@vibedrift/cli 0.4.5 → 0.5.1

package/dist/index.js

@@ -598,63 +598,72 @@ function extractAssignedVariable(line) {
   if (pyMatch) return pyMatch[1];
   return null;
 }
-function analyzeFunction(fn) {
-  const flows = [];
-  const lines = fn.rawBody.split("\n");
-  const taintedVars = /* @__PURE__ */ new Map();
-  const langSources = TAINT_SOURCES[fn.language] ?? [];
-  for (let i = 0; i < lines.length; i++) {
-    const line = lines[i];
-    const trimmed = line.trim();
-    for (const src of langSources) {
-      if (src.regex.test(trimmed)) {
-        const varName = extractAssignedVariable(trimmed);
-        if (varName) {
-          taintedVars.set(varName, {
-            name: varName,
-            source: { type: src.label, variable: varName, line: fn.line + i },
-            sanitizedFor: /* @__PURE__ */ new Set()
-          });
+function identifySources(trimmed, langSources, lineNumber, taintedVars) {
+  for (const src of langSources) {
+    if (src.regex.test(trimmed)) {
+      const varName = extractAssignedVariable(trimmed);
+      if (varName) {
+        taintedVars.set(varName, {
+          name: varName,
+          source: { type: src.label, variable: varName, line: lineNumber },
+          sanitizedFor: /* @__PURE__ */ new Set()
+        });
+      }
+    }
+  }
+}
+function checkSanitizers(trimmed, taintedVars) {
+  for (const [varName, tainted] of taintedVars) {
+    if (!trimmed.includes(varName)) continue;
+    for (const san of SANITIZERS) {
+      if (san.regex.test(trimmed)) {
+        if (san.removes === "all") {
+          tainted.sanitizedFor = new Set(ALL_TAINT_CATEGORIES);
+        } else {
+          tainted.sanitizedFor.add(san.removes);
         }
       }
     }
+  }
+}
+function identifySinks(trimmed, fn, lineNumber, taintedVars, flows) {
+  for (const sink of TAINT_SINKS) {
+    if (!sink.regex.test(trimmed)) continue;
     for (const [varName, tainted] of taintedVars) {
       if (!trimmed.includes(varName)) continue;
+      if (tainted.sanitizedFor.has(sink.category)) continue;
+      let inlineSanitized = false;
       for (const san of SANITIZERS) {
-        if (san.regex.test(trimmed)) {
-          if (san.removes === "all") {
-            tainted.sanitizedFor = /* @__PURE__ */ new Set(["sql_injection", "command_injection", "path_traversal", "xss", "ssrf", "code_injection"]);
-          } else {
-            tainted.sanitizedFor.add(san.removes);
-          }
-        }
-      }
-    }
-    for (const sink of TAINT_SINKS) {
-      if (!sink.regex.test(trimmed)) continue;
-      for (const [varName, tainted] of taintedVars) {
-        if (!trimmed.includes(varName)) continue;
-        if (tainted.sanitizedFor.has(sink.category)) continue;
-        let inlineSanitized = false;
-        for (const san of SANITIZERS) {
-          if (san.regex.test(trimmed) && (san.removes === "all" || san.removes === sink.category)) {
-            inlineSanitized = true;
-            break;
-          }
+        if (san.regex.test(trimmed) && (san.removes === "all" || san.removes === sink.category)) {
+          inlineSanitized = true;
+          break;
         }
-        if (inlineSanitized) continue;
-        flows.push({
-          file: fn.file,
-          relativePath: fn.relativePath,
-          functionName: fn.name,
-          source: tainted.source,
-          sink: { type: sink.label, expression: trimmed.slice(0, 100), line: fn.line + i, severity: sink.severity },
-          sanitized: false,
-          language: fn.language
-        });
       }
+      if (inlineSanitized) continue;
+      flows.push({
+        file: fn.file,
+        relativePath: fn.relativePath,
+        functionName: fn.name,
+        source: tainted.source,
+        sink: { type: sink.label, expression: trimmed.slice(0, 100), line: lineNumber, severity: sink.severity },
+        sanitized: false,
+        language: fn.language
+      });
     }
   }
+}
+function analyzeFunction(fn) {
+  const flows = [];
+  const lines = fn.rawBody.split("\n");
+  const taintedVars = /* @__PURE__ */ new Map();
+  const langSources = TAINT_SOURCES[fn.language] ?? [];
+  for (let i = 0; i < lines.length; i++) {
+    const trimmed = lines[i].trim();
+    const lineNumber = fn.line + i;
+    identifySources(trimmed, langSources, lineNumber, taintedVars);
+    checkSanitizers(trimmed, taintedVars);
+    identifySinks(trimmed, fn, lineNumber, taintedVars, flows);
+  }
   return flows;
 }
 function analyzeTaintFlows(functions) {
@@ -683,7 +692,7 @@ function taintFindings(flows) {
     tags: ["codedna", "taint", "security"]
   }));
 }
-var TAINT_SOURCES, TAINT_SINKS, SANITIZERS;
+var TAINT_SOURCES, TAINT_SINKS, SANITIZERS, ALL_TAINT_CATEGORIES;
 var init_taint_analysis = __esm({
   "src/codedna/taint-analysis.ts"() {
     "use strict";
@@ -779,6 +788,7 @@ var init_taint_analysis = __esm({
       { regex: /path\.(?:join|resolve|normalize)\s*\(/, label: "path.join/resolve", removes: "path_traversal" },
       { regex: /filepath\.(?:Clean|Abs)\s*\(/, label: "filepath.Clean", removes: "path_traversal" }
     ];
+    ALL_TAINT_CATEGORIES = /* @__PURE__ */ new Set(["sql_injection", "command_injection", "path_traversal", "xss", "ssrf", "code_injection"]);
   }
 });
 
@@ -803,6 +813,57 @@ function hasExplanatoryComment(content, lines, deviationLine) {
 function isInSpecialDirectory(path2) {
   return SPECIAL_DIRS.test(path2);
 }
+function computeSignalScore(file, devDist, dominantFiles, projectDominant) {
+  const lines = file.content.split("\n");
+  const signals = [];
+  let totalWeight = 0;
+  const sqlComplexity = countComplexSqlSignals(file.content);
+  if (sqlComplexity > 0) {
+    const weight = Math.min(sqlComplexity * 0.15, 0.3);
+    signals.push({ type: "complex_sql", present: true, weight, evidence: `${sqlComplexity} complex SQL indicators` });
+    totalWeight += weight;
+  } else {
+    signals.push({ type: "complex_sql", present: false, weight: 0 });
+  }
+  const firstSignalLine = devDist.signals[0]?.line;
+  if (hasExplanatoryComment(file.content, lines, firstSignalLine)) {
+    signals.push({ type: "explanatory_comment", present: true, weight: 0.2, evidence: "comment explains deviation" });
+    totalWeight += 0.2;
+  } else {
+    signals.push({ type: "no_comment", present: true, weight: -0.1, evidence: "no explanatory comment" });
+    totalWeight -= 0.1;
+  }
+  if (isInSpecialDirectory(devDist.relativePath)) {
+    signals.push({ type: "special_directory", present: true, weight: 0.2, evidence: devDist.relativePath });
+    totalWeight += 0.2;
+  }
+  if (devDist.dominantPattern === "raw_sql" && sqlComplexity === 0) {
+    const hasCrudOnly = /(?:SELECT\s+\*|INSERT\s+INTO|UPDATE\s+\w+\s+SET|DELETE\s+FROM)/i.test(file.content);
+    if (hasCrudOnly) {
+      signals.push({ type: "simple_crud", present: true, weight: -0.3, evidence: "simple CRUD SQL without complex operations" });
+      totalWeight -= 0.3;
+    }
+  }
+  const devDir = devDist.relativePath.includes("/") ? devDist.relativePath.slice(0, devDist.relativePath.lastIndexOf("/")) : ".";
+  const sameDir = dominantFiles.filter((d) => {
+    const dir = d.relativePath.includes("/") ? d.relativePath.slice(0, d.relativePath.lastIndexOf("/")) : ".";
+    return dir === devDir;
+  });
+  if (sameDir.length > 0) {
+    signals.push({ type: "same_directory_as_dominant", present: true, weight: -0.2, evidence: `${sameDir.length} files in same directory use ${projectDominant}` });
+    totalWeight -= 0.2;
+  }
+  return { signals, totalWeight };
+}
+function classifyDeviation(totalWeight) {
+  const rawScore = 0.5 + totalWeight;
+  const justificationScore = Math.max(0, Math.min(1, rawScore));
+  let verdict;
+  if (justificationScore >= 0.6) verdict = "likely_justified";
+  else if (justificationScore <= 0.3) verdict = "likely_accidental";
+  else verdict = "uncertain";
+  return { justificationScore, verdict };
+}
 function scoreDeviations(distributions, files) {
   if (distributions.length < 2) return [];
   const patternCounts = /* @__PURE__ */ new Map();
@@ -824,51 +885,8 @@ function scoreDeviations(distributions, files) {
   for (const devDist of deviatingFiles) {
     const file = files.find((f) => f.path === devDist.file || f.relativePath === devDist.relativePath);
     if (!file) continue;
-    const lines = file.content.split("\n");
-    const signals = [];
-    let totalWeight = 0;
-    const sqlComplexity = countComplexSqlSignals(file.content);
-    if (sqlComplexity > 0) {
-      const weight = Math.min(sqlComplexity * 0.15, 0.3);
-      signals.push({ type: "complex_sql", present: true, weight, evidence: `${sqlComplexity} complex SQL indicators` });
-      totalWeight += weight;
-    } else {
-      signals.push({ type: "complex_sql", present: false, weight: 0 });
-    }
-    const firstSignalLine = devDist.signals[0]?.line;
-    if (hasExplanatoryComment(file.content, lines, firstSignalLine)) {
-      signals.push({ type: "explanatory_comment", present: true, weight: 0.2, evidence: "comment explains deviation" });
-      totalWeight += 0.2;
-    } else {
-      signals.push({ type: "no_comment", present: true, weight: -0.1, evidence: "no explanatory comment" });
-      totalWeight -= 0.1;
-    }
-    if (isInSpecialDirectory(devDist.relativePath)) {
-      signals.push({ type: "special_directory", present: true, weight: 0.2, evidence: devDist.relativePath });
-      totalWeight += 0.2;
-    }
-    if (devDist.dominantPattern === "raw_sql" && sqlComplexity === 0) {
-      const hasCrudOnly = /(?:SELECT\s+\*|INSERT\s+INTO|UPDATE\s+\w+\s+SET|DELETE\s+FROM)/i.test(file.content);
-      if (hasCrudOnly) {
-        signals.push({ type: "simple_crud", present: true, weight: -0.3, evidence: "simple CRUD SQL without complex operations" });
-        totalWeight -= 0.3;
-      }
-    }
-    const devDir = devDist.relativePath.includes("/") ? devDist.relativePath.slice(0, devDist.relativePath.lastIndexOf("/")) : ".";
-    const sameDir = dominantFiles.filter((d) => {
-      const dir = d.relativePath.includes("/") ? d.relativePath.slice(0, d.relativePath.lastIndexOf("/")) : ".";
-      return dir === devDir;
-    });
-    if (sameDir.length > 0) {
-      signals.push({ type: "same_directory_as_dominant", present: true, weight: -0.2, evidence: `${sameDir.length} files in same directory use ${projectDominant}` });
-      totalWeight -= 0.2;
-    }
-    const rawScore = 0.5 + totalWeight;
-    const justificationScore = Math.max(0, Math.min(1, rawScore));
-    let verdict;
-    if (justificationScore >= 0.6) verdict = "likely_justified";
-    else if (justificationScore <= 0.3) verdict = "likely_accidental";
-    else verdict = "uncertain";
+    const { signals, totalWeight } = computeSignalScore(file, devDist, dominantFiles, projectDominant);
+    const { justificationScore, verdict } = classifyDeviation(totalWeight);
     justifications.push({
       file: devDist.file,
       relativePath: devDist.relativePath,
@@ -1664,10 +1682,8 @@ var sanitize_result_exports = {};
 __export(sanitize_result_exports, {
   sanitizeResultForUpload: () => sanitizeResultForUpload
 });
-function sanitizeResultForUpload(result) {
-  const ctx = result.context;
-  const rootDir = ctx?.rootDir ?? "";
-  const stripPath = (p) => {
+function createStripPath(rootDir) {
+  return (p) => {
     if (!p) return null;
     if (rootDir && p.startsWith(rootDir)) {
       const rel = p.slice(rootDir.length).replace(/^\/+/, "");
@@ -1675,44 +1691,60 @@ function sanitizeResultForUpload(result) {
     }
     return p;
   };
+}
+function createSanitizeNode(stripPath) {
   const sanitizeNode = (node) => {
     if (typeof node === "string") return stripPath(node) ?? node;
     if (Array.isArray(node)) return node.map(sanitizeNode);
-    if (node && typeof node === "object") {
-      const out = {};
-      for (const [k, v] of Object.entries(node)) {
-        if (k === "rootDir") continue;
-        if (k === "files" && Array.isArray(v)) {
-          out[k] = v.map((f) => ({
-            relativePath: stripPath(f.relativePath) ?? f.relativePath,
-            lineCount: f.lineCount,
-            language: f.language
-          }));
-          continue;
-        }
-        if (k === "ast" || k === "treeSitterNode") continue;
-        out[k] = sanitizeNode(v);
-      }
-      return out;
-    }
     if (node instanceof Map) {
-      const obj = {};
-      for (const [k, v] of node.entries()) {
-        const safeKey = typeof k === "string" ? stripPath(k) ?? k : String(k);
-        obj[safeKey] = sanitizeNode(v);
-      }
-      return obj;
+      return sanitizeMapNode(node, stripPath, sanitizeNode);
     }
     if (node instanceof Set) {
       return [...node].map(sanitizeNode);
     }
+    if (node && typeof node === "object") {
+      return sanitizeObjectNode(node, stripPath, sanitizeNode);
+    }
     return node;
   };
-  const envelope = {
+  return sanitizeNode;
+}
+function sanitizeObjectNode(node, stripPath, sanitizeNode) {
+  const out = {};
+  for (const [k, v] of Object.entries(node)) {
+    if (k === "rootDir") continue;
+    if (k === "files" && Array.isArray(v)) {
+      out[k] = sanitizeFilesList(v, stripPath);
+      continue;
+    }
+    if (k === "ast" || k === "treeSitterNode") continue;
+    out[k] = sanitizeNode(v);
+  }
+  return out;
+}
+function sanitizeFilesList(files, stripPath) {
+  return files.map((f) => ({
+    relativePath: stripPath(f.relativePath) ?? f.relativePath,
+    lineCount: f.lineCount,
+    language: f.language
+  }));
+}
+function sanitizeMapNode(node, stripPath, sanitizeNode) {
+  const obj = {};
+  for (const [k, v] of node.entries()) {
+    const safeKey = typeof k === "string" ? stripPath(k) ?? k : String(k);
+    obj[safeKey] = sanitizeNode(v);
+  }
+  return obj;
+}
+function sanitizeResultForUpload(result) {
+  const ctx = result.context;
+  const rootDir = ctx?.rootDir ?? "";
+  const stripPath = createStripPath(rootDir);
+  const sanitizeNode = createSanitizeNode(stripPath);
+  return {
     schema: "vibedrift-scan-result/v1",
-    project: {
-      // populated by the caller, since the CLI knows project_name + hash
-    },
+    project: {},
     language: {
       dominant: ctx?.dominantLanguage ?? null,
       breakdown: sanitizeNode(ctx?.languageBreakdown),
@@ -1734,7 +1766,6 @@ function sanitizeResultForUpload(result) {
     aiSummary: result.aiSummary ?? null,
     scanTimeMs: result.scanTimeMs
   };
-  return envelope;
 }
 var init_sanitize_result = __esm({
   "src/ml-client/sanitize-result.ts"() {
@@ -1757,20 +1788,23 @@ function csvEscape(val) {
 function row(...cells) {
   return cells.map((c) => csvEscape(String(c))).join(",");
 }
-function renderCsvReport(result) {
+function csvMetadata(result) {
+  return [
+    "VIBEDRIFT REPORT",
+    row("Project", result.context.rootDir.split("/").pop() ?? ""),
+    row("Files Scanned", result.context.files.length),
+    row("Total Lines", result.context.totalLines),
+    row("Scan Time (ms)", result.scanTimeMs),
+    row("Composite Score", result.compositeScore),
+    row("Max Score", result.maxCompositeScore),
+    ""
+  ];
+}
+function csvScoreCategories(result) {
   const lines = [];
-  lines.push("VIBEDRIFT REPORT");
-  lines.push(row("Project", result.context.rootDir.split("/").pop() ?? ""));
-  lines.push(row("Files Scanned", result.context.files.length));
-  lines.push(row("Total Lines", result.context.totalLines));
-  lines.push(row("Scan Time (ms)", result.scanTimeMs));
-  lines.push(row("Composite Score", result.compositeScore));
-  lines.push(row("Max Score", result.maxCompositeScore));
-  lines.push("");
   lines.push("CATEGORY SCORES");
   lines.push(row("Category", "Score", "Max Score", "Finding Count"));
-  const cs = result.scores;
-  for (const [key, val] of Object.entries(cs)) {
+  for (const [key, val] of Object.entries(result.scores)) {
     lines.push(row(key, val.score, val.maxScore, val.findingCount));
   }
   lines.push("");
@@ -1787,95 +1821,125 @@ function renderCsvReport(result) {
     }
     lines.push("");
   }
-  if ((result.driftFindings ?? []).length > 0) {
-    lines.push("DRIFT FINDINGS");
-    lines.push(row("Severity", "Category", "Finding", "Dominant Pattern", "Dominant Count", "Total Files", "Consistency %", "Deviating Files", "Recommendation"));
-    for (const d of result.driftFindings) {
-      const devFiles = d.deviatingFiles.map((f) => f.path).join("; ");
-      lines.push(row(
-        d.severity,
-        d.driftCategory,
-        d.finding,
-        d.dominantPattern,
-        d.dominantCount,
-        d.totalRelevantFiles,
-        d.consistencyScore,
-        devFiles,
-        d.recommendation
