@vibedrift/cli 0.5.0 → 0.5.1

package/dist/index.js

@@ -598,63 +598,72 @@ function extractAssignedVariable(line) {
   if (pyMatch) return pyMatch[1];
   return null;
 }
-function analyzeFunction(fn) {
-  const flows = [];
-  const lines = fn.rawBody.split("\n");
-  const taintedVars = /* @__PURE__ */ new Map();
-  const langSources = TAINT_SOURCES[fn.language] ?? [];
-  for (let i = 0; i < lines.length; i++) {
-    const line = lines[i];
-    const trimmed = line.trim();
-    for (const src of langSources) {
-      if (src.regex.test(trimmed)) {
-        const varName = extractAssignedVariable(trimmed);
-        if (varName) {
-          taintedVars.set(varName, {
-            name: varName,
-            source: { type: src.label, variable: varName, line: fn.line + i },
-            sanitizedFor: /* @__PURE__ */ new Set()
-          });
+function identifySources(trimmed, langSources, lineNumber, taintedVars) {
+  for (const src of langSources) {
+    if (src.regex.test(trimmed)) {
+      const varName = extractAssignedVariable(trimmed);
+      if (varName) {
+        taintedVars.set(varName, {
+          name: varName,
+          source: { type: src.label, variable: varName, line: lineNumber },
+          sanitizedFor: /* @__PURE__ */ new Set()
+        });
+      }
+    }
+  }
+}
+function checkSanitizers(trimmed, taintedVars) {
+  for (const [varName, tainted] of taintedVars) {
+    if (!trimmed.includes(varName)) continue;
+    for (const san of SANITIZERS) {
+      if (san.regex.test(trimmed)) {
+        if (san.removes === "all") {
+          tainted.sanitizedFor = new Set(ALL_TAINT_CATEGORIES);
+        } else {
+          tainted.sanitizedFor.add(san.removes);
         }
       }
     }
+  }
+}
+function identifySinks(trimmed, fn, lineNumber, taintedVars, flows) {
+  for (const sink of TAINT_SINKS) {
+    if (!sink.regex.test(trimmed)) continue;
     for (const [varName, tainted] of taintedVars) {
       if (!trimmed.includes(varName)) continue;
+      if (tainted.sanitizedFor.has(sink.category)) continue;
+      let inlineSanitized = false;
       for (const san of SANITIZERS) {
-        if (san.regex.test(trimmed)) {
-          if (san.removes === "all") {
-            tainted.sanitizedFor = /* @__PURE__ */ new Set(["sql_injection", "command_injection", "path_traversal", "xss", "ssrf", "code_injection"]);
-          } else {
-            tainted.sanitizedFor.add(san.removes);
-          }
-        }
-      }
-    }
-    for (const sink of TAINT_SINKS) {
-      if (!sink.regex.test(trimmed)) continue;
-      for (const [varName, tainted] of taintedVars) {
-        if (!trimmed.includes(varName)) continue;
-        if (tainted.sanitizedFor.has(sink.category)) continue;
-        let inlineSanitized = false;
-        for (const san of SANITIZERS) {
-          if (san.regex.test(trimmed) && (san.removes === "all" || san.removes === sink.category)) {
-            inlineSanitized = true;
-            break;
-          }
+        if (san.regex.test(trimmed) && (san.removes === "all" || san.removes === sink.category)) {
+          inlineSanitized = true;
+          break;
         }
-        if (inlineSanitized) continue;
-        flows.push({
-          file: fn.file,
-          relativePath: fn.relativePath,
-          functionName: fn.name,
-          source: tainted.source,
-          sink: { type: sink.label, expression: trimmed.slice(0, 100), line: fn.line + i, severity: sink.severity },
-          sanitized: false,
-          language: fn.language
-        });
       }
+      if (inlineSanitized) continue;
+      flows.push({
+        file: fn.file,
+        relativePath: fn.relativePath,
+        functionName: fn.name,
+        source: tainted.source,
+        sink: { type: sink.label, expression: trimmed.slice(0, 100), line: lineNumber, severity: sink.severity },
+        sanitized: false,
+        language: fn.language
+      });
     }
   }
+}
+function analyzeFunction(fn) {
+  const flows = [];
+  const lines = fn.rawBody.split("\n");
+  const taintedVars = /* @__PURE__ */ new Map();
+  const langSources = TAINT_SOURCES[fn.language] ?? [];
+  for (let i = 0; i < lines.length; i++) {
+    const trimmed = lines[i].trim();
+    const lineNumber = fn.line + i;
+    identifySources(trimmed, langSources, lineNumber, taintedVars);
