.includes("err") && !nextLine.startsWith("return")) {
-          uncheckedErrors++;
-          uncheckedLocations.push({
+          count++;
+          locations.push({
             file: file.relativePath,
             line: i + 1,
             snippet: trimmed.slice(0, 80)
           });
         }
       }
+    }
+  }
+  return { count, locations };
+}
+function detectGoNakedGoroutines(files) {
+  let count = 0;
+  const locations = [];
+  for (const file of files) {
+    const lines = file.content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
       if (/^\s*go\s+func\s*\(/.test(line) || /^\s*go\s+\w+\s*\(/.test(line)) {
         const nearby = lines.slice(Math.max(0, i - 2), i + 3).join(" ");
         if (!/\bctx\b/.test(nearby) && !/context\./.test(nearby)) {
-          nakedGoroutines++;
-          goroutineLocations.push({ file: file.relativePath, line: i + 1 });
+          count++;
+          locations.push({ file: file.relativePath, line: i + 1 });
         }
       }
+    }
+  }
+  return { count, locations };
+}
+function detectGoUnsafeMutex(files) {
+  let count = 0;
+  const locations = [];
+  for (const file of files) {
+    const lines = file.content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+      const trimmed = lines[i].trim();
       if (/\.Lock\(\)/.test(trimmed)) {
         const nextLines = lines.slice(i + 1, i + 4).join(" ");
         if (!/defer\s+.*\.Unlock\(\)/.test(nextLines) && !/\.Unlock\(\)/.test(trimmed)) {
-          unsafeMutex++;
-          mutexLocations.push({ file: file.relativePath, line: i + 1 });
+          count++;
+          locations.push({ file: file.relativePath, line: i + 1 });
         }
       }
     }
   }
-  if (uncheckedErrors > 0) {
+  return { count, locations };
+}
+function analyzeGo(files) {
+  const findings = [];
+  const uncheckedErrors = detectGoUncheckedErrors(files);
+  const nakedGoroutines = detectGoNakedGoroutines(files);
+  const unsafeMutex = detectGoUnsafeMutex(files);
+  if (uncheckedErrors.count > 0) {
     findings.push({
       analyzerId: "language-specific",
-      severity: uncheckedErrors > 10 ? "error" : "warning",
+      severity: uncheckedErrors.count > 10 ? "error" : "warning",
       confidence: 0.7,
-      message: `${uncheckedErrors} potentially unchecked errors in Go code`,
-      locations: uncheckedLocations.slice(0, 10),
+      message: `${uncheckedErrors.count} potentially unchecked errors in Go code`,
+      locations: uncheckedErrors.locations.slice(0, 10),
       tags: ["go", "error-handling", "unchecked-error"]
     });
   }
-  if (nakedGoroutines > 0) {
+  if (nakedGoroutines.count > 0) {
     findings.push({
       analyzerId: "language-specific",
       severity: "warning",
       confidence: 0.6,
-      message: `${nakedGoroutines} goroutines launched without context \u2014 potential leak risk`,
-      locations: goroutineLocations.slice(0, 10),
+      message: `${nakedGoroutines.count} goroutines launched without context \u2014 potential leak risk`,
+      locations: nakedGoroutines.locations.slice(0, 10),
       tags: ["go", "goroutine", "leak"]
     });
   }
-  if (unsafeMutex > 0) {
+  if (unsafeMutex.count > 0) {
     findings.push({
       analyzerId: "language-specific",
       severity: "warning",
       confidence: 0.75,
-      message: `${unsafeMutex} mutex locks without defer Unlock \u2014 risk of deadlock`,
-      locations: mutexLocations.slice(0, 10),
+      message: `${unsafeMutex.count} mutex locks without defer Unlock \u2014 risk of deadlock`,
+      locations: unsafeMutex.locations.slice(0, 10),
       tags: ["go", "mutex", "concurrency"]
     });
   }
@@ -5069,27 +5126,35 @@ function buildProfile(file) {
   if (dataAccess.length === 0 && errorHandling.length === 0) return null;
   return { file: file.path, language: file.language, dataAccess, errorHandling, config, di };
 }