-      ));
-    }
-    lines.push("");
+  return lines;
+}
+function csvDriftFindings(result) {
+  if ((result.driftFindings ?? []).length === 0) return [];
+  const lines = [];
+  lines.push("DRIFT FINDINGS");
+  lines.push(row("Severity", "Category", "Finding", "Dominant Pattern", "Dominant Count", "Total Files", "Consistency %", "Deviating Files", "Recommendation"));
+  for (const d of result.driftFindings) {
+    const devFiles = d.deviatingFiles.map((f) => f.path).join("; ");
+    lines.push(row(
+      d.severity,
+      d.driftCategory,
+      d.finding,
+      d.dominantPattern,
+      d.dominantCount,
+      d.totalRelevantFiles,
+      d.consistencyScore,
+      devFiles,
+      d.recommendation
+    ));
   }
-  const dna = result.codeDnaResult;
-  if (dna) {
-    if (dna.duplicateGroups?.length > 0) {
-      lines.push("CODE DNA: SEMANTIC DUPLICATES");
-      lines.push(row("Group", "Functions", "Files"));
-      for (const g of dna.duplicateGroups) {
-        const fns = g.functions.map((f) => f.name + "()").join("; ");
-        const files = g.functions.map((f) => f.relativePath || f.file).join("; ");
-        lines.push(row(g.groupId, fns, files));
-      }
-      lines.push("");
-    }
-    if (dna.sequenceSimilarities?.length > 0) {
-      lines.push("CODE DNA: OPERATION SEQUENCE MATCHES");
-      lines.push(row("Function A", "File A", "Function B", "File B", "Similarity %"));
-      for (const s of dna.sequenceSimilarities) {
-        lines.push(row(
-          s.functionA.name,
-          s.functionA.relativePath || s.functionA.file,
-          s.functionB.name,
-          s.functionB.relativePath || s.functionB.file,
-          Math.round(s.similarity * 100)
-        ));
-      }
-      lines.push("");
-    }
-    if (dna.taintFlows?.length > 0) {
-      lines.push("CODE DNA: TAINT FLOWS");
-      lines.push(row("File", "Function", "Source Type", "Source Line", "Sink Type", "Sink Line", "Sanitized"));
-      for (const t of dna.taintFlows) {
-        lines.push(row(
-          t.relativePath || t.file,
-          t.functionName,
-          t.source.type,
-          t.source.line,
-          t.sink.type,
-          t.sink.line,
-          t.sanitized ? "Yes" : "No"
-        ));
-      }
-      lines.push("");
-    }
-    if (dna.deviationJustifications?.length > 0) {
-      lines.push("CODE DNA: DEVIATION ANALYSIS");
-      lines.push(row("File", "Deviating Pattern", "Dominant Pattern", "Verdict", "Score"));
-      for (const dj of dna.deviationJustifications) {
-        lines.push(row(
-          dj.relativePath || dj.file,
-          dj.deviatingPattern,
-          dj.dominantPattern,
-          dj.verdict,
-          Math.round(dj.justificationScore * 100)
-        ));
-      }
-      lines.push("");
-    }
-    if (dna.patternDistributions?.length > 0) {
-      lines.push("CODE DNA: PATTERN DISTRIBUTIONS");
-      lines.push(row("File", "Dominant Pattern", "Confidence", "Internally Inconsistent"));
-      for (const pd of dna.patternDistributions) {
-        lines.push(row(
-          pd.relativePath || pd.file,
-          pd.dominantPattern,
-          Math.round(pd.confidence * 100),
-          pd.isInternallyInconsistent ? "Yes" : "No"
-        ));
-      }
-      lines.push("");
-    }
+  lines.push("");
+  return lines;
+}
+function csvDuplicateGroups(dna) {
+  if (!dna.duplicateGroups?.length) return [];
+  const lines = [];
+  lines.push("CODE DNA: SEMANTIC DUPLICATES");
+  lines.push(row("Group", "Functions", "Files"));
+  for (const g of dna.duplicateGroups) {
+    const fns = g.functions.map((f) => f.name + "()").join("; ");
+    const files = g.functions.map((f) => f.relativePath || f.file).join("; ");
+    lines.push(row(g.groupId, fns, files));
+  }
+  lines.push("");
+  return lines;
+}
+function csvSequenceSimilarities(dna) {
+  if (!dna.sequenceSimilarities?.length) return [];
+  const lines = [];
+  lines.push("CODE DNA: OPERATION SEQUENCE MATCHES");
+  lines.push(row("Function A", "File A", "Function B", "File B", "Similarity %"));
+  for (const s of dna.sequenceSimilarities) {
+    lines.push(row(
+      s.functionA.name,
+      s.functionA.relativePath || s.functionA.file,
+      s.functionB.name,
+      s.functionB.relativePath || s.functionB.file,
+      Math.round(s.similarity * 100)
+    ));
+  }
+  lines.push("");
+  return lines;
+}
+function csvTaintFlows(dna) {
+  if (!dna.taintFlows?.length) return [];
+  const lines = [];
+  lines.push("CODE DNA: TAINT FLOWS");
+  lines.push(row("File", "Function", "Source Type", "Source Line", "Sink Type", "Sink Line", "Sanitized"));
+  for (const t of dna.taintFlows) {
+    lines.push(row(
+      t.relativePath || t.file,
+      t.functionName,
+      t.source.type,
+      t.source.line,
+      t.sink.type,
+      t.sink.line,
+      t.sanitized ? "Yes" : "No"
+    ));
+  }
+  lines.push("");
+  return lines;
+}
+function csvDeviations(dna) {
+  if (!dna.deviationJustifications?.length) return [];
+  const lines = [];
+  lines.push("CODE DNA: DEVIATION ANALYSIS");
+  lines.push(row("File", "Deviating Pattern", "Dominant Pattern", "Verdict", "Score"));
+  for (const dj of dna.deviationJustifications) {
+    lines.push(row(
+      dj.relativePath || dj.file,
+      dj.deviatingPattern,
+      dj.dominantPattern,
+      dj.verdict,
+      Math.round(dj.justificationScore * 100)
+    ));
   }
+  lines.push("");
+  return lines;
+}
+function csvPatterns(dna) {
+  if (!dna.patternDistributions?.length) return [];
+  const lines = [];
+  lines.push("CODE DNA: PATTERN DISTRIBUTIONS");
+  lines.push(row("File", "Dominant Pattern", "Confidence", "Internally Inconsistent"));
+  for (const pd of dna.patternDistributions) {
+    lines.push(row(
+      pd.relativePath || pd.file,
+      pd.dominantPattern,
+      Math.round(pd.confidence * 100),
+      pd.isInternallyInconsistent ? "Yes" : "No"
+    ));
+  }
+  lines.push("");
+  return lines;
+}
+function csvCodeDna(result) {
+  const dna = result.codeDnaResult;
+  if (!dna) return [];
+  return [
+    ...csvDuplicateGroups(dna),
+    ...csvSequenceSimilarities(dna),
+    ...csvTaintFlows(dna),
+    ...csvDeviations(dna),
+    ...csvPatterns(dna)
+  ];
+}
+function csvFindings(result) {
+  const lines = [];
   lines.push("ALL FINDINGS");
   lines.push(row("Severity", "Analyzer", "Confidence %", "Message", "File", "Line", "Tags"));
   for (const f of result.findings) {
@@ -1891,6 +1955,10 @@ function renderCsvReport(result) {
     ));
   }
   lines.push("");
+  return lines;
+}
+function csvPerFileScores(result) {
+  const lines = [];
   lines.push("PER-FILE SCORES");
   lines.push(row("File", "Score", "Finding Count"));
   const fileSorted = [...result.perFileScores.entries()].sort((a, b) => a[1].score - b[1].score);
@@ -1898,21 +1966,35 @@ function renderCsvReport(result) {
     lines.push(row(path2, data.score, data.findings.length));
   }
   lines.push("");
-  if ((result.deepInsights ?? []).length > 0) {
-    lines.push("DEEP ANALYSIS INSIGHTS");
-    lines.push(row("Category", "Severity", "Title", "Description", "Related Files", "Recommendation"));
-    for (const ins of result.deepInsights) {
-      lines.push(row(
-        ins.category,
-        ins.severity,
-        ins.title,
-        ins.description,
-        ins.relatedFiles.join("; "),
-        ins.recommendation ?? ""
-      ));
-    }
+  return lines;
+}
+function csvAiSummary(result) {
+  if ((result.deepInsights ?? []).length === 0) return [];
+  const lines = [];
+  lines.push("DEEP ANALYSIS INSIGHTS");
+  lines.push(row("Category", "Severity", "Title", "Description", "Related Files", "Recommendation"));
+  for (const ins of result.deepInsights) {
+    lines.push(row(
+      ins.category,
+      ins.severity,
+      ins.title,
+      ins.description,
+      ins.relatedFiles.join("; "),
+      ins.recommendation ?? ""
+    ));
   }
-  return lines.join("\n");
+  return lines;
+}
+function renderCsvReport(result) {
+  return [
+    ...csvMetadata(result),
+    ...csvScoreCategories(result),
+    ...csvDriftFindings(result),
+    ...csvCodeDna(result),
+    ...csvFindings(result),
+    ...csvPerFileScores(result),
+    ...csvAiSummary(result)
+  ].join("\n");
 }
 var init_csv = __esm({
   "src/output/csv.ts"() {
@@ -2048,7 +2130,10 @@ function tableRow(cells) {
 function hr() {
   return `<w:p><w:pPr><w:pBdr><w:bottom w:val="single" w:sz="4" w:space="1" w:color="CCCCCC"/></w:pBdr></w:pPr></w:p>`;
 }
-function buildDocumentXml(result) {
+function wrapTable(rows) {
+  return `<w:tbl><w:tblPr>${TABLE_BORDERS}<w:tblW w:w="5000" w:type="pct"/></w:tblPr>${rows}</w:tbl>`;
+}
+function buildDocxTitlePage(result) {
   const parts = [];
   const name = result.context.rootDir.split("/").pop() ?? "project";
   const date = (/* @__PURE__ */ new Date()).toLocaleDateString("en-US", { month: "long", day: "numeric", year: "numeric" });
@@ -2058,6 +2143,10 @@ function buildDocumentXml(result) {
   const langs = [...result.context.languageBreakdown.entries()].map(([l, s]) => `${l}: ${s.files} files`).join(", ");
   parts.push(para(`Languages: ${langs}`));
   parts.push(hr());
+  return parts.join("\n    ");
+}
+function buildDocxScoreTable(result) {
+  const parts = [];
   const pct = result.maxCompositeScore > 0 ? result.compositeScore / result.maxCompositeScore * 100 : 0;
   const grade = pct >= 90 ? "A" : pct >= 75 ? "B" : pct >= 50 ? "C" : pct >= 25 ? "D" : "F";
   parts.push(para("1. SCORE SUMMARY", "Heading1"));
@@ -2071,24 +2160,27 @@ function buildDocumentXml(result) {
     ["Convention Drift", ds.naming_conventions],
     ["Phantom Scaffolding", ds.phantom_scaffolding]
   ];
-  parts.push(tableRow([
+  const headerRow = tableRow([
     tableCellSimple("Category", "D9E2F3", true),
     tableCellSimple("Score", "D9E2F3", true),
     tableCellSimple("Max", "D9E2F3", true),
     tableCellSimple("Findings", "D9E2F3", true)
-  ]));
-  for (const [catName, catScore] of catRows) {
+  ]);
+  const dataRows = catRows.map(([catName, catScore]) => {
     const cs = catScore;
-    parts.push(tableRow([
+    return tableRow([
       tableCellSimple(catName),
       tableCellSimple(String(cs?.score ?? 0)),
       tableCellSimple(String(cs?.maxScore ?? 0)),
       tableCellSimple(String(cs?.findings ?? 0))
-    ]));
-  }
-  const scoreTable = `<w:tbl><w:tblPr><w:tblBorders><w:top w:val="single" w:sz="4" w:color="CCCCCC"/><w:bottom w:val="single" w:sz="4" w:color="CCCCCC"/><w:insideH w:val="single" w:sz="4" w:color="E0E0E0"/><w:insideV w:val="single" w:sz="4" w:color="E0E0E0"/></w:tblBorders><w:tblW w:w="5000" w:type="pct"/></w:tblPr>${parts.splice(-6).join("")}</w:tbl>`;
-  parts.push(scoreTable);
+    ]);
+  }).join("");
+  parts.push(wrapTable(headerRow + dataRows));
   parts.push(hr());
+  return parts.join("\n    ");
+}
+function buildDocxIntentSection(result) {
+  const parts = [];
   parts.push(para("2. CODEBASE INTENT", "Heading1"));
   parts.push(para("The following patterns represent the dominant approach established by the majority of files in this codebase."));
   parts.push(para(""));
@@ -2102,6 +2194,10 @@ function buildDocumentXml(result) {
   }
   if (intentSeen.size === 0) parts.push(para("No dominant patterns detected \u2014 codebase may be too small or highly consistent."));
   parts.push(hr());
+  return parts.join("\n    ");
+}
+function buildDocxDriftSection(result) {
+  const parts = [];
   parts.push(para("3. DRIFT FINDINGS", "Heading1"));
   parts.push(para(`${(result.driftFindings ?? []).length} cross-file contradictions detected.`));
   parts.push(para(""));
@@ -2132,51 +2228,80 @@ function buildDocumentXml(result) {
     }
     parts.push(hr());
   }
-  const dna = result.codeDnaResult;
-  if (dna) {
-    parts.push(para("4. CODE DNA ANALYSIS", "Heading1"));
-    parts.push(para(`${dna.functions?.length ?? 0} functions analyzed in ${dna.timings?.totalMs ?? 0}ms. ${dna.findings?.length ?? 0} findings.`));
-    parts.push(para(""));
-    if (dna.duplicateGroups?.length > 0) {
-      parts.push(para("Semantic Fingerprint Duplicates", "Heading2"));
-      for (const g of dna.duplicateGroups) {
-        const fns = g.functions.map((f) => `${f.name}() in ${f.relativePath || f.file}`).join(", ");
-        parts.push(para(`  Group: ${fns}`));
-      }
-      parts.push(para(""));
-    }
-    if (dna.sequenceSimilarities?.length > 0) {
-      parts.push(para("Operation Sequence Matches", "Heading2"));
-      for (const s of dna.sequenceSimilarities) {
-        parts.push(para(`  ${Math.round(s.similarity * 100)}% match: ${s.functionA.name}() in ${s.functionA.relativePath || s.functionA.file} \u2194 ${s.functionB.name}() in ${s.functionB.relativePath || s.functionB.file}`));
-      }
-      parts.push(para(""));
-    }
-    if (dna.taintFlows?.length > 0) {
-      parts.push(para("Taint Flows", "Heading2"));
-      for (const t of dna.taintFlows) {
-        parts.push(para(`  [${t.sink.severity.toUpperCase()}] ${t.functionName}() in ${t.relativePath || t.file}: ${t.source.type} (line ${t.source.line}) \u2192 ${t.sink.type} (line ${t.sink.line}) \u2014 ${t.sanitized ? "SANITIZED" : "UNSANITIZED"}`));
-      }
-      parts.push(para(""));
-    }
-    if (dna.deviationJustifications?.length > 0) {
-      parts.push(para("Deviation Justification Analysis", "Heading2"));
-      for (const dj of dna.deviationJustifications) {
-        const verdict = dj.verdict === "likely_justified" ? "JUSTIFIED" : dj.verdict === "likely_accidental" ? "ACCIDENTAL" : "UNCERTAIN";
-        parts.push(para(`  [${verdict}] ${dj.relativePath || dj.file}: uses ${dj.deviatingPattern} vs project ${dj.dominantPattern} (score: ${Math.round(dj.justificationScore * 100)}%)`));
-      }
-      parts.push(para(""));
-    }
-    if (dna.patternDistributions?.length > 0) {
-      parts.push(para("Pattern Classification", "Heading2"));
-      for (const pd of dna.patternDistributions) {
-        const mixed = pd.isInternallyInconsistent ? " [MIXED]" : "";
-        parts.push(para(`  ${pd.relativePath || pd.file}: ${pd.dominantPattern} (${Math.round(pd.confidence * 100)}% confidence)${mixed}`));
-      }
-      parts.push(para(""));
-    }
-    parts.push(hr());
+  return parts.join("\n    ");
+}
+function docxDnaDuplicates(dna) {
+  if (!dna.duplicateGroups?.length) return [];
+  const parts = [];
+  parts.push(para("Semantic Fingerprint Duplicates", "Heading2"));
+  for (const g of dna.duplicateGroups) {
+    const fns = g.functions.map((f) => `${f.name}() in ${f.relativePath || f.file}`).join(", ");
+    parts.push(para(`  Group: ${fns}`));
+  }
+  parts.push(para(""));
+  return parts;
+}
+function docxDnaSequences(dna) {
+  if (!dna.sequenceSimilarities?.length) return [];
+  const parts = [];
+  parts.push(para("Operation Sequence Matches", "Heading2"));
+  for (const s of dna.sequenceSimilarities) {
+    parts.push(para(`  ${Math.round(s.similarity * 100)}% match: ${s.functionA.name}() in ${s.functionA.relativePath || s.functionA.file} \u2194 ${s.functionB.name}() in ${s.functionB.relativePath || s.functionB.file}`));
+  }
+  parts.push(para(""));
+  return parts;
+}
+function docxDnaTaintFlows(dna) {
+  if (!dna.taintFlows?.length) return [];
+  const parts = [];
+  parts.push(para("Taint Flows", "Heading2"));
+  for (const t of dna.taintFlows) {
+    parts.push(para(`  [${t.sink.severity.toUpperCase()}] ${t.functionName}() in ${t.relativePath || t.file}: ${t.source.type} (line ${t.source.line}) \u2192 ${t.sink.type} (line ${t.sink.line}) \u2014 ${t.sanitized ? "SANITIZED" : "UNSANITIZED"}`));
+  }
+  parts.push(para(""));
+  return parts;
+}
+function docxDnaDeviations(dna) {
+  if (!dna.deviationJustifications?.length) return [];
+  const parts = [];
+  parts.push(para("Deviation Justification Analysis", "Heading2"));
+  for (const dj of dna.deviationJustifications) {
+    const verdict = dj.verdict === "likely_justified" ? "JUSTIFIED" : dj.verdict === "likely_accidental" ? "ACCIDENTAL" : "UNCERTAIN";
+    parts.push(para(`  [${verdict}] ${dj.relativePath || dj.file}: uses ${dj.deviatingPattern} vs project ${dj.dominantPattern} (score: ${Math.round(dj.justificationScore * 100)}%)`));
+  }
+  parts.push(para(""));
+  return parts;
+}
+function docxDnaPatterns(dna) {
+  if (!dna.patternDistributions?.length) return [];
+  const parts = [];
+  parts.push(para("Pattern Classification", "Heading2"));
+  for (const pd of dna.patternDistributions) {
+    const mixed = pd.isInternallyInconsistent ? " [MIXED]" : "";
+    parts.push(para(`  ${pd.relativePath || pd.file}: ${pd.dominantPattern} (${Math.round(pd.confidence * 100)}% confidence)${mixed}`));
   }
+  parts.push(para(""));
+  return parts;