+    checkSanitizers(trimmed, taintedVars);
+    identifySinks(trimmed, fn, lineNumber, taintedVars, flows);
+  }
   return flows;
 }
 function analyzeTaintFlows(functions) {
@@ -683,7 +692,7 @@ function taintFindings(flows) {
     tags: ["codedna", "taint", "security"]
   }));
 }
-var TAINT_SOURCES, TAINT_SINKS, SANITIZERS;
+var TAINT_SOURCES, TAINT_SINKS, SANITIZERS, ALL_TAINT_CATEGORIES;
 var init_taint_analysis = __esm({
   "src/codedna/taint-analysis.ts"() {
     "use strict";
@@ -779,6 +788,7 @@ var init_taint_analysis = __esm({
       { regex: /path\.(?:join|resolve|normalize)\s*\(/, label: "path.join/resolve", removes: "path_traversal" },
       { regex: /filepath\.(?:Clean|Abs)\s*\(/, label: "filepath.Clean", removes: "path_traversal" }
     ];
+    ALL_TAINT_CATEGORIES = /* @__PURE__ */ new Set(["sql_injection", "command_injection", "path_traversal", "xss", "ssrf", "code_injection"]);
   }
 });
 
@@ -803,6 +813,57 @@ function hasExplanatoryComment(content, lines, deviationLine) {
 function isInSpecialDirectory(path2) {
   return SPECIAL_DIRS.test(path2);
 }
+function computeSignalScore(file, devDist, dominantFiles, projectDominant) {
+  const lines = file.content.split("\n");
+  const signals = [];
+  let totalWeight = 0;
+  const sqlComplexity = countComplexSqlSignals(file.content);
+  if (sqlComplexity > 0) {
+    const weight = Math.min(sqlComplexity * 0.15, 0.3);
+    signals.push({ type: "complex_sql", present: true, weight, evidence: `${sqlComplexity} complex SQL indicators` });
+    totalWeight += weight;
+  } else {
+    signals.push({ type: "complex_sql", present: false, weight: 0 });
+  }
+  const firstSignalLine = devDist.signals[0]?.line;
+  if (hasExplanatoryComment(file.content, lines, firstSignalLine)) {
+    signals.push({ type: "explanatory_comment", present: true, weight: 0.2, evidence: "comment explains deviation" });
+    totalWeight += 0.2;
+  } else {
+    signals.push({ type: "no_comment", present: true, weight: -0.1, evidence: "no explanatory comment" });
+    totalWeight -= 0.1;
+  }
+  if (isInSpecialDirectory(devDist.relativePath)) {
+    signals.push({ type: "special_directory", present: true, weight: 0.2, evidence: devDist.relativePath });
+    totalWeight += 0.2;
+  }
+  if (devDist.dominantPattern === "raw_sql" && sqlComplexity === 0) {
+    const hasCrudOnly = /(?:SELECT\s+\*|INSERT\s+INTO|UPDATE\s+\w+\s+SET|DELETE\s+FROM)/i.test(file.content);
+    if (hasCrudOnly) {
+      signals.push({ type: "simple_crud", present: true, weight: -0.3, evidence: "simple CRUD SQL without complex operations" });
+      totalWeight -= 0.3;
+    }
+  }
+  const devDir = devDist.relativePath.includes("/") ? devDist.relativePath.slice(0, devDist.relativePath.lastIndexOf("/")) : ".";
+  const sameDir = dominantFiles.filter((d) => {
+    const dir = d.relativePath.includes("/") ? d.relativePath.slice(0, d.relativePath.lastIndexOf("/")) : ".";
+    return dir === devDir;
+  });
+  if (sameDir.length > 0) {
+    signals.push({ type: "same_directory_as_dominant", present: true, weight: -0.2, evidence: `${sameDir.length} files in same directory use ${projectDominant}` });
+    totalWeight -= 0.2;
+  }
+  return { signals, totalWeight };
+}
+function classifyDeviation(totalWeight) {
+  const rawScore = 0.5 + totalWeight;
+  const justificationScore = Math.max(0, Math.min(1, rawScore));
+  let verdict;
+  if (justificationScore >= 0.6) verdict = "likely_justified";
+  else if (justificationScore <= 0.3) verdict = "likely_accidental";
+  else verdict = "uncertain";
+  return { justificationScore, verdict };
+}
 function scoreDeviations(distributions, files) {
   if (distributions.length < 2) return [];
   const patternCounts = /* @__PURE__ */ new Map();
@@ -824,51 +885,8 @@ function scoreDeviations(distributions, files) {
   for (const devDist of deviatingFiles) {
     const file = files.find((f) => f.path === devDist.file || f.relativePath === devDist.relativePath);
     if (!file) continue;
-    const lines = file.content.split("\n");
-    const signals = [];
-    let totalWeight = 0;
-    const sqlComplexity = countComplexSqlSignals(file.content);
-    if (sqlComplexity > 0) {
-      const weight = Math.min(sqlComplexity * 0.15, 0.3);
-      signals.push({ type: "complex_sql", present: true, weight, evidence: `${sqlComplexity} complex SQL indicators` });