-function analyzePatternDistribution(profiles, patternNames) {
+function detectFilePattern(patterns) {
+  const fileCounts = /* @__PURE__ */ new Map();
+  for (const { pattern } of patterns) {
+    fileCounts.set(pattern, (fileCounts.get(pattern) ?? 0) + 1);
+  }
+  let primaryPattern = null;
+  let maxCount = 0;
+  for (const [pat, count] of fileCounts) {
+    if (count > maxCount) {
+      maxCount = count;
+      primaryPattern = pat;
+    }
+  }
+  return primaryPattern;
+}
+function buildPatternDistribution(profiles) {
   const counts = /* @__PURE__ */ new Map();
   for (const p of profiles) {
-    const fileCounts = /* @__PURE__ */ new Map();
-    for (const { pattern } of p.patterns) {
-      fileCounts.set(pattern, (fileCounts.get(pattern) ?? 0) + 1);
-    }
-    let primaryPattern = null;
-    let maxCount = 0;
-    for (const [pat, count] of fileCounts) {
-      if (count > maxCount) {
-        maxCount = count;
-        primaryPattern = pat;
-      }
-    }
+    const primaryPattern = detectFilePattern(p.patterns);
     if (!primaryPattern) continue;
     if (!counts.has(primaryPattern)) counts.set(primaryPattern, { count: 0, files: [] });
     const entry = counts.get(primaryPattern);
     entry.count++;
     entry.files.push(p.file);
   }
+  return counts;
+}
+function analyzePatternDistribution(profiles, patternNames) {
+  const counts = buildPatternDistribution(profiles);
   if (counts.size < 2) return null;
   let dominant = null;
   let dominantCount = 0;
@@ -5260,29 +5325,40 @@ function extractSymbols(file) {
   }
   return symbols;
 }
-function analyzeFileNaming(files) {
-  const fileNameConventions = /* @__PURE__ */ new Map();
-  for (const file of files) {
-    const basename2 = file.path.split("/").pop()?.replace(/\.[^.]+$/, "") ?? "";
-    if (basename2.length <= 1) continue;
-    if (/(?:test|spec|config|setup|__)/i.test(basename2)) continue;
-    const conv = classifyName(basename2);
-    if (!conv) continue;
-    if (!fileNameConventions.has(conv)) fileNameConventions.set(conv, []);
-    fileNameConventions.get(conv).push(file.path);
-  }
-  if (fileNameConventions.size < 2) return null;
+function classifyBaseName(filePath) {
+  const basename2 = filePath.split("/").pop()?.replace(/\.[^.]+$/, "") ?? "";
+  if (basename2.length <= 1) return null;
+  if (/(?:test|spec|config|setup|__)/i.test(basename2)) return null;
+  const convention = classifyName(basename2);
+  if (!convention) return null;
+  return { basename: basename2, convention };
+}
+function findDominantConvention(fileNameConventions) {
   let dominant = null;
   let maxCount = 0;
   let totalFiles = 0;
-  for (const [conv, files2] of fileNameConventions) {
-    totalFiles += files2.length;
-    if (files2.length > maxCount) {
-      maxCount = files2.length;
+  for (const [conv, files] of fileNameConventions) {
+    totalFiles += files.length;
+    if (files.length > maxCount) {
+      maxCount = files.length;
       dominant = conv;
     }
   }
   if (!dominant || maxCount === totalFiles) return null;
+  return { dominant, maxCount, totalFiles };
+}
+function analyzeFileNaming(files) {
+  const fileNameConventions = /* @__PURE__ */ new Map();
+  for (const file of files) {
+    const classified = classifyBaseName(file.path);
+    if (!classified) continue;
+    if (!fileNameConventions.has(classified.convention)) fileNameConventions.set(classified.convention, []);
+    fileNameConventions.get(classified.convention).push(file.path);
+  }
+  if (fileNameConventions.size < 2) return null;
+  const result = findDominantConvention(fileNameConventions);
+  if (!result) return null;
+  const { dominant, maxCount, totalFiles } = result;
   const deviating = [];
   for (const [conv, filePaths] of fileNameConventions) {
     if (conv === dominant) continue;
@@ -5848,131 +5924,147 @@ function buildUsageGraph(files) {
   }
   return usage;
 }