+}
+function buildDocxCodeDnaSection(result) {
+  const dna = result.codeDnaResult;
+  if (!dna) return "";
+  const parts = [];
+  parts.push(para("4. CODE DNA ANALYSIS", "Heading1"));
+  parts.push(para(`${dna.functions?.length ?? 0} functions analyzed in ${dna.timings?.totalMs ?? 0}ms. ${dna.findings?.length ?? 0} findings.`));
+  parts.push(para(""));
+  parts.push(
+    ...docxDnaDuplicates(dna),
+    ...docxDnaSequences(dna),
+    ...docxDnaTaintFlows(dna),
+    ...docxDnaDeviations(dna),
+    ...docxDnaPatterns(dna)
+  );
+  parts.push(hr());
+  return parts.join("\n    ");
+}
+function buildDocxPerFileTable(result) {
+  const parts = [];
   parts.push(para("5. FILE RANKING", "Heading1"));
   const fileSorted = [...result.perFileScores.entries()].sort((a, b) => a[1].score - b[1].score);
   parts.push(para(`${fileSorted.length} files scanned. Ranked worst to best.`));
@@ -2197,8 +2322,12 @@ function buildDocumentXml(result) {
       tableCellSimple(String(staticCount))
     ]);
   }).join("");
-  parts.push(`<w:tbl><w:tblPr><w:tblBorders><w:top w:val="single" w:sz="4" w:color="CCCCCC"/><w:bottom w:val="single" w:sz="4" w:color="CCCCCC"/><w:insideH w:val="single" w:sz="4" w:color="E0E0E0"/><w:insideV w:val="single" w:sz="4" w:color="E0E0E0"/></w:tblBorders><w:tblW w:w="5000" w:type="pct"/></w:tblPr>${fileHeaderRow}${fileDataRows}</w:tbl>`);
+  parts.push(wrapTable(fileHeaderRow + fileDataRows));
   parts.push(hr());
+  return parts.join("\n    ");
+}
+function buildDocxFindingsTable(result) {
+  const parts = [];
   parts.push(para("6. STATIC ANALYSIS FINDINGS", "Heading1"));
   const statics = result.findings.filter((f) => !f.tags?.includes("drift") && !f.tags?.includes("codedna"));
   parts.push(para(`${statics.length} findings from ${13} static analyzers.`));
@@ -2211,28 +2340,49 @@ function buildDocumentXml(result) {
   }
   if (statics.length > 50) parts.push(para(`... and ${statics.length - 50} more findings.`));
   parts.push(hr());
-  if ((result.deepInsights ?? []).length > 0) {
-    parts.push(para("7. DEEP ANALYSIS INSIGHTS (AI-POWERED)", "Heading1"));
-    for (const ins of result.deepInsights) {
-      const sevStr = ins.severity === "error" ? "CRITICAL" : ins.severity === "warning" ? "WARNING" : "INFO";
-      parts.push(para(`[${sevStr}] ${ins.title}`, "Heading2"));
-      parts.push(para(ins.description));
-      if (ins.relatedFiles.length > 0) parts.push(para(`  Files: ${ins.relatedFiles.join(", ")}`));
-      if (ins.recommendation) {
-        parts.push(boldPara("Recommendation:", "00D4FF"));
-        parts.push(para(`  ${ins.recommendation}`));
-      }
-      parts.push(para(""));
+  return parts.join("\n    ");
+}
+function buildDocxDeepInsights(result) {
+  if ((result.deepInsights ?? []).length === 0) return "";
+  const parts = [];
+  parts.push(para("7. DEEP ANALYSIS INSIGHTS (AI-POWERED)", "Heading1"));
+  for (const ins of result.deepInsights) {
+    const sevStr = ins.severity === "error" ? "CRITICAL" : ins.severity === "warning" ? "WARNING" : "INFO";
+    parts.push(para(`[${sevStr}] ${ins.title}`, "Heading2"));
+    parts.push(para(ins.description));
+    if (ins.relatedFiles.length > 0) parts.push(para(`  Files: ${ins.relatedFiles.join(", ")}`));
+    if (ins.recommendation) {
+      parts.push(boldPara("Recommendation:", "00D4FF"));
+      parts.push(para(`  ${ins.recommendation}`));
     }
-    parts.push(hr());
+    parts.push(para(""));
   }
+  parts.push(hr());
+  return parts.join("\n    ");
+}
+function buildDocxFooter(result) {
+  const parts = [];
   parts.push(para(""));
   parts.push(para(`Generated by VibeDrift v${getVersion()} | ${result.context.files.length} files | ${result.context.totalLines.toLocaleString()} lines | ${(result.scanTimeMs / 1e3).toFixed(1)}s | No data sent externally`));
   parts.push(para("Re-scan: npx vibedrift ."));
+  return parts.join("\n    ");
+}
+function buildDocumentXml(result) {
+  const sections = [
+    buildDocxTitlePage(result),
+    buildDocxScoreTable(result),
+    buildDocxIntentSection(result),
+    buildDocxDriftSection(result),
+    buildDocxCodeDnaSection(result),
+    buildDocxPerFileTable(result),
+    buildDocxFindingsTable(result),
+    buildDocxDeepInsights(result),
+    buildDocxFooter(result)
+  ].filter(Boolean);
   return `<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <w:document xmlns:w="${W}">
   <w:body>
-    ${parts.join("\n    ")}
+    ${sections.join("\n    ")}
     <w:sectPr>
       <w:pgSz w:w="12240" w:h="15840"/>
       <w:pgMar w:top="1440" w:right="1440" w:bottom="1440" w:left="1440"/>
@@ -2250,13 +2400,14 @@ function renderDocxReport(result) {
   ];
   return buildZip(entries);
 }
-var W;
+var W, TABLE_BORDERS;
 var init_docx = __esm({
   "src/output/docx.ts"() {
     "use strict";
     init_esm_shims();
     init_version();
     W = "http://schemas.openxmlformats.org/wordprocessingml/2006/main";
+    TABLE_BORDERS = `<w:tblBorders><w:top w:val="single" w:sz="4" w:color="CCCCCC"/><w:bottom w:val="single" w:sz="4" w:color="CCCCCC"/><w:insideH w:val="single" w:sz="4" w:color="E0E0E0"/><w:insideV w:val="single" w:sz="4" w:color="E0E0E0"/></w:tblBorders>`;
   }
 });
 
@@ -2985,88 +3136,100 @@ var dependenciesAnalyzer = {
     return findings;
   }
 };
-function analyzeJsDeps(ctx) {
-  const findings = [];
-  const pkg = ctx.packageJson;
-  const declared = /* @__PURE__ */ new Set([
-    ...Object.keys(pkg.dependencies ?? {}),
-    ...Object.keys(pkg.devDependencies ?? {}),
-    ...Object.keys(pkg.peerDependencies ?? {}),
-    ...Object.keys(pkg.optionalDependencies ?? {})
-  ]);
-  const isMonorepo = [
-    ...Object.values(pkg.dependencies ?? {}),
-    ...Object.values(pkg.devDependencies ?? {})
-  ].some(
-    (v) => typeof v === "string" && (v.startsWith("workspace:") || v === "*")
-  );
-  const hasWorkspaces = !!pkg.workspaces;
+function collectImportedPackages(files) {
   const imported = /* @__PURE__ */ new Set();
   const importLocations = /* @__PURE__ */ new Map();
-  const jsFiles = ctx.files.filter(
-    (f) => (f.language === "javascript" || f.language === "typescript") && !FIXTURE_PATH_PATTERN.test(f.relativePath)
-  );
-  for (const file of jsFiles) {
+  for (const file of files) {
     for (const pattern of JS_IMPORT_PATTERNS) {
       const regex = new RegExp(pattern.source, pattern.flags);
       let match;
       while ((match = regex.exec(file.content)) !== null) {
-        const pkg2 = extractJsPackageName(match[1]);
-        if (NODE_BUILTINS.has(pkg2) || pkg2.startsWith("node:") || pkg2.startsWith("@/") || pkg2.startsWith("~")) continue;
-        imported.add(pkg2);
-        if (!importLocations.has(pkg2)) importLocations.set(pkg2, []);
-        importLocations.get(pkg2).push({
+        const pkg = extractJsPackageName(match[1]);
+        if (NODE_BUILTINS.has(pkg) || pkg.startsWith("node:") || pkg.startsWith("@/") || pkg.startsWith("~")) continue;
+        imported.add(pkg);
+        if (!importLocations.has(pkg)) importLocations.set(pkg, []);
+        importLocations.get(pkg).push({
           file: file.relativePath,
           line: file.content.slice(0, match.index).split("\n").length
         });
       }
     }
   }
+  return { imported, importLocations };
+}
+function detectPhantomDeps(declared, imported, devToolPatterns) {
   const phantom = [...declared].filter((d) => !imported.has(d));
   const realPhantom = phantom.filter(
-    (p) => !DEV_TOOL_PATTERNS.some((pat) => p.includes(pat))
+    (p) => !devToolPatterns.some((pat) => p.includes(pat))
   );
   if (realPhantom.length > 0) {
-    findings.push({
+    return [{
       analyzerId: "dependencies",
       severity: realPhantom.length > 5 ? "error" : "warning",
       confidence: 0.75,
       message: `${realPhantom.length} phantom dependencies (declared but unused): ${realPhantom.slice(0, 5).join(", ")}${realPhantom.length > 5 ? "..." : ""}`,
       locations: realPhantom.map((p) => ({ file: "package.json" })),
       tags: ["deps", "phantom", "js"]
-    });
-  }
-  const ALIAS_PATTERNS = [
-    /^#/,
-    /^virtual:/,
-    /^vite\//,
-    /^next\//,
-    /^\$/,
-    /^server-only$/,
-    /^client-only$/
-  ];
+    }];
+  }
+  return [];
+}
+var ALIAS_PATTERNS = [
+  /^#/,
+  /^virtual:/,
+  /^vite\//,
+  /^next\//,
+  /^\$/,
+  /^server-only$/,
+  /^client-only$/
+];
+function detectMissingDeps(declared, imported, isMonorepo, importLocations) {
   const missing = [...imported].filter((i) => {
     if (declared.has(i)) return false;
     if (ALIAS_PATTERNS.some((p) => p.test(i))) return false;
     return true;
   });
-  const missingConfidence = isMonorepo || hasWorkspaces ? 0.4 : 0.75;
-  const missingSeverity = isMonorepo || hasWorkspaces ? "warning" : "error";
+  const missingConfidence = isMonorepo ? 0.4 : 0.75;
+  const missingSeverity = isMonorepo ? "warning" : "error";
   if (missing.length > 0) {
-    findings.push({
+    return [{
       analyzerId: "dependencies",
       severity: missingSeverity,
       confidence: missingConfidence,
-      message: `${missing.length} packages imported but not in package.json: ${missing.slice(0, 5).join(", ")}${missing.length > 5 ? "..." : ""}${isMonorepo || hasWorkspaces ? " (may be workspace packages)" : ""}`,
+      message: `${missing.length} packages imported but not in package.json: ${missing.slice(0, 5).join(", ")}${missing.length > 5 ? "..." : ""}${isMonorepo ? " (may be workspace packages)" : ""}`,
       locations: missing.slice(0, 5).flatMap((p) => importLocations.get(p) ?? []),
       tags: ["deps", "missing", "js"]
-    });
+    }];
   }
-  return findings;
+  return [];
 }
-function analyzeGoDeps(ctx) {
+function analyzeJsDeps(ctx) {
   const findings = [];
-  const goMod = ctx.goMod;
+  const pkg = ctx.packageJson;
+  const declared = /* @__PURE__ */ new Set([
+    ...Object.keys(pkg.dependencies ?? {}),
+    ...Object.keys(pkg.devDependencies ?? {}),
+    ...Object.keys(pkg.peerDependencies ?? {}),
+    ...Object.keys(pkg.optionalDependencies ?? {})
+  ]);
+  const isMonorepo = [
+    ...Object.values(pkg.dependencies ?? {}),
+    ...Object.values(pkg.devDependencies ?? {})
+  ].some(
+    (v) => typeof v === "string" && (v.startsWith("workspace:") || v === "*")
+  );
+  const hasWorkspaces = !!pkg.workspaces;
+  const jsFiles = ctx.files.filter(
+    (f) => (f.language === "javascript" || f.language === "typescript") && !FIXTURE_PATH_PATTERN.test(f.relativePath)
+  );
+  const { imported, importLocations } = collectImportedPackages(jsFiles);
+  findings.push(...detectPhantomDeps(declared, imported, DEV_TOOL_PATTERNS));
+  findings.push(...detectMissingDeps(declared, imported, isMonorepo || hasWorkspaces, importLocations));
+  return findings;
+}
+function analyzeGoDeps(ctx) {
+  const findings = [];
+  const goMod = ctx.goMod;
   const declaredPaths = new Set(goMod.require.map((r) => r.path));
   const importedPaths = /* @__PURE__ */ new Set();
   const goFiles = ctx.files.filter((f) => f.language === "go");
@@ -4392,43 +4555,24 @@ function detectLongFunctions(ctx) {
   }
   return findings;
 }
-function detectLowDocumentation(ctx) {
-  const findings = [];
-  const underdocumented = [];
-  for (const file of ctx.files) {
-    if (file.lineCount < 100) continue;
-    const lines = file.content.split("\n");
-    let commentLines = 0;
-    for (const line of lines) {
-      const trimmed = line.trim();
-      if (trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("/*") || trimmed.startsWith("*") || trimmed.startsWith("///") || trimmed.startsWith('"""')) {
-        commentLines++;
-      }
-    }
-    const ratio = commentLines / file.lineCount;
-    if (ratio < 0.05) {
-      underdocumented.push({
-        file: file.relativePath,
-        lines: file.lineCount,
-        commentRatio: Math.round(ratio * 100)
-      });
+function countFileCommentDensity(file) {
+  const lines = file.content.split("\n");
+  let commentLines = 0;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("/*") || trimmed.startsWith("*") || trimmed.startsWith("///") || trimmed.startsWith('"""')) {
+      commentLines++;
     }
   }
-  if (underdocumented.length > 2) {
-    findings.push({
-      analyzerId: "intent-clarity",
-      severity: underdocumented.length > 5 ? "warning" : "info",
-      confidence: 0.6,
-      message: `${underdocumented.length} files over 100 lines have <5% comment density \u2014 intent may be unclear to maintainers`,
-      locations: underdocumented.slice(0, 10).map((f) => ({
-        file: f.file,
-        snippet: `${f.lines} lines, ${f.commentRatio}% comments`
-      })),
-      tags: ["intent", "documentation"]
-    });
-  }
+  return {
+    lines: file.lineCount,
+    commentLines,
+    density: commentLines / file.lineCount
+  };
+}
+function findUndocumentedExports(files) {
   const undocumentedExports = [];
-  for (const file of ctx.files) {
+  for (const file of files) {
     if (!file.language) continue;
     const lines = file.content.split("\n");
     for (let i = 0; i < lines.length; i++) {
@@ -4452,6 +4596,36 @@ function detectLowDocumentation(ctx) {
       }
     }
   }
+  return undocumentedExports;
+}
+function detectLowDocumentation(ctx) {
+  const findings = [];
+  const underdocumented = [];
+  for (const file of ctx.files) {
+    if (file.lineCount < 100) continue;
+    const { density } = countFileCommentDensity(file);
+    if (density < 0.05) {
+      underdocumented.push({
+        file: file.relativePath,
+        lines: file.lineCount,
+        commentRatio: Math.round(density * 100)
+      });
+    }
+  }
+  if (underdocumented.length > 2) {
+    findings.push({
+      analyzerId: "intent-clarity",
+      severity: underdocumented.length > 5 ? "warning" : "info",
+      confidence: 0.6,
+      message: `${underdocumented.length} files over 100 lines have <5% comment density \u2014 intent may be unclear to maintainers`,
+      locations: underdocumented.slice(0, 10).map((f) => ({
+        file: f.file,
+        snippet: `${f.lines} lines, ${f.commentRatio}% comments`
+      })),
+      tags: ["intent", "documentation"]
+    });
+  }
+  const undocumentedExports = findUndocumentedExports(ctx.files);
   if (undocumentedExports.length > 10) {
     const ratio = ctx.files.length > 0 ? Math.round(undocumentedExports.length / ctx.files.length * 10) / 10 : 0;
     findings.push({
@@ -4538,8 +4712,7 @@ var deadCodeAnalyzer = {
     return findings;
   }
 };
-function analyzeJsDeadExports(files) {
-  const findings = [];
+function buildExportMap(files) {
   const exports = [];
   for (const file of files) {
     if (isEntryPoint(file.relativePath)) continue;
@@ -4586,6 +4759,9 @@ function analyzeJsDeadExports(files) {
       }
     }
   }
+  return exports;
+}
+function buildImportSet(files) {
   const importedNames = /* @__PURE__ */ new Set();
   for (const file of files) {
     for (const pattern of IMPORT_PATTERNS_JS) {
@@ -4604,10 +4780,19 @@ function analyzeJsDeadExports(files) {
       }
     }
   }
-  const allContent = files.map((f) => f.content).join("\n");
-  const deadExports = exports.filter(
+  return importedNames;
+}
+function identifyDeadExports(exports, importedNames, allContent) {
+  return exports.filter(
     (e) => !importedNames.has(e.name) && countOccurrences(allContent, e.name) <= 1
   );
+}
+function analyzeJsDeadExports(files) {
+  const findings = [];
+  const exports = buildExportMap(files);
+  const importedNames = buildImportSet(files);
+  const allContent = files.map((f) => f.content).join("\n");
+  const deadExports = identifyDeadExports(exports, importedNames, allContent);
   if (deadExports.length > 3) {
     findings.push({
       analyzerId: "dead-code",
@@ -4749,19 +4934,13 @@ var languageSpecificAnalyzer = {
     return findings;
   }
 };
-function analyzeGo(files) {
-  const findings = [];
-  let uncheckedErrors = 0;
-  const uncheckedLocations = [];
-  let nakedGoroutines = 0;
-  const goroutineLocations = [];
-  let unsafeMutex = 0;
-  const mutexLocations = [];
+function detectGoUncheckedErrors(files) {
+  let count = 0;
+  const locations = [];
   for (const file of files) {
     const lines = file.content.split("\n");
     for (let i = 0; i < lines.length; i++) {
-      const line = lines[i];
-      const trimmed = line.trim();
+      const trimmed = lines[i].trim();
       if (/\berr\s*[:=]/.test(trimmed) && !trimmed.startsWith("//")) {
         let nextLine = "";
         for (let j = i + 1; j < Math.min(i + 4, lines.length); j++) {
@@ -4772,57 +4951,86 @@ function analyzeGo(files) {
           }
         }
         if (nextLine && !nextLine.includes("err") && !nextLine.startsWith("return")) {