-      totalWeight += weight;
-    } else {
-      signals.push({ type: "complex_sql", present: false, weight: 0 });
-    }
-    const firstSignalLine = devDist.signals[0]?.line;
-    if (hasExplanatoryComment(file.content, lines, firstSignalLine)) {
-      signals.push({ type: "explanatory_comment", present: true, weight: 0.2, evidence: "comment explains deviation" });
-      totalWeight += 0.2;
-    } else {
-      signals.push({ type: "no_comment", present: true, weight: -0.1, evidence: "no explanatory comment" });
-      totalWeight -= 0.1;
-    }
-    if (isInSpecialDirectory(devDist.relativePath)) {
-      signals.push({ type: "special_directory", present: true, weight: 0.2, evidence: devDist.relativePath });
-      totalWeight += 0.2;
-    }
-    if (devDist.dominantPattern === "raw_sql" && sqlComplexity === 0) {
-      const hasCrudOnly = /(?:SELECT\s+\*|INSERT\s+INTO|UPDATE\s+\w+\s+SET|DELETE\s+FROM)/i.test(file.content);
-      if (hasCrudOnly) {
-        signals.push({ type: "simple_crud", present: true, weight: -0.3, evidence: "simple CRUD SQL without complex operations" });
-        totalWeight -= 0.3;
-      }
-    }
-    const devDir = devDist.relativePath.includes("/") ? devDist.relativePath.slice(0, devDist.relativePath.lastIndexOf("/")) : ".";
-    const sameDir = dominantFiles.filter((d) => {
-      const dir = d.relativePath.includes("/") ? d.relativePath.slice(0, d.relativePath.lastIndexOf("/")) : ".";
-      return dir === devDir;
-    });
-    if (sameDir.length > 0) {
-      signals.push({ type: "same_directory_as_dominant", present: true, weight: -0.2, evidence: `${sameDir.length} files in same directory use ${projectDominant}` });
-      totalWeight -= 0.2;
-    }
-    const rawScore = 0.5 + totalWeight;
-    const justificationScore = Math.max(0, Math.min(1, rawScore));
-    let verdict;
-    if (justificationScore >= 0.6) verdict = "likely_justified";
-    else if (justificationScore <= 0.3) verdict = "likely_accidental";
-    else verdict = "uncertain";
+    const { signals, totalWeight } = computeSignalScore(file, devDist, dominantFiles, projectDominant);
+    const { justificationScore, verdict } = classifyDeviation(totalWeight);
     justifications.push({
       file: devDist.file,
       relativePath: devDist.relativePath,
@@ -1664,10 +1682,8 @@ var sanitize_result_exports = {};
 __export(sanitize_result_exports, {
   sanitizeResultForUpload: () => sanitizeResultForUpload
 });
-function sanitizeResultForUpload(result) {
-  const ctx = result.context;
-  const rootDir = ctx?.rootDir ?? "";
-  const stripPath = (p) => {
+function createStripPath(rootDir) {
+  return (p) => {
     if (!p) return null;
     if (rootDir && p.startsWith(rootDir)) {
       const rel = p.slice(rootDir.length).replace(/^\/+/, "");
@@ -1675,44 +1691,60 @@ function sanitizeResultForUpload(result) {
     }
     return p;
   };
+}
+function createSanitizeNode(stripPath) {
   const sanitizeNode = (node) => {
     if (typeof node === "string") return stripPath(node) ?? node;
     if (Array.isArray(node)) return node.map(sanitizeNode);
-    if (node && typeof node === "object") {
-      const out = {};
-      for (const [k, v] of Object.entries(node)) {
-        if (k === "rootDir") continue;
-        if (k === "files" && Array.isArray(v)) {
-          out[k] = v.map((f) => ({
-            relativePath: stripPath(f.relativePath) ?? f.relativePath,
-            lineCount: f.lineCount,
-            language: f.language
-          }));
-          continue;
-        }
-        if (k === "ast" || k === "treeSitterNode") continue;
-        out[k] = sanitizeNode(v);
-      }
-      return out;
-    }
     if (node instanceof Map) {
-      const obj = {};
-      for (const [k, v] of node.entries()) {
-        const safeKey = typeof k === "string" ? stripPath(k) ?? k : String(k);
-        obj[safeKey] = sanitizeNode(v);
-      }
-      return obj;
+      return sanitizeMapNode(node, stripPath, sanitizeNode);
     }
     if (node instanceof Set) {
       return [...node].map(sanitizeNode);
     }
+    if (node && typeof node === "object") {
+      return sanitizeObjectNode(node, stripPath, sanitizeNode);
+    }
     return node;
   };
-  const envelope = {
+  return sanitizeNode;