+function isReferencedExternally(name, usage, currentFile, allRoutes) {
+  const references = usage.get(name);
+  const usedExternally = references && [...references].some((f) => f !== currentFile);
+  const isRouted = allRoutes.some(
+    (r) => r.handlerName.includes(name) || r.handlerName.endsWith("." + name)
+  );
+  return !!(usedExternally || isRouted);
+}
+function detectScaffoldingPattern(filePath, crudFunctions, usage, allRoutes) {
+  const usedFunctions = [];
+  const unusedFunctions = [];
+  for (const fn of crudFunctions) {
+    if (isReferencedExternally(fn.name, usage, filePath, allRoutes)) {
+      usedFunctions.push(fn);
+    } else {
+      unusedFunctions.push(fn);
+    }
+  }
+  if (unusedFunctions.length < 2 || usedFunctions.length < 1) return null;
+  const usedTypes = usedFunctions.map((f) => f.crudType);
+  const unusedTypes = unusedFunctions.map((f) => f.crudType);
+  const isScaffoldingLike = usedTypes.some((t) => t === "read" || t === "list") && unusedTypes.some((t) => t === "create" || t === "update" || t === "delete");
+  return {
+    detector: "phantom_scaffolding",
+    driftCategory: "phantom_scaffolding",
+    severity: isScaffoldingLike ? "warning" : "info",
+    confidence: isScaffoldingLike ? 0.8 : 0.6,
+    finding: `CRUD scaffolding detected in ${filePath} \u2014 ${usedFunctions.length} functions used, ${unusedFunctions.length} appear unused`,
+    dominantPattern: "used CRUD operations",
+    dominantCount: usedFunctions.length,
+    totalRelevantFiles: usedFunctions.length + unusedFunctions.length,
+    consistencyScore: Math.round(usedFunctions.length / (usedFunctions.length + unusedFunctions.length) * 100),
+    deviatingFiles: [{
+      path: filePath,
+      detectedPattern: `unused: ${unusedFunctions.map((f) => f.name).join(", ")}`,
+      evidence: unusedFunctions.slice(0, 5).map((f) => ({
+        line: f.line,
+        code: `${f.name} (${f.crudType}) \u2014 defined but not routed or imported`
+      }))
+    }],
+    recommendation: `${unusedFunctions.map((f) => f.name).join(", ")} are defined in ${filePath.split("/").pop()} but never registered in routes or called externally. This looks like AI-generated CRUD scaffolding \u2014 remove unused handlers or wire them to routes.`
+  };
+}
+function detectUnroutedHandlers(allExports, allRoutes, usage) {
+  const findings = [];
+  const handlerFiles = /* @__PURE__ */ new Map();
+  for (const exp of allExports) {
+    if (exp.crudType === "other") continue;
+    if (!handlerFiles.has(exp.file)) handlerFiles.set(exp.file, []);
+    handlerFiles.get(exp.file).push(exp);
+  }
+  for (const [filePath, functions] of handlerFiles) {
+    const crudFunctions = functions.filter((f) => f.crudType !== "other");
+    if (crudFunctions.length < 2) continue;
+    const finding = detectScaffoldingPattern(filePath, crudFunctions, usage, allRoutes);
+    if (finding) findings.push(finding);
+  }
+  return findings;
+}
+function detectUnusedTypeScaffolding(files, usage) {
+  const findings = [];
+  const typeDefinitions = [];
+  const goMethodReceivers = /* @__PURE__ */ new Set();
+  for (const file of files) {
+    if (file.language !== "go") continue;
+    const receiverPattern = /func\s+\(\s*\w+\s+\*?(\w+)\s*\)/g;
+    let m;
+    while ((m = receiverPattern.exec(file.content)) !== null) {
+      goMethodReceivers.add(m[1]);
+    }
+  }
+  for (const file of files) {
+    if (!file.language) continue;
+    const lines = file.content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      let typeName = null;
+      if (file.language === "go") {
+        const m = line.match(/^type\s+([A-Z]\w+)\s+struct\b/);
+        if (m) typeName = m[1];
+      } else if (file.language === "javascript" || file.language === "typescript") {
+        const m = line.match(/export\s+(?:interface|type|class)\s+(\w+)/);
+        if (m) typeName = m[1];