-          uncheckedErrors++;
-          uncheckedLocations.push({
+          count++;
+          locations.push({
             file: file.relativePath,
             line: i + 1,
             snippet: trimmed.slice(0, 80)
           });
         }
       }
+    }
+  }
+  return { count, locations };
+}
+function detectGoNakedGoroutines(files) {
+  let count = 0;
+  const locations = [];
+  for (const file of files) {
+    const lines = file.content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
       if (/^\s*go\s+func\s*\(/.test(line) || /^\s*go\s+\w+\s*\(/.test(line)) {
         const nearby = lines.slice(Math.max(0, i - 2), i + 3).join(" ");
         if (!/\bctx\b/.test(nearby) && !/context\./.test(nearby)) {
-          nakedGoroutines++;
-          goroutineLocations.push({ file: file.relativePath, line: i + 1 });
+          count++;
+          locations.push({ file: file.relativePath, line: i + 1 });
         }
       }
+    }
+  }
+  return { count, locations };
+}
+function detectGoUnsafeMutex(files) {
+  let count = 0;
+  const locations = [];
+  for (const file of files) {
+    const lines = file.content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+      const trimmed = lines[i].trim();
       if (/\.Lock\(\)/.test(trimmed)) {
         const nextLines = lines.slice(i + 1, i + 4).join(" ");
         if (!/defer\s+.*\.Unlock\(\)/.test(nextLines) && !/\.Unlock\(\)/.test(trimmed)) {
-          unsafeMutex++;
-          mutexLocations.push({ file: file.relativePath, line: i + 1 });
+          count++;
+          locations.push({ file: file.relativePath, line: i + 1 });
         }
       }
     }
   }
-  if (uncheckedErrors > 0) {
+  return { count, locations };
+}
+function analyzeGo(files) {
+  const findings = [];
+  const uncheckedErrors = detectGoUncheckedErrors(files);
+  const nakedGoroutines = detectGoNakedGoroutines(files);
+  const unsafeMutex = detectGoUnsafeMutex(files);
+  if (uncheckedErrors.count > 0) {
     findings.push({
       analyzerId: "language-specific",
-      severity: uncheckedErrors > 10 ? "error" : "warning",
+      severity: uncheckedErrors.count > 10 ? "error" : "warning",
       confidence: 0.7,
-      message: `${uncheckedErrors} potentially unchecked errors in Go code`,
-      locations: uncheckedLocations.slice(0, 10),
+      message: `${uncheckedErrors.count} potentially unchecked errors in Go code`,
+      locations: uncheckedErrors.locations.slice(0, 10),
       tags: ["go", "error-handling", "unchecked-error"]
     });
   }
-  if (nakedGoroutines > 0) {
+  if (nakedGoroutines.count > 0) {
     findings.push({
       analyzerId: "language-specific",
       severity: "warning",
       confidence: 0.6,
-      message: `${nakedGoroutines} goroutines launched without context \u2014 potential leak risk`,
-      locations: goroutineLocations.slice(0, 10),
+      message: `${nakedGoroutines.count} goroutines launched without context \u2014 potential leak risk`,
+      locations: nakedGoroutines.locations.slice(0, 10),
       tags: ["go", "goroutine", "leak"]
     });
   }
-  if (unsafeMutex > 0) {
+  if (unsafeMutex.count > 0) {
     findings.push({
       analyzerId: "language-specific",
       severity: "warning",
       confidence: 0.75,
-      message: `${unsafeMutex} mutex locks without defer Unlock \u2014 risk of deadlock`,
-      locations: mutexLocations.slice(0, 10),
+      message: `${unsafeMutex.count} mutex locks without defer Unlock \u2014 risk of deadlock`,
+      locations: unsafeMutex.locations.slice(0, 10),
       tags: ["go", "mutex", "concurrency"]
     });
   }
@@ -5069,39 +5277,34 @@ function buildProfile(file) {
   if (dataAccess.length === 0 && errorHandling.length === 0) return null;
   return { file: file.path, language: file.language, dataAccess, errorHandling, config, di };
 }
-function analyzePatternDistribution(profiles, patternNames) {
+function detectFilePattern(patterns) {
+  const fileCounts = /* @__PURE__ */ new Map();
+  for (const { pattern } of patterns) {
+    fileCounts.set(pattern, (fileCounts.get(pattern) ?? 0) + 1);
+  }
+  let primaryPattern = null;
+  let maxCount = 0;
+  for (const [pat, count] of fileCounts) {
+    if (count > maxCount) {
+      maxCount = count;
+      primaryPattern = pat;
+    }
+  }
+  return primaryPattern;
+}
+function buildPatternDistribution(profiles) {
   const counts = /* @__PURE__ */ new Map();
   for (const p of profiles) {
-    const fileCounts = /* @__PURE__ */ new Map();
-    for (const { pattern } of p.patterns) {
-      fileCounts.set(pattern, (fileCounts.get(pattern) ?? 0) + 1);
-    }
-    let primaryPattern = null;
-    let maxCount = 0;
-    for (const [pat, count] of fileCounts) {
-      if (count > maxCount) {
-        maxCount = count;
-        primaryPattern = pat;
-      }
-    }
+    const primaryPattern = detectFilePattern(p.patterns);
     if (!primaryPattern) continue;
     if (!counts.has(primaryPattern)) counts.set(primaryPattern, { count: 0, files: [] });
     const entry = counts.get(primaryPattern);
     entry.count++;
     entry.files.push(p.file);
   }
-  if (counts.size < 2) return null;
-  let dominant = null;
-  let dominantCount = 0;
-  for (const [pattern, data] of counts) {
-    if (data.count > dominantCount) {
-      dominantCount = data.count;
-      dominant = pattern;
-    }
-  }
-  if (!dominant) return null;
-  const totalFiles = profiles.length;
-  const consistencyScore = Math.round(dominantCount / totalFiles * 100);
+  return counts;
+}
+function collectDeviatingFiles(counts, dominant, profiles, patternNames) {
   const deviating = [];
   for (const [pattern, data] of counts) {
     if (pattern === dominant) continue;
@@ -5115,6 +5318,29 @@ function analyzePatternDistribution(profiles, patternNames) {
       });
     }
   }
+  return deviating;
+}
+function findDominantPattern(counts) {
+  let dominant = null;
+  let dominantCount = 0;
+  for (const [pattern, data] of counts) {
+    if (data.count > dominantCount) {
+      dominantCount = data.count;
+      dominant = pattern;
+    }
+  }
+  if (!dominant) return null;
+  return { dominant, dominantCount };
+}
+function analyzePatternDistribution(profiles, patternNames) {
+  const counts = buildPatternDistribution(profiles);
+  if (counts.size < 2) return null;
+  const result = findDominantPattern(counts);
+  if (!result) return null;
+  const { dominant, dominantCount } = result;
+  const totalFiles = profiles.length;
+  const consistencyScore = Math.round(dominantCount / totalFiles * 100);
+  const deviating = collectDeviatingFiles(counts, dominant, profiles, patternNames);
   if (deviating.length === 0) return null;
   return {
     detector: "architectural_consistency",
@@ -5216,13 +5442,25 @@ function classifyName(name) {
   if (/^[a-z][a-z0-9]*$/.test(name)) return "camelCase";
   return null;
 }
+function isIdiomaticGo(name, convention) {
+  if (convention === "PascalCase" && /^[A-Z]/.test(name)) return true;
+  if (/^(?:HTTP|URL|ID|JSON|XML|SQL|API|DNS|TCP|UDP|IP|TLS|SSH|EOF)/.test(name)) return true;
+  return false;
+}
+function isIdiomaticJsTs(name, convention, symbolType) {
+  if (symbolType === "class" && convention === "PascalCase") return true;
+  if (symbolType === "function" && convention === "PascalCase" && /^[A-Z]\w*$/.test(name)) return true;
+  return false;
+}
+function isIdiomaticPython(name, convention, symbolType) {
+  if (symbolType === "class" && convention === "PascalCase") return true;
+  if (name.startsWith("__") && name.endsWith("__")) return true;
+  return false;
+}
 function isIdiomatic(name, convention, symbolType, language) {
-  if (language === "go" && convention === "PascalCase" && /^[A-Z]/.test(name)) return true;
-  if (language === "go" && /^(?:HTTP|URL|ID|JSON|XML|SQL|API|DNS|TCP|UDP|IP|TLS|SSH|EOF)/.test(name)) return true;
-  if ((language === "javascript" || language === "typescript") && symbolType === "class" && convention === "PascalCase") return true;
-  if ((language === "javascript" || language === "typescript") && symbolType === "function" && convention === "PascalCase" && /^[A-Z]\w*$/.test(name)) return true;
-  if (language === "python" && symbolType === "class" && convention === "PascalCase") return true;
-  if (language === "python" && name.startsWith("__") && name.endsWith("__")) return true;
+  if (language === "go" && isIdiomaticGo(name, convention)) return true;
+  if ((language === "javascript" || language === "typescript") && isIdiomaticJsTs(name, convention, symbolType)) return true;
+  if (language === "python" && isIdiomaticPython(name, convention, symbolType)) return true;
   if (symbolType === "constant" && convention === "SCREAMING_SNAKE") return true;
   return false;
 }
@@ -5260,29 +5498,40 @@ function extractSymbols(file) {
   }
   return symbols;
 }
-function analyzeFileNaming(files) {
-  const fileNameConventions = /* @__PURE__ */ new Map();
-  for (const file of files) {
-    const basename2 = file.path.split("/").pop()?.replace(/\.[^.]+$/, "") ?? "";
-    if (basename2.length <= 1) continue;
-    if (/(?:test|spec|config|setup|__)/i.test(basename2)) continue;
-    const conv = classifyName(basename2);
-    if (!conv) continue;
-    if (!fileNameConventions.has(conv)) fileNameConventions.set(conv, []);
-    fileNameConventions.get(conv).push(file.path);
-  }
-  if (fileNameConventions.size < 2) return null;
+function classifyBaseName(filePath) {
+  const basename2 = filePath.split("/").pop()?.replace(/\.[^.]+$/, "") ?? "";
+  if (basename2.length <= 1) return null;
+  if (/(?:test|spec|config|setup|__)/i.test(basename2)) return null;
+  const convention = classifyName(basename2);
+  if (!convention) return null;
+  return { basename: basename2, convention };
+}
+function findDominantConvention(fileNameConventions) {
   let dominant = null;
   let maxCount = 0;
   let totalFiles = 0;
-  for (const [conv, files2] of fileNameConventions) {
-    totalFiles += files2.length;
-    if (files2.length > maxCount) {
-      maxCount = files2.length;
+  for (const [conv, files] of fileNameConventions) {
+    totalFiles += files.length;
+    if (files.length > maxCount) {
+      maxCount = files.length;
       dominant = conv;
     }
   }
   if (!dominant || maxCount === totalFiles) return null;
+  return { dominant, maxCount, totalFiles };
+}
+function analyzeFileNaming(files) {
+  const fileNameConventions = /* @__PURE__ */ new Map();
+  for (const file of files) {
+    const classified = classifyBaseName(file.path);
+    if (!classified) continue;
+    if (!fileNameConventions.has(classified.convention)) fileNameConventions.set(classified.convention, []);
+    fileNameConventions.get(classified.convention).push(file.path);
+  }
+  if (fileNameConventions.size < 2) return null;
+  const result = findDominantConvention(fileNameConventions);
+  if (!result) return null;
+  const { dominant, maxCount, totalFiles } = result;
   const deviating = [];
   for (const [conv, filePaths] of fileNameConventions) {
     if (conv === dominant) continue;
@@ -5306,6 +5555,68 @@ function analyzeFileNaming(files) {
     recommendation: `Standardize file names to ${dominant}. ${deviating.length} files use a different convention.`
   };
 }
+function collectDeviantFiles(convCounts, dominant) {
+  const fileDeviants = /* @__PURE__ */ new Map();
+  for (const [conv, syms] of convCounts) {
+    if (conv === dominant) continue;
+    for (const s of syms) {
+      if (!fileDeviants.has(s.file)) fileDeviants.set(s.file, []);
+      fileDeviants.get(s.file).push(s);
+    }
+  }
+  const deviatingFiles = [];
+  for (const [filePath, syms] of fileDeviants) {
+    const uniqueConventions = [...new Set(syms.map((s) => s.convention))];
+    deviatingFiles.push({
+      path: filePath,
+      detectedPattern: uniqueConventions.join(", "),
+      evidence: syms.slice(0, 3).map((s) => ({ line: s.line, code: s.name }))
+    });
+  }
+  return deviatingFiles;
+}
+function buildConventionFinding(type, dominant, maxCount, totalSymbols, deviatingFiles) {
+  const deviantCount = totalSymbols - maxCount;
+  const consistencyScore = Math.round(maxCount / totalSymbols * 100);
+  return {
+    detector: "naming_conventions",
+    subCategory: `${type}_names`,
+    driftCategory: "naming_conventions",
+    severity: deviatingFiles.length > 5 ? "error" : "warning",
+    confidence: 0.8,
+    finding: `${type} naming convention oscillates: ${maxCount} use ${dominant}, ${deviantCount} use other conventions \u2014 likely from different AI sessions`,
+    dominantPattern: dominant,
+    dominantCount: maxCount,
+    totalRelevantFiles: totalSymbols,
+    consistencyScore,
+    deviatingFiles: deviatingFiles.slice(0, 10),
+    recommendation: `${maxCount} of ${totalSymbols} ${type} names use ${dominant}. Standardize deviating names.`
+  };
+}
+function analyzeSymbolTypeConventions(type, typeSymbols) {
+  if (typeSymbols.length < 3) return null;
+  const convCounts = /* @__PURE__ */ new Map();
+  for (const s of typeSymbols) {
+    if (!convCounts.has(s.convention)) convCounts.set(s.convention, []);
+    convCounts.get(s.convention).push(s);
+  }
+  if (convCounts.size < 2) return null;
+  let dominant = null;
+  let maxCount = 0;
+  for (const [conv, syms] of convCounts) {
+    if (syms.length > maxCount) {
+      maxCount = syms.length;
+      dominant = conv;
+    }
+  }
+  if (!dominant) return null;
+  const totalSymbols = typeSymbols.length;
+  const deviantCount = totalSymbols - maxCount;
+  if (deviantCount < 3 || deviantCount / totalSymbols < 0.1) return null;
+  const deviatingFiles = collectDeviantFiles(convCounts, dominant);
+  if (deviatingFiles.length < 2) return null;
+  return buildConventionFinding(type, dominant, maxCount, totalSymbols, deviatingFiles);
+}
 var conventionOscillation = {
   id: "convention-oscillation",
   name: "Naming Convention Oscillation",
@@ -5320,62 +5631,8 @@ var conventionOscillation = {
     const symbolTypes = [...new Set(allSymbols.map((s) => s.symbolType))];
     for (const type of symbolTypes) {
       const typeSymbols = allSymbols.filter((s) => s.symbolType === type);
-      if (typeSymbols.length < 3) continue;
-      const convCounts = /* @__PURE__ */ new Map();
-      for (const s of typeSymbols) {
-        if (!convCounts.has(s.convention)) convCounts.set(s.convention, []);
-        convCounts.get(s.convention).push(s);
-      }
-      if (convCounts.size < 2) continue;
-      let dominant = null;
-      let maxCount = 0;
-      for (const [conv, syms] of convCounts) {
-        if (syms.length > maxCount) {
-          maxCount = syms.length;
-          dominant = conv;
-        }
-      }
-      if (!dominant) continue;
-      const totalSymbols = typeSymbols.length;
-      const consistencyScore = Math.round(maxCount / totalSymbols * 100);
-      const deviantCount = totalSymbols - maxCount;
-      if (deviantCount < 3 || deviantCount / totalSymbols < 0.1) continue;
-      const fileDeviants = /* @__PURE__ */ new Map();
-      for (const [conv, syms] of convCounts) {
-        if (conv === dominant) continue;
-        for (const s of syms) {
-          if (!fileDeviants.has(s.file)) fileDeviants.set(s.file, []);
-          fileDeviants.get(s.file).push(s);
-        }
-      }
-      const deviatingFiles = [];
-      for (const [filePath, syms] of fileDeviants) {
-        const uniqueConventions = [...new Set(syms.map((s) => s.convention))];
-        deviatingFiles.push({
-          path: filePath,
-          detectedPattern: uniqueConventions.join(", "),
-          evidence: syms.slice(0, 3).map((s) => ({ line: s.line, code: s.name }))
-        });
-      }
-      if (deviatingFiles.length < 2) continue;
-      const distribution = {};
-      for (const [conv, syms] of convCounts) {
-        distribution[conv] = syms.length;
-      }
-      findings.push({
-        detector: "naming_conventions",
-        subCategory: `${type}_names`,
-        driftCategory: "naming_conventions",
-        severity: deviatingFiles.length > 5 ? "error" : "warning",
-        confidence: 0.8,
-        finding: `${type} naming convention oscillates: ${maxCount} use ${dominant}, ${deviantCount} use other conventions \u2014 likely from different AI sessions`,
-        dominantPattern: dominant,
-        dominantCount: maxCount,
-        totalRelevantFiles: totalSymbols,
-        consistencyScore,
-        deviatingFiles: deviatingFiles.slice(0, 10),
-        recommendation: `${maxCount} of ${totalSymbols} ${type} names use ${dominant}. Standardize deviating names.`
-      });
+      const finding = analyzeSymbolTypeConventions(type, typeSymbols);
+      if (finding) findings.push(finding);