+}
+function sanitizeObjectNode(node, stripPath, sanitizeNode) {
+  const out = {};
+  for (const [k, v] of Object.entries(node)) {
+    if (k === "rootDir") continue;
+    if (k === "files" && Array.isArray(v)) {
+      out[k] = sanitizeFilesList(v, stripPath);
+      continue;
+    }
+    if (k === "ast" || k === "treeSitterNode") continue;
+    out[k] = sanitizeNode(v);
+  }
+  return out;
+}
+function sanitizeFilesList(files, stripPath) {
+  return files.map((f) => ({
+    relativePath: stripPath(f.relativePath) ?? f.relativePath,
+    lineCount: f.lineCount,
+    language: f.language
+  }));
+}
+function sanitizeMapNode(node, stripPath, sanitizeNode) {
+  const obj = {};
+  for (const [k, v] of node.entries()) {
+    const safeKey = typeof k === "string" ? stripPath(k) ?? k : String(k);
+    obj[safeKey] = sanitizeNode(v);
+  }
+  return obj;
+}
+function sanitizeResultForUpload(result) {
+  const ctx = result.context;
+  const rootDir = ctx?.rootDir ?? "";
+  const stripPath = createStripPath(rootDir);
+  const sanitizeNode = createSanitizeNode(stripPath);
+  return {
     schema: "vibedrift-scan-result/v1",
-    project: {
-      // populated by the caller, since the CLI knows project_name + hash
-    },
+    project: {},
     language: {
       dominant: ctx?.dominantLanguage ?? null,
       breakdown: sanitizeNode(ctx?.languageBreakdown),
@@ -1734,7 +1766,6 @@ function sanitizeResultForUpload(result) {
     aiSummary: result.aiSummary ?? null,
     scanTimeMs: result.scanTimeMs
   };
-  return envelope;
 }
 var init_sanitize_result = __esm({
   "src/ml-client/sanitize-result.ts"() {
@@ -1757,20 +1788,23 @@ function csvEscape(val) {
 function row(...cells) {
   return cells.map((c) => csvEscape(String(c))).join(",");
 }
-function renderCsvReport(result) {
+function csvMetadata(result) {
+  return [
+    "VIBEDRIFT REPORT",
+    row("Project", result.context.rootDir.split("/").pop() ?? ""),
+    row("Files Scanned", result.context.files.length),
+    row("Total Lines", result.context.totalLines),
+    row("Scan Time (ms)", result.scanTimeMs),
+    row("Composite Score", result.compositeScore),
+    row("Max Score", result.maxCompositeScore),
+    ""
+  ];
+}
+function csvScoreCategories(result) {
   const lines = [];
-  lines.push("VIBEDRIFT REPORT");
-  lines.push(row("Project", result.context.rootDir.split("/").pop() ?? ""));
-  lines.push(row("Files Scanned", result.context.files.length));
-  lines.push(row("Total Lines", result.context.totalLines));
-  lines.push(row("Scan Time (ms)", result.scanTimeMs));
-  lines.push(row("Composite Score", result.compositeScore));
-  lines.push(row("Max Score", result.maxCompositeScore));
-  lines.push("");
   lines.push("CATEGORY SCORES");
   lines.push(row("Category", "Score", "Max Score", "Finding Count"));
-  const cs = result.scores;
-  for (const [key, val] of Object.entries(cs)) {
+  for (const [key, val] of Object.entries(result.scores)) {
     lines.push(row(key, val.score, val.maxScore, val.findingCount));
   }
   lines.push("");
@@ -1787,95 +1821,125 @@ function renderCsvReport(result) {
     }
     lines.push("");
   }
-  if ((result.driftFindings ?? []).length > 0) {
-    lines.push("DRIFT FINDINGS");
-    lines.push(row("Severity", "Category", "Finding", "Dominant Pattern", "Dominant Count", "Total Files", "Consistency %", "Deviating Files", "Recommendation"));
-    for (const d of result.driftFindings) {
-      const devFiles = d.deviatingFiles.map((f) => f.path).join("; ");
-      lines.push(row(
-        d.severity,
-        d.driftCategory,
-        d.finding,
-        d.dominantPattern,
-        d.dominantCount,
-        d.totalRelevantFiles,
-        d.consistencyScore,
-        devFiles,
-        d.recommendation
-      ));
-    }
-    lines.push("");
+  return lines;
+}
+function csvDriftFindings(result) {
+  if ((result.driftFindings ?? []).length === 0) return [];
+  const lines = [];
+  lines.push("DRIFT FINDINGS");
+  lines.push(row("Severity", "Category", "Finding", "Dominant Pattern", "Dominant Count", "Total Files", "Consistency %", "Deviating Files", "Recommendation"));
+  for (const d of result.driftFindings) {
+    const devFiles = d.deviatingFiles.map((f) => f.path).join("; ");
+    lines.push(row(
+      d.severity,
+      d.driftCategory,