+      }
+      if (!typeName) continue;
+      if (file.language === "go" && goMethodReceivers.has(typeName)) continue;
+      if (/(?:Request|Response|Params|Config|Options|Input|Output|Payload|Body|DTO)$/i.test(typeName)) continue;
+      typeDefinitions.push({ name: typeName, file: file.path, line: i + 1 });
+    }
+  }
+  const unusedTypesByFile = /* @__PURE__ */ new Map();
+  for (const td of typeDefinitions) {
+    const refs = usage.get(td.name);
+    const usedExternally = refs && [...refs].some((f) => f !== td.file);
+    if (!usedExternally) {
+      if (!unusedTypesByFile.has(td.file)) unusedTypesByFile.set(td.file, []);
+      unusedTypesByFile.get(td.file).push(td);
+    }
+  }
+  for (const [filePath, unusedTypes] of unusedTypesByFile) {
+    if (unusedTypes.length < 3) continue;
+    findings.push({
+      detector: "phantom_scaffolding",
+      subCategory: "unused_types",
+      driftCategory: "phantom_scaffolding",
+      severity: "info",
+      confidence: 0.55,
+      finding: `${unusedTypes.length} types/structs in ${filePath} appear unused outside their file`,
+      dominantPattern: "used types",
+      dominantCount: typeDefinitions.length - unusedTypes.length,
+      totalRelevantFiles: typeDefinitions.length,
+      consistencyScore: Math.round((typeDefinitions.length - unusedTypes.length) / typeDefinitions.length * 100),
+      deviatingFiles: [{
+        path: filePath,
+        detectedPattern: `unused types: ${unusedTypes.map((t) => t.name).join(", ")}`,
+        evidence: unusedTypes.slice(0, 5).map((t) => ({
+          line: t.line,
+          code: `type ${t.name} \u2014 defined but never imported`
+        }))
+      }],
+      recommendation: `${unusedTypes.length} types in ${filePath.split("/").pop()} are never used outside their file. They may be AI-generated scaffolding that was never needed.`
+    });
+  }
+  return findings;
+}
 var phantomScaffolding = {
   id: "phantom-scaffolding",
   name: "Phantom Scaffolding",
   category: "phantom_scaffolding",
   detect(ctx) {
-    const findings = [];
     const allExports = [];
     const allRoutes = [];
     for (const file of ctx.files) {
       allExports.push(...extractExportedFunctions(file));
       allRoutes.push(...extractRouteRegistrations(file));
     }
-    if (allExports.length < 3) return findings;
+    if (allExports.length < 3) return [];
     const usage = buildUsageGraph(ctx.files);
-    const handlerFiles = /* @__PURE__ */ new Map();
-    for (const exp of allExports) {
-      if (exp.crudType === "other") continue;
-      if (!handlerFiles.has(exp.file)) handlerFiles.set(exp.file, []);
-      handlerFiles.get(exp.file).push(exp);
-    }
-    for (const [filePath, functions] of handlerFiles) {
-      const crudFunctions = functions.filter((f) => f.crudType !== "other");
-      if (crudFunctions.length < 2) continue;
-      const usedFunctions = [];
-      const unusedFunctions = [];
-      for (const fn of crudFunctions) {
-        const references = usage.get(fn.name);
-        const usedExternally = references && [...references].some((f) => f !== filePath);
-        const isRouted = allRoutes.some(
-          (r) => r.handlerName.includes(fn.name) || r.handlerName.endsWith("." + fn.name)
-        );
-        if (usedExternally || isRouted) {
-          usedFunctions.push(fn);
-        } else {
-          unusedFunctions.push(fn);
-        }
-      }
-      if (unusedFunctions.length >= 2 && usedFunctions.length >= 1) {
-        const usedTypes = usedFunctions.map((f) => f.crudType);
-        const unusedTypes = unusedFunctions.map((f) => f.crudType);
-        const isScaffoldingPattern = usedTypes.some((t) => t === "read" || t === "list") && unusedTypes.some((t) => t === "create" || t === "update" || t === "delete");
-        findings.push({
-          detector: "phantom_scaffolding",