     }
     const fileNaming = analyzeFileNaming(ctx.files);
     if (fileNaming) findings.push(fileNaming);
@@ -5590,33 +5847,48 @@ function isInterfaceImplPair(a, b) {
   const bIsInterface = /(?:interface|store|contract|abstract|base|types)\./i.test(b.file) || b.bodyTokenCount < 10;
   return aIsInterface && !bIsInterface || !aIsInterface && bIsInterface;
 }
-function areSemanticallySimlar(a, b) {
+function isConventionalName(name) {
+  return CONVENTION_NAMES.has(name.toLowerCase());
+}
+function areStructurallySimilar(a, b) {
   if (a.domainCategory !== b.domainCategory || a.domainCategory === "general") return false;
   if (a.file === b.file) return false;
   if (Math.abs(a.paramCount - b.paramCount) > 1) return false;
   const sizeRatio = Math.min(a.bodyTokenCount, b.bodyTokenCount) / Math.max(a.bodyTokenCount, b.bodyTokenCount);
-  if (sizeRatio < 0.4) return false;
-  const nameA = a.name.toLowerCase();
-  const nameB = b.name.toLowerCase();
-  if (CONVENTION_NAMES.has(nameA) || CONVENTION_NAMES.has(nameB)) return false;
-  if (nameA === nameB && /(?:handler|controller|resource|api)/i.test(a.file) && /(?:handler|controller|resource|api)/i.test(b.file)) {
-    if (["list", "get", "create", "update", "delete", "find", "search"].includes(nameA)) return false;
-  }
-  if (nameA === nameB && isInterfaceImplPair(a, b)) return false;
+  return sizeRatio >= 0.4;
+}
+function areNamesSimilar(nameA, nameB, hashA, hashB, tokenCountA) {
+  if (nameA === nameB) return true;
+  if (nameA.length >= 6 && nameB.length >= 6 && levenshtein(nameA, nameB) <= 3) return true;
+  if (hashA === hashB && tokenCountA > 20) return true;
+  return false;
+}
+function isLayerPair(a, b) {
   const aIsRepo = /(?:repository|repo|store|postgres|mysql|mongo|dal)/i.test(a.file);
   const bIsRepo = /(?:repository|repo|store|postgres|mysql|mongo|dal)/i.test(b.file);
   const aIsHandler = /(?:handler|controller|route|endpoint|api)/i.test(a.file);
   const bIsHandler = /(?:handler|controller|route|endpoint|api)/i.test(b.file);
-  if (aIsHandler && bIsRepo || aIsRepo && bIsHandler) return false;
+  if (aIsHandler && bIsRepo || aIsRepo && bIsHandler) return true;
+  const nameA = a.name.toLowerCase();
+  const nameB = b.name.toLowerCase();
   if (nameA === nameB && a.paramCount === b.paramCount) {
-    if (aIsHandler && bIsHandler) return false;
-    if (aIsRepo && bIsRepo) return false;
+    if (aIsHandler && bIsHandler) return true;
+    if (aIsRepo && bIsRepo) return true;
   }
-  if (nameA === nameB) return true;
-  if (nameA.length >= 6 && nameB.length >= 6 && levenshtein(nameA, nameB) <= 3) return true;
-  if (a.bodyHash === b.bodyHash && a.bodyTokenCount > 20) return true;
   return false;
 }
+function areSemanticallySimlar(a, b) {
+  if (!areStructurallySimilar(a, b)) return false;
+  const nameA = a.name.toLowerCase();
+  const nameB = b.name.toLowerCase();
+  if (isConventionalName(nameA) || isConventionalName(nameB)) return false;
+  if (nameA === nameB && /(?:handler|controller|resource|api)/i.test(a.file) && /(?:handler|controller|resource|api)/i.test(b.file)) {
+    if (["list", "get", "create", "update", "delete", "find", "search"].includes(nameA)) return false;
+  }
+  if (nameA === nameB && isInterfaceImplPair(a, b)) return false;
+  if (isLayerPair(a, b)) return false;
+  return areNamesSimilar(nameA, nameB, a.bodyHash, b.bodyHash, a.bodyTokenCount);
+}
 function levenshtein(a, b) {
   const m = a.length, n = b.length;
   if (m === 0) return n;
@@ -5848,131 +6120,155 @@ function buildUsageGraph(files) {
   }
   return usage;
 }
-var phantomScaffolding = {
-  id: "phantom-scaffolding",
-  name: "Phantom Scaffolding",
-  category: "phantom_scaffolding",
-  detect(ctx) {
-    const findings = [];
-    const allExports = [];
-    const allRoutes = [];
-    for (const file of ctx.files) {
-      allExports.push(...extractExportedFunctions(file));
-      allRoutes.push(...extractRouteRegistrations(file));
-    }
-    if (allExports.length < 3) return findings;
-    const usage = buildUsageGraph(ctx.files);
-    const handlerFiles = /* @__PURE__ */ new Map();
-    for (const exp of allExports) {
-      if (exp.crudType === "other") continue;
-      if (!handlerFiles.has(exp.file)) handlerFiles.set(exp.file, []);
-      handlerFiles.get(exp.file).push(exp);
-    }
-    for (const [filePath, functions] of handlerFiles) {
-      const crudFunctions = functions.filter((f) => f.crudType !== "other");
-      if (crudFunctions.length < 2) continue;
-      const usedFunctions = [];
-      const unusedFunctions = [];
-      for (const fn of crudFunctions) {
-        const references = usage.get(fn.name);
-        const usedExternally = references && [...references].some((f) => f !== filePath);
-        const isRouted = allRoutes.some(
-          (r) => r.handlerName.includes(fn.name) || r.handlerName.endsWith("." + fn.name)
-        );
-        if (usedExternally || isRouted) {
-          usedFunctions.push(fn);
-        } else {
-          unusedFunctions.push(fn);
-        }
-      }
-      if (unusedFunctions.length >= 2 && usedFunctions.length >= 1) {
-        const usedTypes = usedFunctions.map((f) => f.crudType);
-        const unusedTypes = unusedFunctions.map((f) => f.crudType);
-        const isScaffoldingPattern = usedTypes.some((t) => t === "read" || t === "list") && unusedTypes.some((t) => t === "create" || t === "update" || t === "delete");
-        findings.push({
-          detector: "phantom_scaffolding",
-          driftCategory: "phantom_scaffolding",
-          severity: isScaffoldingPattern ? "warning" : "info",
-          confidence: isScaffoldingPattern ? 0.8 : 0.6,
-          finding: `CRUD scaffolding detected in ${filePath} \u2014 ${usedFunctions.length} functions used, ${unusedFunctions.length} appear unused`,
-          dominantPattern: "used CRUD operations",
-          dominantCount: usedFunctions.length,
-          totalRelevantFiles: usedFunctions.length + unusedFunctions.length,
-          consistencyScore: Math.round(usedFunctions.length / (usedFunctions.length + unusedFunctions.length) * 100),
-          deviatingFiles: [{
-            path: filePath,
-            detectedPattern: `unused: ${unusedFunctions.map((f) => f.name).join(", ")}`,
-            evidence: unusedFunctions.slice(0, 5).map((f) => ({
-              line: f.line,
-              code: `${f.name} (${f.crudType}) \u2014 defined but not routed or imported`
-            }))
-          }],
-          recommendation: `${unusedFunctions.map((f) => f.name).join(", ")} are defined in ${filePath.split("/").pop()} but never registered in routes or called externally. This looks like AI-generated CRUD scaffolding \u2014 remove unused handlers or wire them to routes.`
-        });
-      }
-    }
-    const typeDefinitions = [];
-    const goMethodReceivers = /* @__PURE__ */ new Set();
-    for (const file of ctx.files) {
-      if (file.language !== "go") continue;
-      const receiverPattern = /func\s+\(\s*\w+\s+\*?(\w+)\s*\)/g;
-      let m;
-      while ((m = receiverPattern.exec(file.content)) !== null) {
-        goMethodReceivers.add(m[1]);
-      }
+function isReferencedExternally(name, usage, currentFile, allRoutes) {
+  const references = usage.get(name);
+  const usedExternally = references && [...references].some((f) => f !== currentFile);
+  const isRouted = allRoutes.some(
+    (r) => r.handlerName.includes(name) || r.handlerName.endsWith("." + name)
+  );
+  return !!(usedExternally || isRouted);
+}
+function detectScaffoldingPattern(filePath, crudFunctions, usage, allRoutes) {
+  const usedFunctions = [];
+  const unusedFunctions = [];
+  for (const fn of crudFunctions) {
+    if (isReferencedExternally(fn.name, usage, filePath, allRoutes)) {
+      usedFunctions.push(fn);
+    } else {
+      unusedFunctions.push(fn);
     }
-    for (const file of ctx.files) {
-      if (!file.language) continue;
-      const lines = file.content.split("\n");
-      for (let i = 0; i < lines.length; i++) {
-        const line = lines[i];
-        let typeName = null;
-        if (file.language === "go") {
-          const m = line.match(/^type\s+([A-Z]\w+)\s+struct\b/);
-          if (m) typeName = m[1];
-        } else if (file.language === "javascript" || file.language === "typescript") {
-          const m = line.match(/export\s+(?:interface|type|class)\s+(\w+)/);
-          if (m) typeName = m[1];
-        }
-        if (!typeName) continue;
-        if (file.language === "go" && goMethodReceivers.has(typeName)) continue;
-        if (/(?:Request|Response|Params|Config|Options|Input|Output|Payload|Body|DTO)$/i.test(typeName)) continue;
-        typeDefinitions.push({ name: typeName, file: file.path, line: i + 1 });
-      }
+  }
+  if (unusedFunctions.length < 2 || usedFunctions.length < 1) return null;
+  const usedTypes = usedFunctions.map((f) => f.crudType);
+  const unusedTypes = unusedFunctions.map((f) => f.crudType);
+  const isScaffoldingLike = usedTypes.some((t) => t === "read" || t === "list") && unusedTypes.some((t) => t === "create" || t === "update" || t === "delete");
+  return {
+    detector: "phantom_scaffolding",
+    driftCategory: "phantom_scaffolding",
+    severity: isScaffoldingLike ? "warning" : "info",
+    confidence: isScaffoldingLike ? 0.8 : 0.6,
+    finding: `CRUD scaffolding detected in ${filePath} \u2014 ${usedFunctions.length} functions used, ${unusedFunctions.length} appear unused`,
+    dominantPattern: "used CRUD operations",
+    dominantCount: usedFunctions.length,
+    totalRelevantFiles: usedFunctions.length + unusedFunctions.length,
+    consistencyScore: Math.round(usedFunctions.length / (usedFunctions.length + unusedFunctions.length) * 100),
+    deviatingFiles: [{
+      path: filePath,
+      detectedPattern: `unused: ${unusedFunctions.map((f) => f.name).join(", ")}`,
+      evidence: unusedFunctions.slice(0, 5).map((f) => ({
+        line: f.line,
+        code: `${f.name} (${f.crudType}) \u2014 defined but not routed or imported`
+      }))
+    }],
+    recommendation: `${unusedFunctions.map((f) => f.name).join(", ")} are defined in ${filePath.split("/").pop()} but never registered in routes or called externally. This looks like AI-generated CRUD scaffolding \u2014 remove unused handlers or wire them to routes.`
+  };
+}
+function detectUnroutedHandlers(allExports, allRoutes, usage) {
+  const findings = [];
+  const handlerFiles = /* @__PURE__ */ new Map();
+  for (const exp of allExports) {
+    if (exp.crudType === "other") continue;
+    if (!handlerFiles.has(exp.file)) handlerFiles.set(exp.file, []);
+    handlerFiles.get(exp.file).push(exp);
+  }
+  for (const [filePath, functions] of handlerFiles) {
+    const crudFunctions = functions.filter((f) => f.crudType !== "other");
+    if (crudFunctions.length < 2) continue;
+    const finding = detectScaffoldingPattern(filePath, crudFunctions, usage, allRoutes);
+    if (finding) findings.push(finding);
+  }
+  return findings;
+}
+function extractTypeDefinitions(files) {
+  const typeDefinitions = [];
+  const goMethodReceivers = /* @__PURE__ */ new Set();
+  for (const file of files) {
+    if (file.language !== "go") continue;
+    const receiverPattern = /func\s+\(\s*\w+\s+\*?(\w+)\s*\)/g;
+    let m;
+    while ((m = receiverPattern.exec(file.content)) !== null) {
+      goMethodReceivers.add(m[1]);
     }
-    const unusedTypesByFile = /* @__PURE__ */ new Map();
-    for (const td of typeDefinitions) {
-      const refs = usage.get(td.name);
-      const usedExternally = refs && [...refs].some((f) => f !== td.file);
-      if (!usedExternally) {
-        if (!unusedTypesByFile.has(td.file)) unusedTypesByFile.set(td.file, []);
-        unusedTypesByFile.get(td.file).push(td);
+  }
+  for (const file of files) {
+    if (!file.language) continue;
+    const lines = file.content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      let typeName = null;
+      if (file.language === "go") {
+        const m = line.match(/^type\s+([A-Z]\w+)\s+struct\b/);
+        if (m) typeName = m[1];
+      } else if (file.language === "javascript" || file.language === "typescript") {
+        const m = line.match(/export\s+(?:interface|type|class)\s+(\w+)/);
+        if (m) typeName = m[1];
       }
+      if (!typeName) continue;
+      if (file.language === "go" && goMethodReceivers.has(typeName)) continue;
+      if (/(?:Request|Response|Params|Config|Options|Input|Output|Payload|Body|DTO)$/i.test(typeName)) continue;
+      typeDefinitions.push({ name: typeName, file: file.path, line: i + 1 });
     }
-    for (const [filePath, unusedTypes] of unusedTypesByFile) {
-      if (unusedTypes.length < 3) continue;
-      findings.push({
-        detector: "phantom_scaffolding",
-        subCategory: "unused_types",
-        driftCategory: "phantom_scaffolding",
-        severity: "info",
-        confidence: 0.55,
-        finding: `${unusedTypes.length} types/structs in ${filePath} appear unused outside their file`,
-        dominantPattern: "used types",
-        dominantCount: typeDefinitions.length - unusedTypes.length,
-        totalRelevantFiles: typeDefinitions.length,
-        consistencyScore: Math.round((typeDefinitions.length - unusedTypes.length) / typeDefinitions.length * 100),
-        deviatingFiles: [{
-          path: filePath,
-          detectedPattern: `unused types: ${unusedTypes.map((t) => t.name).join(", ")}`,
-          evidence: unusedTypes.slice(0, 5).map((t) => ({
-            line: t.line,
-            code: `type ${t.name} \u2014 defined but never imported`
-          }))
-        }],
-        recommendation: `${unusedTypes.length} types in ${filePath.split("/").pop()} are never used outside their file. They may be AI-generated scaffolding that was never needed.`
-      });
+  }
+  return typeDefinitions;
+}
+function findUnusedTypes(typeDefinitions, usage) {
+  const unusedTypesByFile = /* @__PURE__ */ new Map();
+  for (const td of typeDefinitions) {
+    const refs = usage.get(td.name);
+    const usedExternally = refs && [...refs].some((f) => f !== td.file);
+    if (!usedExternally) {
+      if (!unusedTypesByFile.has(td.file)) unusedTypesByFile.set(td.file, []);
+      unusedTypesByFile.get(td.file).push(td);
+    }
+  }
+  return unusedTypesByFile;
+}
+function detectUnusedTypeScaffolding(files, usage) {
+  const findings = [];
+  const typeDefinitions = extractTypeDefinitions(files);
+  const unusedTypesByFile = findUnusedTypes(typeDefinitions, usage);
+  for (const [filePath, unusedTypes] of unusedTypesByFile) {
+    if (unusedTypes.length < 3) continue;
+    findings.push({
+      detector: "phantom_scaffolding",
+      subCategory: "unused_types",
+      driftCategory: "phantom_scaffolding",
+      severity: "info",
+      confidence: 0.55,
+      finding: `${unusedTypes.length} types/structs in ${filePath} appear unused outside their file`,
+      dominantPattern: "used types",
+      dominantCount: typeDefinitions.length - unusedTypes.length,
+      totalRelevantFiles: typeDefinitions.length,
+      consistencyScore: Math.round((typeDefinitions.length - unusedTypes.length) / typeDefinitions.length * 100),
+      deviatingFiles: [{
+        path: filePath,
+        detectedPattern: `unused types: ${unusedTypes.map((t) => t.name).join(", ")}`,
+        evidence: unusedTypes.slice(0, 5).map((t) => ({
+          line: t.line,
+          code: `type ${t.name} \u2014 defined but never imported`
+        }))
+      }],
+      recommendation: `${unusedTypes.length} types in ${filePath.split("/").pop()} are never used outside their file. They may be AI-generated scaffolding that was never needed.`
+    });
+  }
+  return findings;
+}
+var phantomScaffolding = {
+  id: "phantom-scaffolding",
+  name: "Phantom Scaffolding",
+  category: "phantom_scaffolding",
+  detect(ctx) {
+    const allExports = [];
+    const allRoutes = [];
+    for (const file of ctx.files) {
+      allExports.push(...extractExportedFunctions(file));
+      allRoutes.push(...extractRouteRegistrations(file));
     }
+    if (allExports.length < 3) return [];
+    const usage = buildUsageGraph(ctx.files);
+    const findings = [];
+    findings.push(...detectUnroutedHandlers(allExports, allRoutes, usage));
+    findings.push(...detectUnusedTypeScaffolding(ctx.files, usage));
     return findings;
   }
 };
@@ -6373,25 +6669,8 @@ function scoreColorFn(score, max) {
   if (ratio >= 0.5) return chalk.yellow;
   return chalk.red;
 }
-function renderTerminalOutput(result) {
+function renderFindingsList(result) {
   const lines = [];
-  const banner = `  VibeDrift v${getVersion()}  `;