+      d.finding,
+      d.dominantPattern,
+      d.dominantCount,
+      d.totalRelevantFiles,
+      d.consistencyScore,
+      devFiles,
+      d.recommendation
+    ));
   }
-  const dna = result.codeDnaResult;
-  if (dna) {
-    if (dna.duplicateGroups?.length > 0) {
-      lines.push("CODE DNA: SEMANTIC DUPLICATES");
-      lines.push(row("Group", "Functions", "Files"));
-      for (const g of dna.duplicateGroups) {
-        const fns = g.functions.map((f) => f.name + "()").join("; ");
-        const files = g.functions.map((f) => f.relativePath || f.file).join("; ");
-        lines.push(row(g.groupId, fns, files));
-      }
-      lines.push("");
-    }
-    if (dna.sequenceSimilarities?.length > 0) {
-      lines.push("CODE DNA: OPERATION SEQUENCE MATCHES");
-      lines.push(row("Function A", "File A", "Function B", "File B", "Similarity %"));
-      for (const s of dna.sequenceSimilarities) {
-        lines.push(row(
-          s.functionA.name,
-          s.functionA.relativePath || s.functionA.file,
-          s.functionB.name,
-          s.functionB.relativePath || s.functionB.file,
-          Math.round(s.similarity * 100)
-        ));
-      }
-      lines.push("");
-    }
-    if (dna.taintFlows?.length > 0) {
-      lines.push("CODE DNA: TAINT FLOWS");
-      lines.push(row("File", "Function", "Source Type", "Source Line", "Sink Type", "Sink Line", "Sanitized"));
-      for (const t of dna.taintFlows) {
-        lines.push(row(
-          t.relativePath || t.file,
-          t.functionName,
-          t.source.type,
-          t.source.line,
-          t.sink.type,
-          t.sink.line,
-          t.sanitized ? "Yes" : "No"
-        ));
-      }
-      lines.push("");
-    }
-    if (dna.deviationJustifications?.length > 0) {
-      lines.push("CODE DNA: DEVIATION ANALYSIS");
-      lines.push(row("File", "Deviating Pattern", "Dominant Pattern", "Verdict", "Score"));
-      for (const dj of dna.deviationJustifications) {
-        lines.push(row(
-          dj.relativePath || dj.file,
-          dj.deviatingPattern,
-          dj.dominantPattern,
-          dj.verdict,
-          Math.round(dj.justificationScore * 100)
-        ));
-      }
-      lines.push("");
-    }
-    if (dna.patternDistributions?.length > 0) {
-      lines.push("CODE DNA: PATTERN DISTRIBUTIONS");
-      lines.push(row("File", "Dominant Pattern", "Confidence", "Internally Inconsistent"));
-      for (const pd of dna.patternDistributions) {
-        lines.push(row(
-          pd.relativePath || pd.file,
-          pd.dominantPattern,
-          Math.round(pd.confidence * 100),
-          pd.isInternallyInconsistent ? "Yes" : "No"
-        ));
-      }
-      lines.push("");
-    }
+  lines.push("");
+  return lines;
+}
+function csvDuplicateGroups(dna) {
+  if (!dna.duplicateGroups?.length) return [];
+  const lines = [];
+  lines.push("CODE DNA: SEMANTIC DUPLICATES");
+  lines.push(row("Group", "Functions", "Files"));
+  for (const g of dna.duplicateGroups) {
+    const fns = g.functions.map((f) => f.name + "()").join("; ");
+    const files = g.functions.map((f) => f.relativePath || f.file).join("; ");
+    lines.push(row(g.groupId, fns, files));
+  }
+  lines.push("");
+  return lines;
+}
+function csvSequenceSimilarities(dna) {
+  if (!dna.sequenceSimilarities?.length) return [];
+  const lines = [];
+  lines.push("CODE DNA: OPERATION SEQUENCE MATCHES");
+  lines.push(row("Function A", "File A", "Function B", "File B", "Similarity %"));
+  for (const s of dna.sequenceSimilarities) {
+    lines.push(row(
+      s.functionA.name,
+      s.functionA.relativePath || s.functionA.file,
+      s.functionB.name,
+      s.functionB.relativePath || s.functionB.file,
+      Math.round(s.similarity * 100)
+    ));
+  }
+  lines.push("");
+  return lines;
+}
+function csvTaintFlows(dna) {
+  if (!dna.taintFlows?.length) return [];
+  const lines = [];
+  lines.push("CODE DNA: TAINT FLOWS");
+  lines.push(row("File", "Function", "Source Type", "Source Line", "Sink Type", "Sink Line", "Sanitized"));
+  for (const t of dna.taintFlows) {
+    lines.push(row(
+      t.relativePath || t.file,
+      t.functionName,
+      t.source.type,
+      t.source.line,
+      t.sink.type,
+      t.sink.line,
+      t.sanitized ? "Yes" : "No"
+    ));
+  }
+  lines.push("");