-          driftCategory: "phantom_scaffolding",
-          severity: isScaffoldingPattern ? "warning" : "info",
-          confidence: isScaffoldingPattern ? 0.8 : 0.6,
-          finding: `CRUD scaffolding detected in ${filePath} \u2014 ${usedFunctions.length} functions used, ${unusedFunctions.length} appear unused`,
-          dominantPattern: "used CRUD operations",
-          dominantCount: usedFunctions.length,
-          totalRelevantFiles: usedFunctions.length + unusedFunctions.length,
-          consistencyScore: Math.round(usedFunctions.length / (usedFunctions.length + unusedFunctions.length) * 100),
-          deviatingFiles: [{
-            path: filePath,
-            detectedPattern: `unused: ${unusedFunctions.map((f) => f.name).join(", ")}`,
-            evidence: unusedFunctions.slice(0, 5).map((f) => ({
-              line: f.line,
-              code: `${f.name} (${f.crudType}) \u2014 defined but not routed or imported`
-            }))
-          }],
-          recommendation: `${unusedFunctions.map((f) => f.name).join(", ")} are defined in ${filePath.split("/").pop()} but never registered in routes or called externally. This looks like AI-generated CRUD scaffolding \u2014 remove unused handlers or wire them to routes.`
-        });
-      }
-    }
-    const typeDefinitions = [];
-    const goMethodReceivers = /* @__PURE__ */ new Set();
-    for (const file of ctx.files) {
-      if (file.language !== "go") continue;
-      const receiverPattern = /func\s+\(\s*\w+\s+\*?(\w+)\s*\)/g;
-      let m;
-      while ((m = receiverPattern.exec(file.content)) !== null) {
-        goMethodReceivers.add(m[1]);
-      }
-    }
-    for (const file of ctx.files) {
-      if (!file.language) continue;
-      const lines = file.content.split("\n");
-      for (let i = 0; i < lines.length; i++) {
-        const line = lines[i];
-        let typeName = null;
-        if (file.language === "go") {
-          const m = line.match(/^type\s+([A-Z]\w+)\s+struct\b/);
-          if (m) typeName = m[1];
-        } else if (file.language === "javascript" || file.language === "typescript") {
-          const m = line.match(/export\s+(?:interface|type|class)\s+(\w+)/);
-          if (m) typeName = m[1];
-        }
-        if (!typeName) continue;
-        if (file.language === "go" && goMethodReceivers.has(typeName)) continue;
-        if (/(?:Request|Response|Params|Config|Options|Input|Output|Payload|Body|DTO)$/i.test(typeName)) continue;
-        typeDefinitions.push({ name: typeName, file: file.path, line: i + 1 });
-      }
-    }
-    const unusedTypesByFile = /* @__PURE__ */ new Map();
-    for (const td of typeDefinitions) {
-      const refs = usage.get(td.name);
-      const usedExternally = refs && [...refs].some((f) => f !== td.file);
-      if (!usedExternally) {
-        if (!unusedTypesByFile.has(td.file)) unusedTypesByFile.set(td.file, []);
-        unusedTypesByFile.get(td.file).push(td);
-      }
-    }
-    for (const [filePath, unusedTypes] of unusedTypesByFile) {
-      if (unusedTypes.length < 3) continue;
-      findings.push({
-        detector: "phantom_scaffolding",
-        subCategory: "unused_types",
-        driftCategory: "phantom_scaffolding",
-        severity: "info",
-        confidence: 0.55,
-        finding: `${unusedTypes.length} types/structs in ${filePath} appear unused outside their file`,
-        dominantPattern: "used types",
-        dominantCount: typeDefinitions.length - unusedTypes.length,
-        totalRelevantFiles: typeDefinitions.length,
-        consistencyScore: Math.round((typeDefinitions.length - unusedTypes.length) / typeDefinitions.length * 100),
-        deviatingFiles: [{
-          path: filePath,
-          detectedPattern: `unused types: ${unusedTypes.map((t) => t.name).join(", ")}`,
-          evidence: unusedTypes.slice(0, 5).map((t) => ({
-            line: t.line,