-  const border = "\u2500".repeat(banner.length);
-  lines.push(chalk.cyan(`\u256D${border}\u256E`));
-  lines.push(chalk.cyan(`\u2502${banner}\u2502`));
-  lines.push(chalk.cyan(`\u2570${border}\u256F`));
-  lines.push("");
-  const langCounts = /* @__PURE__ */ new Map();
-  for (const f of result.context.files) {
-    if (f.language) {
-      const label = getLanguageDisplayName(f.language);
-      langCounts.set(label, (langCounts.get(label) ?? 0) + 1);
-    }
-  }
-  const langStr = [...langCounts.entries()].map(([l, c]) => `${l}: ${c}`).join(", ");
-  lines.push(chalk.dim(`Scanning: ${result.context.rootDir}`));
-  lines.push(chalk.dim(`Files: ${result.context.files.length} (${langStr}) | Lines: ${result.context.totalLines.toLocaleString()} | Time: ${(result.scanTimeMs / 1e3).toFixed(1)}s`));
-  lines.push("");
   for (const cat of ALL_CATEGORIES) {
     const config = CATEGORY_CONFIG[cat];
     const s = result.scores[cat];
@@ -6425,6 +6704,10 @@ function renderTerminalOutput(result) {
     }
     lines.push("");
   }
+  return lines;
+}
+function renderCategoryBars(result) {
+  const lines = [];
   lines.push(chalk.bold("\u2500\u2500 Vibe Debt Score \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
   for (const cat of ALL_CATEGORIES) {
     const config = CATEGORY_CONFIG[cat];
@@ -6448,6 +6731,35 @@ function renderTerminalOutput(result) {
   const totalColor = scoreColorFn(result.compositeScore, result.maxCompositeScore);
   lines.push(`  ${padRight("Total Score:", 28)} ${totalColor(`${result.compositeScore.toFixed(0)}/${result.maxCompositeScore}`)}`);
   lines.push("");
+  return lines;
+}
+function renderScoreSection(result) {
+  const lines = [];
+  const banner = `  VibeDrift v${getVersion()}  `;
+  const border = "\u2500".repeat(banner.length);
+  lines.push(chalk.cyan(`\u256D${border}\u256E`));
+  lines.push(chalk.cyan(`\u2502${banner}\u2502`));
+  lines.push(chalk.cyan(`\u2570${border}\u256F`));
+  lines.push("");
+  const langCounts = /* @__PURE__ */ new Map();
+  for (const f of result.context.files) {
+    if (f.language) {
+      const label = getLanguageDisplayName(f.language);
+      langCounts.set(label, (langCounts.get(label) ?? 0) + 1);
+    }
+  }
+  const langStr = [...langCounts.entries()].map(([l, c]) => `${l}: ${c}`).join(", ");
+  lines.push(chalk.dim(`Scanning: ${result.context.rootDir}`));
+  lines.push(chalk.dim(`Files: ${result.context.files.length} (${langStr}) | Lines: ${result.context.totalLines.toLocaleString()} | Time: ${(result.scanTimeMs / 1e3).toFixed(1)}s`));
+  lines.push("");
+  return lines;
+}
+function renderTerminalOutput(result) {
+  const lines = [
+    ...renderScoreSection(result),
+    ...renderFindingsList(result),
+    ...renderCategoryBars(result)
+  ];
   if (result.deepInsights.length > 0) {
     lines.push(chalk.bold("\u2500\u2500 Deep Analysis (AI-Powered) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
     for (const insight of result.deepInsights.slice(0, 10)) {
@@ -6581,8 +6893,7 @@ function extractIntentPatterns(result) {
   }
   return patterns;
 }
-function buildFileCoherence(result) {
-  const entries = [...result.perFileScores.entries()];
+function buildDriftFileMap(result) {
   const driftFiles = /* @__PURE__ */ new Map();
   for (const d of result.driftFindings ?? []) {
     for (const df of d.deviatingFiles) {
@@ -6591,6 +6902,9 @@ function buildFileCoherence(result) {
       driftFiles.get(df.path).push({ category: catKey, pattern: df.detectedPattern });
     }
   }
+  return driftFiles;
+}
+function buildCategorySet(result) {
   const subCatNames = {
     data_access: "Data Access",
     error_handling: "Error Handling",
@@ -6611,9 +6925,12 @@ function buildFileCoherence(result) {
       catSet.set(d.driftCategory, baseCatNames[d.driftCategory]);
     }
   }
-  const dna = result.codeDnaResult;
-  let projectDominantPattern = "";
+  return catSet;
+}
+function buildCodeDnaPatternData(result) {
   const filePatternMap = /* @__PURE__ */ new Map();
+  let projectDominantPattern = "";
+  const dna = result.codeDnaResult;
   if (dna?.patternDistributions?.length > 0) {
     const patternCounts = /* @__PURE__ */ new Map();
     for (const pd of dna.patternDistributions) {
@@ -6629,9 +6946,16 @@ function buildFileCoherence(result) {
         projectDominantPattern = p;
       }
     }
-    if (projectDominantPattern) {
-      catSet.set("codedna_architecture", "Architecture");
-    }
+  }
+  return { projectDominantPattern, filePatternMap };
+}
+function buildFileCoherence(result) {
+  const entries = [...result.perFileScores.entries()];
+  const driftFiles = buildDriftFileMap(result);
+  const catSet = buildCategorySet(result);
+  const { projectDominantPattern, filePatternMap } = buildCodeDnaPatternData(result);
+  if (projectDominantPattern) {
+    catSet.set("codedna_architecture", "Architecture");
   }
   const categories = [...catSet.values()];
   const catKeys = [...catSet.keys()];
@@ -6704,9 +7028,7 @@ function buildCoherenceMatrix(files) {
   const colHeaders = categories.map(
     (c) => `<th style="padding:6px 12px;font-size:11px;color:var(--text-tertiary);text-transform:uppercase;letter-spacing:0.5px;text-align:center;font-weight:600">${esc(c)}</th>`
   ).join("");
-  function fileRow(f, open) {
-    const pctColor = f.alignmentPct >= 100 ? "var(--intent-green)" : f.alignmentPct >= 50 ? "var(--drift-amber)" : "var(--drift-red)";
-    const bgTint = f.alignmentPct < 50 ? "var(--tint-red)" : f.alignmentPct < 100 ? "var(--tint-amber)" : "transparent";
+  function buildAlignmentCells(f) {
     const deviations = [];
     const cells = f.alignments.map((a) => {
       if (a.matches) return `<td style="text-align:center;padding:6px 12px;color:var(--intent-green);font-size:14px">&#9679;</td>`;
@@ -6714,7 +7036,16 @@ function buildCoherenceMatrix(files) {
       deviations.push(`${a.category}: ${a.actual ?? "deviates"}`);
       return `<td style="text-align:center;padding:6px 12px;color:${devColor};font-size:13px" data-tooltip="${esc(a.actual ?? "deviates")}">&#9670;</td>`;
     }).join("");
-    const summary = deviations.length > 0 ? `<td style="padding:6px 12px;font-size:11px;color:var(--text-secondary);max-width:250px">${deviations.map((d) => esc(d)).join("; ")}</td>` : `<td style="padding:6px 12px;font-size:11px;color:var(--intent-green)">Fully aligned</td>`;
+    return { cells, deviations };
+  }
+  function buildDeviationSummary(deviations) {
+    return deviations.length > 0 ? `<td style="padding:6px 12px;font-size:11px;color:var(--text-secondary);max-width:250px">${deviations.map((d) => esc(d)).join("; ")}</td>` : `<td style="padding:6px 12px;font-size:11px;color:var(--intent-green)">Fully aligned</td>`;
+  }
+  function fileRow(f, open) {
+    const pctColor = f.alignmentPct >= 100 ? "var(--intent-green)" : f.alignmentPct >= 50 ? "var(--drift-amber)" : "var(--drift-red)";
+    const bgTint = f.alignmentPct < 50 ? "var(--tint-red)" : f.alignmentPct < 100 ? "var(--tint-amber)" : "transparent";
+    const { cells, deviations } = buildAlignmentCells(f);
+    const summary = buildDeviationSummary(deviations);
     return `<tr style="background:${bgTint}" id="file-${esc(f.path.replace(/[^a-zA-Z0-9]/g, "-"))}">
       <td class="mono" style="padding:6px 12px;font-size:12px;color:var(--text-secondary);white-space:nowrap;max-width:280px;overflow:hidden;text-overflow:ellipsis" data-scroll-to="rank-${esc(f.path.replace(/[^a-zA-Z0-9]/g, "-"))}">${esc(f.path)}</td>
       ${cells}
@@ -6977,6 +7308,66 @@ function buildFixFirst(result) {
   ${cards}
 </section>`;
 }
+function buildDeviatingBlocks(d) {
+  const isConvention = d.driftCategory === "naming_conventions";
+  const devByPattern = /* @__PURE__ */ new Map();
+  for (const df of d.deviatingFiles) {
+    const key = df.detectedPattern;
+    if (!devByPattern.has(key)) devByPattern.set(key, []);
+    devByPattern.get(key).push(df);
+  }
+  if (isConvention && d.deviatingFiles.length > 4) {
+    return [...devByPattern.entries()].map(([pattern, files]) => {
+      const fileList = files.map((df) => esc(df.path)).join("</div><div style='padding:1px 0'>");
+      const collapseId = `conv-${pattern.replace(/[^a-zA-Z0-9]/g, "-")}-${Math.random().toString(36).slice(2, 6)}`;
+      return `<div style="background:var(--tint-orange);border-left:3px solid var(--drift-orange);border-radius:0;padding:12px 16px;margin:8px 0">
+        <div class="label" style="color:var(--drift-orange);margin-bottom:4px">DRIFT &mdash; ${esc(pattern)} &mdash; ${files.length} files</div>
+        <div style="cursor:pointer;font-size:12px;color:var(--text-secondary);margin-top:6px" data-collapse="${collapseId}">&#9654; Show ${files.length} files</div>
+        <div id="${collapseId}" style="display:none;padding:6px 0" class="mono" style="font-size:12px;color:var(--text-secondary)"><div style="padding:1px 0">${fileList}</div></div>
+      </div>`;
+    }).join("");
+  }
+  return d.deviatingFiles.slice(0, 4).map((df) => {
+    const evidence = df.evidence.slice(0, 3).map(
+      (e) => `<div style="background:var(--bg-code);padding:6px 12px;border-radius:0;margin:4px 0;overflow-x:auto" class="mono"><span style="color:var(--text-tertiary);margin-right:12px;user-select:none">${e.line}</span>${esc(e.code.slice(0, 120))}</div>`
+    ).join("");
+    return `<div style="background:var(--tint-orange);border-left:3px solid var(--drift-orange);border-radius:0;padding:12px 16px;margin:8px 0">
+      <div class="label" style="color:var(--drift-orange);margin-bottom:4px">DRIFT &mdash; ${esc(df.detectedPattern)}</div>
+      <div class="mono" style="font-size:12px;color:var(--text-secondary);margin-bottom:6px">${esc(df.path)}</div>
+      ${evidence}
+    </div>`;
+  }).join("");
+}
+function buildDriftRecommendation(d) {
+  let recText = d.recommendation ?? "";
+  if (recText && d.deviatingFiles.length > 0) {
+    const firstDev = d.deviatingFiles[0];
+    const firstEvidence = firstDev.evidence?.[0];
+    if (recText.includes("Migrate deviating files") || recText.includes("Standardize deviating")) {
+      const fileList = d.deviatingFiles.slice(0, 3).map((f) => f.path.split("/").pop()).join(", ");
+      recText = `In ${fileList}${d.deviatingFiles.length > 3 ? ` (+${d.deviatingFiles.length - 3} more)` : ""}: replace ${firstDev.detectedPattern} with the dominant ${d.dominantPattern} pattern (used by ${d.dominantCount}/${d.totalRelevantFiles} files).`;
+      if (firstEvidence) {
+        recText += ` Example: ${firstDev.path.split("/").pop()}:${firstEvidence.line} currently uses ${firstDev.detectedPattern}.`;
+      }
+    }
+  }
+  return recText;
+}
+function buildDistributionBar(d) {
+  const domPct = d.totalRelevantFiles > 0 ? Math.round(d.dominantCount / d.totalRelevantFiles * 100) : 0;
+  const devPct = 100 - domPct;
+  return `<div style="margin:12px 0">
+    <div style="display:flex;height:6px;border-radius:0;overflow:hidden;gap:2px">
+      <div style="width:${domPct}%;background:var(--intent-green);border-radius:0"></div>
+      <div style="width:${devPct}%;background:var(--drift-orange);border-radius:0"></div>
+    </div>
+    <div style="display:flex;gap:16px;margin-top:4px;font-size:11px;color:var(--text-tertiary)">
+      <span>${esc(d.dominantPattern)} (${d.dominantCount})</span>
+      <span>Deviating (${d.totalRelevantFiles - d.dominantCount})</span>
+      <span style="margin-left:auto">${d.consistencyScore}% consistent</span>
+    </div>
+  </div>`;
+}
 function buildDriftFindings(result) {
   const driftCats = ["architectural_consistency", "security_posture", "semantic_duplication", "naming_conventions", "phantom_scaffolding"];
   const catLabels = {
@@ -7000,61 +7391,9 @@ function buildDriftFindings(result) {
       const domBlock = `<div style="background:var(--tint-green);border-left:3px solid var(--intent-green);border-radius:0;padding:12px 16px;margin:8px 0">
         <div class="label" style="color:var(--intent-green);margin-bottom:6px">INTENT (DOMINANT) &mdash; ${esc(d.dominantPattern)} &mdash; ${d.dominantCount} files${closeSplitNote}</div>
       </div>`;
-      const isConvention = d.driftCategory === "naming_conventions";
-      const devByPattern = /* @__PURE__ */ new Map();
-      for (const df of d.deviatingFiles) {
-        const key = df.detectedPattern;
-        if (!devByPattern.has(key)) devByPattern.set(key, []);
-        devByPattern.get(key).push(df);
-      }
-      let devBlocks;
-      if (isConvention && d.deviatingFiles.length > 4) {
-        devBlocks = [...devByPattern.entries()].map(([pattern, files]) => {
-          const fileList = files.map((df) => esc(df.path)).join("</div><div style='padding:1px 0'>");
-          const collapseId = `conv-${pattern.replace(/[^a-zA-Z0-9]/g, "-")}-${Math.random().toString(36).slice(2, 6)}`;
-          return `<div style="background:var(--tint-orange);border-left:3px solid var(--drift-orange);border-radius:0;padding:12px 16px;margin:8px 0">
-            <div class="label" style="color:var(--drift-orange);margin-bottom:4px">DRIFT &mdash; ${esc(pattern)} &mdash; ${files.length} files</div>
-            <div style="cursor:pointer;font-size:12px;color:var(--text-secondary);margin-top:6px" data-collapse="${collapseId}">&#9654; Show ${files.length} files</div>
-            <div id="${collapseId}" style="display:none;padding:6px 0" class="mono" style="font-size:12px;color:var(--text-secondary)"><div style="padding:1px 0">${fileList}</div></div>
-          </div>`;
-        }).join("");
-      } else {
-        devBlocks = d.deviatingFiles.slice(0, 4).map((df) => {
-          const evidence = df.evidence.slice(0, 3).map(
-            (e) => `<div style="background:var(--bg-code);padding:6px 12px;border-radius:0;margin:4px 0;overflow-x:auto" class="mono"><span style="color:var(--text-tertiary);margin-right:12px;user-select:none">${e.line}</span>${esc(e.code.slice(0, 120))}</div>`
-          ).join("");
-          return `<div style="background:var(--tint-orange);border-left:3px solid var(--drift-orange);border-radius:0;padding:12px 16px;margin:8px 0">
-            <div class="label" style="color:var(--drift-orange);margin-bottom:4px">DRIFT &mdash; ${esc(df.detectedPattern)}</div>
-            <div class="mono" style="font-size:12px;color:var(--text-secondary);margin-bottom:6px">${esc(df.path)}</div>
-            ${evidence}
-          </div>`;
-        }).join("");
-      }
-      const domPct = d.totalRelevantFiles > 0 ? Math.round(d.dominantCount / d.totalRelevantFiles * 100) : 0;
-      const devPct = 100 - domPct;
-      const distBar = `<div style="margin:12px 0">
-        <div style="display:flex;height:6px;border-radius:0;overflow:hidden;gap:2px">
-          <div style="width:${domPct}%;background:var(--intent-green);border-radius:0"></div>
-          <div style="width:${devPct}%;background:var(--drift-orange);border-radius:0"></div>
-        </div>
-        <div style="display:flex;gap:16px;margin-top:4px;font-size:11px;color:var(--text-tertiary)">
-          <span>${esc(d.dominantPattern)} (${d.dominantCount})</span>
-          <span>Deviating (${d.totalRelevantFiles - d.dominantCount})</span>
-          <span style="margin-left:auto">${d.consistencyScore}% consistent</span>
-        </div>
-      </div>`;
-      let recText = d.recommendation ?? "";
-      if (recText && d.deviatingFiles.length > 0) {
-        const firstDev = d.deviatingFiles[0];
-        const firstEvidence = firstDev.evidence?.[0];
-        if (recText.includes("Migrate deviating files") || recText.includes("Standardize deviating")) {
-          const fileList = d.deviatingFiles.slice(0, 3).map((f) => f.path.split("/").pop()).join(", ");
-          recText = `In ${fileList}${d.deviatingFiles.length > 3 ? ` (+${d.deviatingFiles.length - 3} more)` : ""}: replace ${firstDev.detectedPattern} with the dominant ${d.dominantPattern} pattern (used by ${d.dominantCount}/${d.totalRelevantFiles} files).`;
-          if (firstEvidence) {
-            recText += ` Example: ${firstDev.path.split("/").pop()}:${firstEvidence.line} currently uses ${firstDev.detectedPattern}.`;
-          }
-        }
-      }
+      const devBlocks = buildDeviatingBlocks(d);
+      const distBar = buildDistributionBar(d);
+      const recText = buildDriftRecommendation(d);
       const closeSplitQualifier = domPctVal < 70 && domPctVal >= 50 ? `<div style="margin-top:8px;padding:8px 14px;background:var(--tint-amber);border-left:3px solid var(--drift-amber);border-radius:0;font-size:13px;line-height:1.6;color:var(--text-secondary)">
           <strong>${esc(d.dominantPattern)}</strong> is dominant at ${domPctVal}%, but the split is close.