+  return lines;
+}
+function csvDeviations(dna) {
+  if (!dna.deviationJustifications?.length) return [];
+  const lines = [];
+  lines.push("CODE DNA: DEVIATION ANALYSIS");
+  lines.push(row("File", "Deviating Pattern", "Dominant Pattern", "Verdict", "Score"));
+  for (const dj of dna.deviationJustifications) {
+    lines.push(row(
+      dj.relativePath || dj.file,
+      dj.deviatingPattern,
+      dj.dominantPattern,
+      dj.verdict,
+      Math.round(dj.justificationScore * 100)
+    ));
   }
+  lines.push("");
+  return lines;
+}
+function csvPatterns(dna) {
+  if (!dna.patternDistributions?.length) return [];
+  const lines = [];
+  lines.push("CODE DNA: PATTERN DISTRIBUTIONS");
+  lines.push(row("File", "Dominant Pattern", "Confidence", "Internally Inconsistent"));
+  for (const pd of dna.patternDistributions) {
+    lines.push(row(
+      pd.relativePath || pd.file,
+      pd.dominantPattern,
+      Math.round(pd.confidence * 100),
+      pd.isInternallyInconsistent ? "Yes" : "No"
+    ));
+  }
+  lines.push("");
+  return lines;
+}
+function csvCodeDna(result) {
+  const dna = result.codeDnaResult;
+  if (!dna) return [];
+  return [
+    ...csvDuplicateGroups(dna),
+    ...csvSequenceSimilarities(dna),
+    ...csvTaintFlows(dna),
+    ...csvDeviations(dna),
+    ...csvPatterns(dna)
+  ];
+}
+function csvFindings(result) {
+  const lines = [];
   lines.push("ALL FINDINGS");
   lines.push(row("Severity", "Analyzer", "Confidence %", "Message", "File", "Line", "Tags"));
   for (const f of result.findings) {
@@ -1891,6 +1955,10 @@ function renderCsvReport(result) {
     ));
   }
   lines.push("");
+  return lines;
+}
+function csvPerFileScores(result) {
+  const lines = [];
   lines.push("PER-FILE SCORES");
   lines.push(row("File", "Score", "Finding Count"));
   const fileSorted = [...result.perFileScores.entries()].sort((a, b) => a[1].score - b[1].score);
@@ -1898,21 +1966,35 @@ function renderCsvReport(result) {
     lines.push(row(path2, data.score, data.findings.length));
   }
   lines.push("");
-  if ((result.deepInsights ?? []).length > 0) {
-    lines.push("DEEP ANALYSIS INSIGHTS");
-    lines.push(row("Category", "Severity", "Title", "Description", "Related Files", "Recommendation"));
-    for (const ins of result.deepInsights) {
-      lines.push(row(
-        ins.category,
-        ins.severity,
-        ins.title,
-        ins.description,
-        ins.relatedFiles.join("; "),
-        ins.recommendation ?? ""
-      ));
-    }
+  return lines;
+}
+function csvAiSummary(result) {
+  if ((result.deepInsights ?? []).length === 0) return [];
+  const lines = [];
+  lines.push("DEEP ANALYSIS INSIGHTS");
+  lines.push(row("Category", "Severity", "Title", "Description", "Related Files", "Recommendation"));
+  for (const ins of result.deepInsights) {
+    lines.push(row(
+      ins.category,
+      ins.severity,
+      ins.title,
+      ins.description,
+      ins.relatedFiles.join("; "),
+      ins.recommendation ?? ""
+    ));
   }
-  return lines.join("\n");
+  return lines;
+}
+function renderCsvReport(result) {
+  return [
+    ...csvMetadata(result),
+    ...csvScoreCategories(result),
+    ...csvDriftFindings(result),
+    ...csvCodeDna(result),
+    ...csvFindings(result),
+    ...csvPerFileScores(result),
+    ...csvAiSummary(result)
+  ].join("\n");
 }
 var init_csv = __esm({
   "src/output/csv.ts"() {
@@ -2048,7 +2130,10 @@ function tableRow(cells) {
 function hr() {
   return `<w:p><w:pPr><w:pBdr><w:bottom w:val="single" w:sz="4" w:space="1" w:color="CCCCCC"/></w:pBdr></w:pPr></w:p>`;
 }
-function buildDocumentXml(result) {
+function wrapTable(rows) {
+  return `<w:tbl><w:tblPr>${TABLE_BORDERS}<w:tblW w:w="5000" w:type="pct"/></w:tblPr>${rows}</w:tbl>`;
+}
+function buildDocxTitlePage(result) {
   const parts = [];
   const name = result.context.rootDir.split("/").pop() ?? "project";
   const date = (/* @__PURE__ */ new Date()).toLocaleDateString("en-US", { month: "long", day: "numeric", year: "numeric" });
@@ -2058,6 +2143,10 @@ function buildDocumentXml(result) {
   const langs = [...result.context.languageBreakdown.entries()].map(([l, s]) => `${l}: ${s.files} files`).join(", ");
   parts.push(para(`Languages: ${langs}`));
   parts.push(hr());
+  return parts.join("\n    ");
+}