-            code: `type ${t.name} \u2014 defined but never imported`
-          }))
-        }],
-        recommendation: `${unusedTypes.length} types in ${filePath.split("/").pop()} are never used outside their file. They may be AI-generated scaffolding that was never needed.`
-      });
-    }
+    const findings = [];
+    findings.push(...detectUnroutedHandlers(allExports, allRoutes, usage));
+    findings.push(...detectUnusedTypeScaffolding(ctx.files, usage));
     return findings;
   }
 };
@@ -8164,18 +8256,7 @@ async function createPortalSession(token, opts) {
 }
 // src/cli/commands/scan.ts
-async function runScan(targetPath, options) {
-  const rootDir = resolve(targetPath);
-  try {
-    const info2 = await stat3(rootDir);
-    if (!info2.isDirectory()) {
-      console.error(`Error: ${rootDir} is not a directory`);
-      process.exit(1);
-    }
-  } catch {
-    console.error(`Error: ${rootDir} does not exist`);
-    process.exit(1);
-  }
+async function resolveAuthAndBanner(options) {
   let bearerToken = null;
   let apiUrl = options.apiUrl;
   if (options.deep) {
@@ -8222,10 +8303,11 @@ async function runScan(targetPath, options) {
       console.log("");
     }
   }
-  const startTime = Date.now();
-  const timings = {};
+  return { bearerToken, apiUrl };
+}
+async function runAnalysisPipeline(rootDir, options, spinner) {
   const isTerminal = options.format === "terminal" && !options.json;
-  const spinner = isTerminal ? ora("Discovering files...").start() : null;
+  const timings = {};
   const t0 = Date.now();
   const { ctx, warnings } = await buildAnalysisContext(rootDir);
   const includes = options.include ?? [];
@@ -8288,30 +8370,33 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
       console.error(`[codedna] ${codeDnaResult.duplicateGroups.length} fingerprint duplicates, ${codeDnaResult.sequenceSimilarities.length} sequence matches, ${codeDnaResult.taintFlows.length} taint flows`);
     }
   }
+  return { ctx, allFindings, driftResult, codeDnaResult, timings };
+}
+async function runDeepAnalysis(pipeline, options, bearerToken, apiUrl, spinner) {
+  const { allFindings, ctx, codeDnaResult, driftResult } = pipeline;
+  const timings = {};
   let mlMediumConfidence = [];
-  if (options.deep && bearerToken) {
-    const t5 = Date.now();
-    if (spinner) spinner.text = "Running AI deep analysis (may take ~30s on cold start)...";
-    try {
-      const { runMlAnalysis: runMlAnalysis2 } = await Promise.resolve().then(() => (init_ml_client(), ml_client_exports));
-      const mlResult = await runMlAnalysis2(ctx, codeDnaResult, allFindings, {
-        token: bearerToken,
-        apiUrl,
-        verbose: options.verbose,
-        driftFindings: driftResult.driftFindings,
-        projectName: options.projectName
-      });
-      allFindings.push(...mlResult.highConfidence);
-      mlMediumConfidence = mlResult.mediumConfidence;
-      if (options.verbose) {
-        console.error(`[deep] ${mlResult.highConfidence.length} high-confidence findings shipped, ${mlResult.mediumConfidence.length} sent to LLM, ${mlResult.droppedCount} dropped`);
-      }
-    } catch (err) {
-      console.error(chalk2.red(`[deep] AI analysis failed: ${err.message}`));
-      console.error(chalk2.dim("       The local scan will continue. Run `vibedrift doctor` if this persists."));
+  const t5 = Date.now();
+  if (spinner) spinner.text = "Running AI deep analysis (may take ~30s on cold start)...";
+  try {
+    const { runMlAnalysis: runMlAnalysis2 } = await Promise.resolve().then(() => (init_ml_client(), ml_client_exports));
+    const mlResult = await runMlAnalysis2(ctx, codeDnaResult, allFindings, {
+      token: bearerToken,
+      apiUrl,
+      verbose: options.verbose,
+      driftFindings: driftResult.driftFindings,
+      projectName: options.projectName
+    });
+    allFindings.push(...mlResult.highConfidence);