           If your team prefers <strong>${esc(d.deviatingFiles[0]?.detectedPattern ?? "the alternative")}</strong>, adopt that instead.
@@ -7282,6 +7621,37 @@ function buildDeepInsights(result) {
   ${cards}
 </section>`;
 }
+function buildSequenceCards(similarities) {
+  const seqCards = similarities.slice(0, 6).map((sim) => {
+    const pct = Math.round(sim.similarity * 100);
+    const color = pct >= 90 ? "var(--drift-red)" : "var(--drift-orange)";
+    const matchLabel = pct >= 100 ? "Exact duplicate" : pct >= 90 ? "Near-exact match" : "Similar";
+    return `<div style="display:flex;align-items:center;gap:12px;padding:6px 0;border-bottom:1px solid var(--border-subtle)">
+      <span class="mono" style="min-width:40px;font-weight:700;color:${color}">${pct}%</span>
+      <div style="flex:1">
+        <span style="font-size:11px;font-weight:600;color:${color};margin-right:6px">${matchLabel}</span>
+        <span class="mono" style="font-size:12px;color:var(--text-secondary)">${esc(sim.functionA.name)}()</span>
+        <span style="font-size:11px;color:var(--text-tertiary)"> in ${esc(shortPath(sim.functionA.relativePath || sim.functionA.file))}</span>
+        <span style="color:var(--text-tertiary);margin:0 4px">&harr;</span>
+        <span class="mono" style="font-size:12px;color:var(--drift-orange)">${esc(sim.functionB.name)}()</span>
+        <span style="font-size:11px;color:var(--text-tertiary)"> in ${esc(shortPath(sim.functionB.relativePath || sim.functionB.file))}</span>
+      </div>
+    </div>`;
+  }).join("");
+  return `<details style="margin-bottom:8px"><summary style="cursor:pointer;font-size:13px;font-weight:500;color:var(--text-primary);list-style:none;padding:6px 0"><span class="chevron">&#9654;</span> Operation sequence matches <span style="color:var(--text-tertiary);font-weight:400">${similarities.length} pairs</span></summary><div style="padding:4px 0 4px 16px">${seqCards}</div></details>`;
+}
+function buildDeviationCards(justifications) {
+  const devCards = justifications.map((dj) => {
+    const vColor = dj.verdict === "likely_justified" ? "var(--intent-green)" : dj.verdict === "likely_accidental" ? "var(--drift-red)" : "var(--drift-amber)";
+    const vLabel = dj.verdict === "likely_justified" ? "JUSTIFIED" : dj.verdict === "likely_accidental" ? "ACCIDENTAL" : "UNCERTAIN";
+    return `<div style="display:flex;align-items:center;gap:10px;padding:6px 0;border-bottom:1px solid var(--border-subtle)">
+      <span class="sev-badge" style="background:${vColor};min-width:80px;text-align:center">${vLabel}</span>
+      <span class="mono" style="font-size:12px;color:var(--text-secondary);flex:1">${esc(shortPath(dj.relativePath || dj.file))}</span>
+      <span style="font-size:12px;color:var(--text-tertiary)">${esc(dj.deviatingPattern)} vs ${esc(dj.dominantPattern)}</span>
+    </div>`;
+  }).join("");
+  return `<details style="margin-bottom:8px"><summary style="cursor:pointer;font-size:13px;font-weight:500;color:var(--text-primary);list-style:none;padding:6px 0"><span class="chevron">&#9654;</span> Deviation analysis <span style="color:var(--text-tertiary);font-weight:400">${justifications.length}</span></summary><div style="padding:4px 0 4px 16px">${devCards}</div></details>`;
+}
 function buildCodeDnaSummary(result) {
   const dna = result.codeDnaResult;
   if (!dna) return "";
@@ -7292,35 +7662,10 @@ function buildCodeDnaSummary(result) {
   if (!hasDupes && !hasSeqs && !hasTaint && !hasDevs) return "";
   const parts = [];
   if (hasSeqs) {
-    const seqCards = dna.sequenceSimilarities.slice(0, 6).map((sim) => {
-      const pct = Math.round(sim.similarity * 100);
-      const color = pct >= 90 ? "var(--drift-red)" : "var(--drift-orange)";
-      const matchLabel = pct >= 100 ? "Exact duplicate" : pct >= 90 ? "Near-exact match" : "Similar";
-      return `<div style="display:flex;align-items:center;gap:12px;padding:6px 0;border-bottom:1px solid var(--border-subtle)">
-        <span class="mono" style="min-width:40px;font-weight:700;color:${color}">${pct}%</span>
-        <div style="flex:1">
-          <span style="font-size:11px;font-weight:600;color:${color};margin-right:6px">${matchLabel}</span>
-          <span class="mono" style="font-size:12px;color:var(--text-secondary)">${esc(sim.functionA.name)}()</span>
-          <span style="font-size:11px;color:var(--text-tertiary)"> in ${esc(shortPath(sim.functionA.relativePath || sim.functionA.file))}</span>
-          <span style="color:var(--text-tertiary);margin:0 4px">&harr;</span>
-          <span class="mono" style="font-size:12px;color:var(--drift-orange)">${esc(sim.functionB.name)}()</span>
-          <span style="font-size:11px;color:var(--text-tertiary)"> in ${esc(shortPath(sim.functionB.relativePath || sim.functionB.file))}</span>
-        </div>
-      </div>`;
-    }).join("");
-    parts.push(`<details style="margin-bottom:8px"><summary style="cursor:pointer;font-size:13px;font-weight:500;color:var(--text-primary);list-style:none;padding:6px 0"><span class="chevron">&#9654;</span> Operation sequence matches <span style="color:var(--text-tertiary);font-weight:400">${dna.sequenceSimilarities.length} pairs</span></summary><div style="padding:4px 0 4px 16px">${seqCards}</div></details>`);
+    parts.push(buildSequenceCards(dna.sequenceSimilarities));
   }
   if (hasDevs) {
-    const devCards = dna.deviationJustifications.map((dj) => {
-      const vColor = dj.verdict === "likely_justified" ? "var(--intent-green)" : dj.verdict === "likely_accidental" ? "var(--drift-red)" : "var(--drift-amber)";
-      const vLabel = dj.verdict === "likely_justified" ? "JUSTIFIED" : dj.verdict === "likely_accidental" ? "ACCIDENTAL" : "UNCERTAIN";
-      return `<div style="display:flex;align-items:center;gap:10px;padding:6px 0;border-bottom:1px solid var(--border-subtle)">
-        <span class="sev-badge" style="background:${vColor};min-width:80px;text-align:center">${vLabel}</span>
-        <span class="mono" style="font-size:12px;color:var(--text-secondary);flex:1">${esc(shortPath(dj.relativePath || dj.file))}</span>
-        <span style="font-size:12px;color:var(--text-tertiary)">${esc(dj.deviatingPattern)} vs ${esc(dj.dominantPattern)}</span>
-      </div>`;
-    }).join("");
-    parts.push(`<details style="margin-bottom:8px"><summary style="cursor:pointer;font-size:13px;font-weight:500;color:var(--text-primary);list-style:none;padding:6px 0"><span class="chevron">&#9654;</span> Deviation analysis <span style="color:var(--text-tertiary);font-weight:400">${dna.deviationJustifications.length}</span></summary><div style="padding:4px 0 4px 16px">${devCards}</div></details>`);
+    parts.push(buildDeviationCards(dna.deviationJustifications));
   }
   if (parts.length === 0) return "";
   const totalFindings = dna.findings?.length ?? 0;
@@ -7715,34 +8060,8 @@ function exportCSV() {
 }
 
 // \u2500\u2500\u2500\u2500 Export: DOCX (Word-compatible HTML) \u2500\u2500\u2500\u2500
-function exportDOCX() {
-  const d = window.__VIBEDRIFT_DATA;
-  if (!d) { alert('Report data not available'); return; }
-
-  let html = '<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word"><head><meta charset="utf-8"><style>';
-  html += 'body{font-family:Calibri,sans-serif;font-size:11pt;color:#222;margin:40px}';
-  html += 'h1{font-size:20pt;color:#0B0F15;border-bottom:2px solid #00D4FF;padding-bottom:8px;margin-top:28px}';
-  html += 'h2{font-size:14pt;color:#333;margin-top:20px}';
-  html += 'h3{font-size:12pt;color:#555;margin-top:14px}';
-  html += 'table{border-collapse:collapse;width:100%;margin:10px 0}';
-  html += 'th,td{border:1px solid #ddd;padding:6px 10px;text-align:left;font-size:10pt}';
-  html += 'th{background:#f0f4f8;font-weight:600}';
-  html += '.sev-critical{color:#dc2626;font-weight:700} .sev-warning{color:#d97706;font-weight:700} .sev-info{color:#2563eb}';
-  html += '.intent{background:#ecfdf5;border-left:3px solid #10b981;padding:8px 12px;margin:6px 0}';
-  html += '.drift{background:#fff7ed;border-left:3px solid #f97316;padding:8px 12px;margin:6px 0}';
-  html += '.rec{background:#f0f9ff;border-left:3px solid #0ea5e9;padding:8px 12px;margin:6px 0}';
-  html += 'code{font-family:Consolas,monospace;font-size:9pt;background:#f5f5f5;padding:1px 4px}';
-  html += '.page-break{page-break-before:always}';
-  html += '</style></head><body>';
-
-  // Title
-  html += '<div style="text-align:center;margin-bottom:30px">';
-  html += '<h1 style="border:none;font-size:28pt;color:#00D4FF">VIBEDRIFT REPORT</h1>';
-  html += '<p style="font-size:16pt;color:#333">' + esc2(d.project) + '</p>';
-  html += '<p>' + d.fileCount + ' files &middot; ' + d.totalLines.toLocaleString() + ' LOC &middot; Score: <strong>' + d.score + '/' + d.maxScore + '</strong></p>';
-  html += '</div>';
-
-  // Drift findings
+function buildDocxFindingsHtml(d) {
+  let html = '';
   html += '<h1>Drift Findings</h1>';
   for (const f of d.driftFindings || []) {
     const sev = f.severity === 'error' ? 'critical' : f.severity;
@@ -7752,8 +8071,6 @@ function exportDOCX() {
     html += '<div class="drift"><strong>DEVIATING:</strong> ' + esc2(f.devFiles) + '</div>';
     if (f.recommendation) html += '<div class="rec"><strong>Fix:</strong> ' + esc2(f.recommendation) + '</div>';
   }
-
-  // All findings
   html += '<div class="page-break"></div><h1>All Findings</h1>';
   html += '<table><tr><th>Severity</th><th>Analyzer</th><th>Finding</th><th>File</th><th>Line</th></tr>';
   for (const f of d.findings || []) {
@@ -7762,16 +8079,17 @@ function exportDOCX() {
     html += '<td><code>' + esc2(f.file) + '</code></td><td>' + f.line + '</td></tr>';
   }
   html += '</table>';
+  return html;
+}
 
-  // File scores
+function buildDocxScoresHtml(d) {
+  let html = '';
   html += '<div class="page-break"></div><h1>File Scores</h1>';
   html += '<table><tr><th>File</th><th>Score</th><th>Findings</th></tr>';
   for (const f of d.fileScores || []) {
     html += '<tr><td><code>' + esc2(f.file) + '</code></td><td>' + f.score + '/100</td><td>' + f.findings + '</td></tr>';
   }
   html += '</table>';
-
-  // Code DNA
   if (d.codeDna) {
     html += '<div class="page-break"></div><h1>Code DNA Analysis</h1>';
     if (d.codeDna.sequences && d.codeDna.sequences.length > 0) {
@@ -7785,8 +8103,6 @@ function exportDOCX() {
       html += '</table>';
     }
   }
-
-  // Deep insights
   if (d.deepInsights && d.deepInsights.length > 0) {
     html += '<div class="page-break"></div><h1>Deep Analysis Insights (AI-Powered)</h1>';
     for (const ins of d.deepInsights) {
@@ -7795,6 +8111,37 @@ function exportDOCX() {
       if (ins.recommendation) html += '<div class="rec"><strong>Fix:</strong> ' + esc2(ins.recommendation) + '</div>';
     }
   }
+  return html;
+}
+
+function exportDOCX() {
+  const d = window.__VIBEDRIFT_DATA;
+  if (!d) { alert('Report data not available'); return; }
+
+  let html = '<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word"><head><meta charset="utf-8"><style>';
+  html += 'body{font-family:Calibri,sans-serif;font-size:11pt;color:#222;margin:40px}';
+  html += 'h1{font-size:20pt;color:#0B0F15;border-bottom:2px solid #00D4FF;padding-bottom:8px;margin-top:28px}';
+  html += 'h2{font-size:14pt;color:#333;margin-top:20px}';
+  html += 'h3{font-size:12pt;color:#555;margin-top:14px}';
+  html += 'table{border-collapse:collapse;width:100%;margin:10px 0}';
+  html += 'th,td{border:1px solid #ddd;padding:6px 10px;text-align:left;font-size:10pt}';
+  html += 'th{background:#f0f4f8;font-weight:600}';
+  html += '.sev-critical{color:#dc2626;font-weight:700} .sev-warning{color:#d97706;font-weight:700} .sev-info{color:#2563eb}';
+  html += '.intent{background:#ecfdf5;border-left:3px solid #10b981;padding:8px 12px;margin:6px 0}';
+  html += '.drift{background:#fff7ed;border-left:3px solid #f97316;padding:8px 12px;margin:6px 0}';
+  html += '.rec{background:#f0f9ff;border-left:3px solid #0ea5e9;padding:8px 12px;margin:6px 0}';
+  html += 'code{font-family:Consolas,monospace;font-size:9pt;background:#f5f5f5;padding:1px 4px}';
+  html += '.page-break{page-break-before:always}';
+  html += '</style></head><body>';
+
+  html += '<div style="text-align:center;margin-bottom:30px">';
+  html += '<h1 style="border:none;font-size:28pt;color:#00D4FF">VIBEDRIFT REPORT</h1>';
+  html += '<p style="font-size:16pt;color:#333">' + esc2(d.project) + '</p>';
+  html += '<p>' + d.fileCount + ' files &middot; ' + d.totalLines.toLocaleString() + ' LOC &middot; Score: <strong>' + d.score + '/' + d.maxScore + '</strong></p>';
+  html += '</div>';
+
+  html += buildDocxFindingsHtml(d);
+  html += buildDocxScoresHtml(d);
 
   html += '<hr><p style="color:#999;font-size:9pt">Generated by VibeDrift v' + d.version + ' | ' + d.fileCount + ' files | No data sent externally</p>';
   html += '</body></html>';
@@ -8164,18 +8511,7 @@ async function createPortalSession(token, opts) {
 }
 
 // src/cli/commands/scan.ts
-async function runScan(targetPath, options) {
-  const rootDir = resolve(targetPath);
-  try {
-    const info2 = await stat3(rootDir);
-    if (!info2.isDirectory()) {
-      console.error(`Error: ${rootDir} is not a directory`);
-      process.exit(1);
-    }
-  } catch {
-    console.error(`Error: ${rootDir} does not exist`);
-    process.exit(1);
-  }
+async function resolveAuthAndBanner(options) {
   let bearerToken = null;
   let apiUrl = options.apiUrl;
   if (options.deep) {
@@ -8222,10 +8558,10 @@ async function runScan(targetPath, options) {
       console.log("");
     }
   }
-  const startTime = Date.now();
-  const timings = {};
+  return { bearerToken, apiUrl };
+}
+async function discoverAndFilterFiles(rootDir, options, spinner) {
   const isTerminal = options.format === "terminal" && !options.json;
-  const spinner = isTerminal ? ora("Discovering files...").start() : null;
   const t0 = Date.now();
   const { ctx, warnings } = await buildAnalysisContext(rootDir);
   const includes = options.include ?? [];
@@ -8239,7 +8575,7 @@ async function runScan(targetPath, options) {
       console.error(chalk2.dim(`[filter] ${before} \u2192 ${filtered.length} files after include/exclude`));
     }
   }
-  timings.discovery = Date.now() - t0;
+  const discoveryMs = Date.now() - t0;
   if (isTerminal) {
     if (warnings.truncated) {
       console.warn(chalk2.yellow(`
@@ -8257,6 +8593,13 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
     console.log("No source files found to analyze.");
     process.exit(0);
   }
+  return { ctx, discoveryMs };
+}
+async function runAnalysisPipeline(rootDir, options, spinner) {
+  const isTerminal = options.format === "terminal" && !options.json;
+  const timings = {};
+  const { ctx, discoveryMs } = await discoverAndFilterFiles(rootDir, options, spinner);
+  timings.discovery = discoveryMs;
   if (spinner) spinner.text = `Parsing ${ctx.files.length} files...`;
   const t1 = Date.now();
   await parseFiles(ctx.files);
@@ -8288,30 +8631,33 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
       console.error(`[codedna] ${codeDnaResult.duplicateGroups.length} fingerprint duplicates, ${codeDnaResult.sequenceSimilarities.length} sequence matches, ${codeDnaResult.taintFlows.length} taint flows`);
     }
   }
+  return { ctx, allFindings, driftResult, codeDnaResult, timings };
+}
+async function runDeepAnalysis(pipeline, options, bearerToken, apiUrl, spinner) {
+  const { allFindings, ctx, codeDnaResult, driftResult } = pipeline;
+  const timings = {};
   let mlMediumConfidence = [];
-  if (options.deep && bearerToken) {
-    const t5 = Date.now();
-    if (spinner) spinner.text = "Running AI deep analysis (may take ~30s on cold start)...";
-    try {
-      const { runMlAnalysis: runMlAnalysis2 } = await Promise.resolve().then(() => (init_ml_client(), ml_client_exports));