+function buildDocxScoreTable(result) {
+  const parts = [];
   const pct = result.maxCompositeScore > 0 ? result.compositeScore / result.maxCompositeScore * 100 : 0;
   const grade = pct >= 90 ? "A" : pct >= 75 ? "B" : pct >= 50 ? "C" : pct >= 25 ? "D" : "F";
   parts.push(para("1. SCORE SUMMARY", "Heading1"));
@@ -2071,24 +2160,27 @@ function buildDocumentXml(result) {
     ["Convention Drift", ds.naming_conventions],
     ["Phantom Scaffolding", ds.phantom_scaffolding]
   ];
-  parts.push(tableRow([
+  const headerRow = tableRow([
     tableCellSimple("Category", "D9E2F3", true),
     tableCellSimple("Score", "D9E2F3", true),
     tableCellSimple("Max", "D9E2F3", true),
     tableCellSimple("Findings", "D9E2F3", true)
-  ]));
-  for (const [catName, catScore] of catRows) {
+  ]);
+  const dataRows = catRows.map(([catName, catScore]) => {
     const cs = catScore;
-    parts.push(tableRow([
+    return tableRow([
       tableCellSimple(catName),
       tableCellSimple(String(cs?.score ?? 0)),
       tableCellSimple(String(cs?.maxScore ?? 0)),
       tableCellSimple(String(cs?.findings ?? 0))
-    ]));
-  }
-  const scoreTable = `<w:tbl><w:tblPr><w:tblBorders><w:top w:val="single" w:sz="4" w:color="CCCCCC"/><w:bottom w:val="single" w:sz="4" w:color="CCCCCC"/><w:insideH w:val="single" w:sz="4" w:color="E0E0E0"/><w:insideV w:val="single" w:sz="4" w:color="E0E0E0"/></w:tblBorders><w:tblW w:w="5000" w:type="pct"/></w:tblPr>${parts.splice(-6).join("")}</w:tbl>`;
-  parts.push(scoreTable);
+    ]);
+  }).join("");
+  parts.push(wrapTable(headerRow + dataRows));
   parts.push(hr());
+  return parts.join("\n    ");
+}
+function buildDocxIntentSection(result) {
+  const parts = [];
   parts.push(para("2. CODEBASE INTENT", "Heading1"));
   parts.push(para("The following patterns represent the dominant approach established by the majority of files in this codebase."));
   parts.push(para(""));
@@ -2102,6 +2194,10 @@ function buildDocumentXml(result) {
   }
   if (intentSeen.size === 0) parts.push(para("No dominant patterns detected \u2014 codebase may be too small or highly consistent."));
   parts.push(hr());
+  return parts.join("\n    ");
+}
+function buildDocxDriftSection(result) {
+  const parts = [];
   parts.push(para("3. DRIFT FINDINGS", "Heading1"));
   parts.push(para(`${(result.driftFindings ?? []).length} cross-file contradictions detected.`));
   parts.push(para(""));
@@ -2132,51 +2228,80 @@ function buildDocumentXml(result) {
     }
     parts.push(hr());
   }
-  const dna = result.codeDnaResult;
-  if (dna) {
-    parts.push(para("4. CODE DNA ANALYSIS", "Heading1"));
-    parts.push(para(`${dna.functions?.length ?? 0} functions analyzed in ${dna.timings?.totalMs ?? 0}ms. ${dna.findings?.length ?? 0} findings.`));
-    parts.push(para(""));
-    if (dna.duplicateGroups?.length > 0) {
-      parts.push(para("Semantic Fingerprint Duplicates", "Heading2"));
-      for (const g of dna.duplicateGroups) {
-        const fns = g.functions.map((f) => `${f.name}() in ${f.relativePath || f.file}`).join(", ");
-        parts.push(para(`  Group: ${fns}`));
-      }
-      parts.push(para(""));
-    }
-    if (dna.sequenceSimilarities?.length > 0) {
-      parts.push(para("Operation Sequence Matches", "Heading2"));
-      for (const s of dna.sequenceSimilarities) {
-        parts.push(para(`  ${Math.round(s.similarity * 100)}% match: ${s.functionA.name}() in ${s.functionA.relativePath || s.functionA.file} \u2194 ${s.functionB.name}() in ${s.functionB.relativePath || s.functionB.file}`));
-      }
-      parts.push(para(""));
-    }
-    if (dna.taintFlows?.length > 0) {
-      parts.push(para("Taint Flows", "Heading2"));
-      for (const t of dna.taintFlows) {
-        parts.push(para(`  [${t.sink.severity.toUpperCase()}] ${t.functionName}() in ${t.relativePath || t.file}: ${t.source.type} (line ${t.source.line}) \u2192 ${t.sink.type} (line ${t.sink.line}) \u2014 ${t.sanitized ? "SANITIZED" : "UNSANITIZED"}`));
-      }
-      parts.push(para(""));
-    }
-    if (dna.deviationJustifications?.length > 0) {
-      parts.push(para("Deviation Justification Analysis", "Heading2"));
-      for (const dj of dna.deviationJustifications) {
-        const verdict = dj.verdict === "likely_justified" ? "JUSTIFIED" : dj.verdict === "likely_accidental" ? "ACCIDENTAL" : "UNCERTAIN";