+    mlMediumConfidence = mlResult.mediumConfidence;
+    if (options.verbose) {
+      console.error(`[deep] ${mlResult.highConfidence.length} high-confidence findings shipped, ${mlResult.mediumConfidence.length} sent to LLM, ${mlResult.droppedCount} dropped`);
     }
-    timings.deep = Date.now() - t5;
+  } catch (err) {
+    console.error(chalk2.red(`[deep] AI analysis failed: ${err.message}`));
+    console.error(chalk2.dim("       The local scan will continue. Run `vibedrift doctor` if this persists."));
   }
+  timings.deep = Date.now() - t5;
   const { deduplicateFindingsAcrossLayers: deduplicateFindingsAcrossLayers2 } = await Promise.resolve().then(() => (init_dedup(), dedup_exports));
   const dedupedCount = allFindings.length;
   const dedupedFindings = deduplicateFindingsAcrossLayers2(allFindings);
@@ -8320,6 +8405,12 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
   }
   allFindings.length = 0;
   allFindings.push(...dedupedFindings);
+  void mlMediumConfidence;
+  return { timings };
+}
+async function buildScanResult(pipeline, options, startTime, timings, bearerToken, apiUrl, spinner) {
+  const { ctx, allFindings, driftResult, codeDnaResult } = pipeline;
+  const rootDir = ctx.rootDir;
   const previousScores = await loadPreviousScores(rootDir);
   if (spinner) spinner.text = "Computing scores...";
   const { scores, compositeScore, maxCompositeScore, perFileScores } = computeScores(
@@ -8369,7 +8460,10 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
       if (options.verbose) console.error(`[summary] Failed: ${err.message}`);
     }
   }
-  await saveScanResult(rootDir, scores, compositeScore);
+  return result;
+}
+async function logAndRender(result, options, bearerToken, apiUrl, rootDir, codeDnaResult) {
+  const { findings: allFindings, compositeScore, maxCompositeScore, scanTimeMs } = result;
   if (bearerToken) {
     try {
       const { logScan: logScan2 } = await Promise.resolve().then(() => (init_log_scan(), log_scan_exports));
@@ -8405,8 +8499,8 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
         payload: {
           project_hash: projectIdentity.hash,
           project_name: projectIdentity.name,
-          language: ctx.dominantLanguage ?? "unknown",
-          file_count: ctx.files.length,
+          language: result.context.dominantLanguage ?? "unknown",
+          file_count: result.context.files.length,
           function_count: codeDnaResult?.functions?.length ?? 0,
           finding_count: allFindings.length,
           score: compositeScore,
@@ -8479,6 +8573,29 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
     process.exit(1);
   }
 }
+async function runScan(targetPath, options) {
+  const rootDir = resolve(targetPath);
+  try {
+    const info2 = await stat3(rootDir);
+    if (!info2.isDirectory()) {
+      console.error(`Error: ${rootDir} is not a directory`);
+      process.exit(1);
+    }
+  } catch {
+    console.error(`Error: ${rootDir} does not exist`);
+    process.exit(1);
+  }
+  const { bearerToken, apiUrl } = await resolveAuthAndBanner(options);
+  const startTime = Date.now();
+  const isTerminal = options.format === "terminal" && !options.json;
+  const spinner = isTerminal ? ora("Discovering files...").start() : null;
+  const pipeline = await runAnalysisPipeline(rootDir, options, spinner);
+  const deepTimings = options.deep && bearerToken ? await runDeepAnalysis(pipeline, options, bearerToken, apiUrl, spinner) : { timings: {} };
+  const timings = { ...pipeline.timings, ...deepTimings.timings };
+  const result = await buildScanResult(pipeline, options, startTime, timings, bearerToken, apiUrl, spinner);
+  await saveScanResult(rootDir, result.scores, result.compositeScore);
+  await logAndRender(result, options, bearerToken, apiUrl, rootDir, pipeline.codeDnaResult);
+}
 // src/cli/commands/update.ts
 init_esm_shims();