-      const mlResult = await runMlAnalysis2(ctx, codeDnaResult, allFindings, {
-        token: bearerToken,
-        apiUrl,
-        verbose: options.verbose,
-        driftFindings: driftResult.driftFindings,
-        projectName: options.projectName
-      });
-      allFindings.push(...mlResult.highConfidence);
-      mlMediumConfidence = mlResult.mediumConfidence;
-      if (options.verbose) {
-        console.error(`[deep] ${mlResult.highConfidence.length} high-confidence findings shipped, ${mlResult.mediumConfidence.length} sent to LLM, ${mlResult.droppedCount} dropped`);
-      }
-    } catch (err) {
-      console.error(chalk2.red(`[deep] AI analysis failed: ${err.message}`));
-      console.error(chalk2.dim("       The local scan will continue. Run `vibedrift doctor` if this persists."));
+  const t5 = Date.now();
+  if (spinner) spinner.text = "Running AI deep analysis (may take ~30s on cold start)...";
+  try {
+    const { runMlAnalysis: runMlAnalysis2 } = await Promise.resolve().then(() => (init_ml_client(), ml_client_exports));
+    const mlResult = await runMlAnalysis2(ctx, codeDnaResult, allFindings, {
+      token: bearerToken,
+      apiUrl,
+      verbose: options.verbose,
+      driftFindings: driftResult.driftFindings,
+      projectName: options.projectName
+    });
+    allFindings.push(...mlResult.highConfidence);
+    mlMediumConfidence = mlResult.mediumConfidence;
+    if (options.verbose) {
+      console.error(`[deep] ${mlResult.highConfidence.length} high-confidence findings shipped, ${mlResult.mediumConfidence.length} sent to LLM, ${mlResult.droppedCount} dropped`);
     }
-    timings.deep = Date.now() - t5;
+  } catch (err) {
+    console.error(chalk2.red(`[deep] AI analysis failed: ${err.message}`));
+    console.error(chalk2.dim("       The local scan will continue. Run `vibedrift doctor` if this persists."));
   }
+  timings.deep = Date.now() - t5;
   const { deduplicateFindingsAcrossLayers: deduplicateFindingsAcrossLayers2 } = await Promise.resolve().then(() => (init_dedup(), dedup_exports));
   const dedupedCount = allFindings.length;
   const dedupedFindings = deduplicateFindingsAcrossLayers2(allFindings);
@@ -8320,6 +8666,12 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
   }
   allFindings.length = 0;
   allFindings.push(...dedupedFindings);
+  void mlMediumConfidence;
+  return { timings };
+}
+async function buildScanResult(pipeline, options, startTime, timings, bearerToken, apiUrl, spinner) {
+  const { ctx, allFindings, driftResult, codeDnaResult } = pipeline;
+  const rootDir = ctx.rootDir;
   const previousScores = await loadPreviousScores(rootDir);
   if (spinner) spinner.text = "Computing scores...";
   const { scores, compositeScore, maxCompositeScore, perFileScores } = computeScores(
@@ -8369,7 +8721,10 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
       if (options.verbose) console.error(`[summary] Failed: ${err.message}`);
     }
   }
-  await saveScanResult(rootDir, scores, compositeScore);
+  return result;
+}
+async function logAndRender(result, options, bearerToken, apiUrl, rootDir, codeDnaResult) {
+  const { findings: allFindings, compositeScore, maxCompositeScore, scanTimeMs } = result;
   if (bearerToken) {
     try {
       const { logScan: logScan2 } = await Promise.resolve().then(() => (init_log_scan(), log_scan_exports));
@@ -8405,8 +8760,8 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
         payload: {
           project_hash: projectIdentity.hash,
           project_name: projectIdentity.name,
-          language: ctx.dominantLanguage ?? "unknown",
-          file_count: ctx.files.length,
+          language: result.context.dominantLanguage ?? "unknown",
+          file_count: result.context.files.length,
           function_count: codeDnaResult?.functions?.length ?? 0,
           finding_count: allFindings.length,
           score: compositeScore,
@@ -8427,6 +8782,12 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
     }
   }
   const format = options.format ?? (options.json ? "json" : "html");
+  await renderToFormat(result, format, options);
+  if (options.failOnScore !== void 0 && compositeScore < options.failOnScore) {
+    process.exit(1);
+  }
+}
+async function renderToFormat(result, format, options) {
   if (format === "html") {
     const html = renderHtmlReport(result);
     const outputPath = options.output ?? "vibedrift-report.html";
@@ -8475,9 +8836,29 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
   } else {
     console.log(renderTerminalOutput(result));
   }
-  if (options.failOnScore !== void 0 && compositeScore < options.failOnScore) {
+}
+async function runScan(targetPath, options) {
+  const rootDir = resolve(targetPath);
+  try {
+    const info2 = await stat3(rootDir);
+    if (!info2.isDirectory()) {
+      console.error(`Error: ${rootDir} is not a directory`);
+      process.exit(1);
+    }
+  } catch {
+    console.error(`Error: ${rootDir} does not exist`);
     process.exit(1);
   }
+  const { bearerToken, apiUrl } = await resolveAuthAndBanner(options);
+  const startTime = Date.now();
+  const isTerminal = options.format === "terminal" && !options.json;
+  const spinner = isTerminal ? ora("Discovering files...").start() : null;
+  const pipeline = await runAnalysisPipeline(rootDir, options, spinner);
+  const deepTimings = options.deep && bearerToken ? await runDeepAnalysis(pipeline, options, bearerToken, apiUrl, spinner) : { timings: {} };
+  const timings = { ...pipeline.timings, ...deepTimings.timings };
+  const result = await buildScanResult(pipeline, options, startTime, timings, bearerToken, apiUrl, spinner);
+  await saveScanResult(rootDir, result.scores, result.compositeScore);
+  await logAndRender(result, options, bearerToken, apiUrl, rootDir, pipeline.codeDnaResult);
 }
 
 // src/cli/commands/update.ts
@@ -8669,58 +9050,7 @@ async function runLogin(options = {}) {
     }
     if (result.status === "pending") continue;
     if (result.status === "authorized") {
-      await patchConfig({
-        token: result.access_token,
-        email: result.email,
-        plan: result.plan,
-        expiresAt: result.expires_at,
-        loggedInAt: (/* @__PURE__ */ new Date()).toISOString(),
-        apiUrl: options.apiUrl
-      });
-      console.log(chalk4.green("  \u2713 Logged in successfully."));
-      console.log("");
-      console.log(`  Account: ${chalk4.bold(result.email)}`);
-      console.log(`  Plan:    ${chalk4.bold(result.plan)}`);
-      console.log("");
-      try {
-        const credits = await fetchCredits(result.access_token, {
-          apiUrl: options.apiUrl
-        });
-        if (credits.has_free_deep_scan && !credits.unlimited) {
-          console.log(
-            chalk4.bgYellow.black.bold("  \u{1F381} 1 FREE deep scan included with your account  ")
-          );
-          console.log("");
-          console.log(
-            chalk4.yellow("  Try the full pipeline (Claude analysis, security review,")
-          );
-          console.log(
-            chalk4.yellow("  AI-powered drift detection) on any project \u2014 no card needed.")
-          );
-          console.log("");
-          console.log(`    ${chalk4.cyan("vibedrift . --deep")}`);
-          console.log("");
-        } else if (credits.unlimited) {
-          console.log(chalk4.dim("  Run `vibedrift . --deep` to use AI-powered analysis."));
-          console.log("");
-        } else if (credits.available_total > 0) {
-          console.log(
-            chalk4.dim(`  You have ${credits.available_total} deep scan credit${credits.available_total === 1 ? "" : "s"} available.`)
-          );
-          console.log(chalk4.dim("  Run `vibedrift . --deep` to use one."));
-          console.log("");
-        } else {
-          console.log(chalk4.dim("  Run `vibedrift upgrade` to enable deep AI scans."));
-          console.log("");
-        }
-      } catch {
-        if (result.plan === "free") {
-          console.log(chalk4.dim("  Run `vibedrift upgrade` to enable deep AI scans."));
-        } else {
-          console.log(chalk4.dim("  Run `vibedrift . --deep` to use AI-powered analysis."));
-        }
-        console.log("");
-      }
+      await handleLoginSuccess(result, options);
       return;
     }
     if (result.status === "denied") {
@@ -8738,6 +9068,60 @@ async function runLogin(options = {}) {
   console.error(chalk4.dim("    Run `vibedrift login` again to retry.\n"));
   process.exit(1);
 }
+async function handleLoginSuccess(result, options) {
+  await patchConfig({
+    token: result.access_token,
+    email: result.email,
+    plan: result.plan,
+    expiresAt: result.expires_at,
+    loggedInAt: (/* @__PURE__ */ new Date()).toISOString(),
+    apiUrl: options.apiUrl
+  });
+  console.log(chalk4.green("  \u2713 Logged in successfully."));
+  console.log("");
+  console.log(`  Account: ${chalk4.bold(result.email)}`);
+  console.log(`  Plan:    ${chalk4.bold(result.plan)}`);
+  console.log("");
+  try {
+    const credits = await fetchCredits(result.access_token, {
+      apiUrl: options.apiUrl
+    });
+    if (credits.has_free_deep_scan && !credits.unlimited) {
+      console.log(
+        chalk4.bgYellow.black.bold("  \u{1F381} 1 FREE deep scan included with your account  ")
+      );
+      console.log("");
+      console.log(
+        chalk4.yellow("  Try the full pipeline (Claude analysis, security review,")
+      );
+      console.log(
+        chalk4.yellow("  AI-powered drift detection) on any project \u2014 no card needed.")
+      );
+      console.log("");
+      console.log(`    ${chalk4.cyan("vibedrift . --deep")}`);
+      console.log("");
+    } else if (credits.unlimited) {
+      console.log(chalk4.dim("  Run `vibedrift . --deep` to use AI-powered analysis."));
+      console.log("");
+    } else if (credits.available_total > 0) {
+      console.log(
+        chalk4.dim(`  You have ${credits.available_total} deep scan credit${credits.available_total === 1 ? "" : "s"} available.`)
+      );
+      console.log(chalk4.dim("  Run `vibedrift . --deep` to use one."));
+      console.log("");
+    } else {
+      console.log(chalk4.dim("  Run `vibedrift upgrade` to enable deep AI scans."));
+      console.log("");
+    }
+  } catch {
+    if (result.plan === "free") {
+      console.log(chalk4.dim("  Run `vibedrift upgrade` to enable deep AI scans."));
+    } else {
+      console.log(chalk4.dim("  Run `vibedrift . --deep` to use AI-powered analysis."));
+    }
+    console.log("");
+  }
+}
 function fail(intro, err) {
   const msg = err instanceof VibeDriftApiError ? `${err.status ? `HTTP ${err.status}: ` : ""}${err.message}` : err instanceof Error ? err.message : String(err);
   console.error(chalk4.red(`
@@ -8985,58 +9369,8 @@ import { homedir as homedir3, platform, arch } from "os";
 import { join as join7 } from "path";
 import { stat as stat4, access, constants } from "fs/promises";
 init_version();
-async function runDoctor() {
-  let failures = 0;
-  console.log("");
-  console.log(chalk10.bold("  VibeDrift Doctor"));
-  console.log("");
-  console.log(chalk10.bold("  Environment"));
-  ok("CLI version", getVersion());
-  ok("Node", process.version);
-  ok("Platform", `${platform()} ${arch()}`);
-  ok("HOME", homedir3());
-  console.log("");
-  console.log(chalk10.bold("  Config"));
-  const configDir = getConfigDir();
-  const configPath = getConfigPath();
-  let configDirOk = false;
-  try {
-    const info2 = await stat4(configDir);
-    if (info2.isDirectory()) {
-      configDirOk = true;
-      const mode = (info2.mode & 511).toString(8);
-      ok("Config dir", `${configDir} (mode ${mode})`);
-    } else {
-      bad(`Config dir exists but is not a directory: ${configDir}`);
-      failures++;
-    }
-  } catch {
-    info("Config dir", `${configDir} (will be created on first login)`);
-    configDirOk = true;
-  }
-  if (configDirOk) {
-    try {
-      await access(configPath, constants.R_OK);
-      const info2 = await stat4(configPath);
-      const mode = (info2.mode & 511).toString(8);
-      if ((info2.mode & 63) !== 0) {
-        warn("Config file", `${configPath} (mode ${mode}, world/group readable \u2014 should be 600)`);
-      } else {
-        ok("Config file", `${configPath} (mode ${mode})`);
-      }
-    } catch {
-      info("Config file", "absent (not logged in)");
-    }
-  }
-  const historyDir = join7(homedir3(), ".vibedrift", "scans");
-  try {
-    const info2 = await stat4(historyDir);
-    if (info2.isDirectory()) ok("Scan history", historyDir);
-    else warn("Scan history", `${historyDir} exists but is not a directory`);
-  } catch {
-    info("Scan history", "empty (no scans run yet)");
-  }
-  console.log("");
+async function checkAuthStatus() {
+  let authFailures = 0;
   console.log(chalk10.bold("  Authentication"));
   const config = await readConfig();
   const resolved = await resolveToken();
@@ -9053,7 +9387,7 @@ async function runDoctor() {
         const now = Date.now();
         if (expires < now) {
           bad(`Token expired ${Math.floor((now - expires) / 864e5)} days ago`);
-          failures++;
+          authFailures++;
         } else {
           ok("Token expires", `${config.expiresAt} (${Math.ceil((expires - now) / 864e5)} days)`);
         }
@@ -9061,6 +9395,10 @@ async function runDoctor() {
     }
   }
   console.log("");
+  return { resolved, authFailures };
+}
+async function checkApiConnectivity(resolved) {
+  let failures = 0;
   console.log(chalk10.bold("  API"));
   const apiUrl = await resolveApiUrl();
   ok("API URL", apiUrl);
@@ -9095,6 +9433,64 @@ async function runDoctor() {
     }
   }
   console.log("");
+  return failures;
+}
+async function runDoctor() {
+  let failures = 0;
+  console.log("");
+  console.log(chalk10.bold("  VibeDrift Doctor"));
+  console.log("");
+  console.log(chalk10.bold("  Environment"));
+  ok("CLI version", getVersion());
+  ok("Node", process.version);
+  ok("Platform", `${platform()} ${arch()}`);
+  ok("HOME", homedir3());
+  console.log("");
+  console.log(chalk10.bold("  Config"));
+  const configDir = getConfigDir();
+  const configPath = getConfigPath();
+  let configDirOk = false;
+  try {
+    const info2 = await stat4(configDir);
+    if (info2.isDirectory()) {
+      configDirOk = true;
+      const mode = (info2.mode & 511).toString(8);
+      ok("Config dir", `${configDir} (mode ${mode})`);
+    } else {
+      bad(`Config dir exists but is not a directory: ${configDir}`);
+      failures++;
+    }
+  } catch {
+    info("Config dir", `${configDir} (will be created on first login)`);
+    configDirOk = true;
+  }
+  if (configDirOk) {
+    try {
+      await access(configPath, constants.R_OK);
+      const info2 = await stat4(configPath);
+      const mode = (info2.mode & 511).toString(8);
+      if ((info2.mode & 63) !== 0) {
+        warn("Config file", `${configPath} (mode ${mode}, world/group readable \u2014 should be 600)`);
+      } else {
+        ok("Config file", `${configPath} (mode ${mode})`);
+      }
+    } catch {
+      info("Config file", "absent (not logged in)");
+    }
+  }
+  const historyDir = join7(homedir3(), ".vibedrift", "scans");
+  try {
+    const info2 = await stat4(historyDir);
+    if (info2.isDirectory()) ok("Scan history", historyDir);
+    else warn("Scan history", `${historyDir} exists but is not a directory`);
+  } catch {
+    info("Scan history", "empty (no scans run yet)");
+  }
+  console.log("");
+  const { resolved, authFailures } = await checkAuthStatus();
+  failures += authFailures;
+  const apiFailures = await checkApiConnectivity(resolved);
+  failures += apiFailures;
   if (failures === 0) {
     console.log(chalk10.green("  \u2713 All checks passed."));
   } else {