-        parts.push(para(`  [${verdict}] ${dj.relativePath || dj.file}: uses ${dj.deviatingPattern} vs project ${dj.dominantPattern} (score: ${Math.round(dj.justificationScore * 100)}%)`));
-      }
-      parts.push(para(""));
-    }
-    if (dna.patternDistributions?.length > 0) {
-      parts.push(para("Pattern Classification", "Heading2"));
-      for (const pd of dna.patternDistributions) {
-        const mixed = pd.isInternallyInconsistent ? " [MIXED]" : "";
-        parts.push(para(`  ${pd.relativePath || pd.file}: ${pd.dominantPattern} (${Math.round(pd.confidence * 100)}% confidence)${mixed}`));
-      }
-      parts.push(para(""));
-    }
-    parts.push(hr());
+  return parts.join("\n    ");
+}
+function docxDnaDuplicates(dna) {
+  if (!dna.duplicateGroups?.length) return [];
+  const parts = [];
+  parts.push(para("Semantic Fingerprint Duplicates", "Heading2"));
+  for (const g of dna.duplicateGroups) {
+    const fns = g.functions.map((f) => `${f.name}() in ${f.relativePath || f.file}`).join(", ");
+    parts.push(para(`  Group: ${fns}`));
+  }
+  parts.push(para(""));
+  return parts;
+}
+function docxDnaSequences(dna) {
+  if (!dna.sequenceSimilarities?.length) return [];
+  const parts = [];
+  parts.push(para("Operation Sequence Matches", "Heading2"));
+  for (const s of dna.sequenceSimilarities) {
+    parts.push(para(`  ${Math.round(s.similarity * 100)}% match: ${s.functionA.name}() in ${s.functionA.relativePath || s.functionA.file} \u2194 ${s.functionB.name}() in ${s.functionB.relativePath || s.functionB.file}`));
+  }
+  parts.push(para(""));
+  return parts;
+}
+function docxDnaTaintFlows(dna) {
+  if (!dna.taintFlows?.length) return [];
+  const parts = [];
+  parts.push(para("Taint Flows", "Heading2"));
+  for (const t of dna.taintFlows) {
+    parts.push(para(`  [${t.sink.severity.toUpperCase()}] ${t.functionName}() in ${t.relativePath || t.file}: ${t.source.type} (line ${t.source.line}) \u2192 ${t.sink.type} (line ${t.sink.line}) \u2014 ${t.sanitized ? "SANITIZED" : "UNSANITIZED"}`));
+  }
+  parts.push(para(""));
+  return parts;
+}
+function docxDnaDeviations(dna) {
+  if (!dna.deviationJustifications?.length) return [];
+  const parts = [];
+  parts.push(para("Deviation Justification Analysis", "Heading2"));
+  for (const dj of dna.deviationJustifications) {
+    const verdict = dj.verdict === "likely_justified" ? "JUSTIFIED" : dj.verdict === "likely_accidental" ? "ACCIDENTAL" : "UNCERTAIN";
+    parts.push(para(`  [${verdict}] ${dj.relativePath || dj.file}: uses ${dj.deviatingPattern} vs project ${dj.dominantPattern} (score: ${Math.round(dj.justificationScore * 100)}%)`));
+  }
+  parts.push(para(""));
+  return parts;
+}
+function docxDnaPatterns(dna) {
+  if (!dna.patternDistributions?.length) return [];
+  const parts = [];
+  parts.push(para("Pattern Classification", "Heading2"));
+  for (const pd of dna.patternDistributions) {
+    const mixed = pd.isInternallyInconsistent ? " [MIXED]" : "";
+    parts.push(para(`  ${pd.relativePath || pd.file}: ${pd.dominantPattern} (${Math.round(pd.confidence * 100)}% confidence)${mixed}`));
   }
+  parts.push(para(""));
+  return parts;
+}
+function buildDocxCodeDnaSection(result) {
+  const dna = result.codeDnaResult;
+  if (!dna) return "";
+  const parts = [];
+  parts.push(para("4. CODE DNA ANALYSIS", "Heading1"));
+  parts.push(para(`${dna.functions?.length ?? 0} functions analyzed in ${dna.timings?.totalMs ?? 0}ms. ${dna.findings?.length ?? 0} findings.`));
+  parts.push(para(""));
+  parts.push(
+    ...docxDnaDuplicates(dna),
+    ...docxDnaSequences(dna),
+    ...docxDnaTaintFlows(dna),
+    ...docxDnaDeviations(dna),
+    ...docxDnaPatterns(dna)
+  );
+  parts.push(hr());
+  return parts.join("\n    ");
+}
+function buildDocxPerFileTable(result) {
+  const parts = [];
   parts.push(para("5. FILE RANKING", "Heading1"));
   const fileSorted = [...result.perFileScores.entries()].sort((a, b) => a[1].score - b[1].score);
   parts.push(para(`${fileSorted.length} files scanned. Ranked worst to best.`));
@@ -2197,8 +2322,12 @@ function buildDocumentXml(result) {
       tableCellSimple(String(staticCount))
     ]);
   }).join("");
-  parts.push(`<w:tbl><w:tblPr><w:tblBorders><w:top w:val="single" w:sz="4" w:color="CCCCCC"/><w:bottom w:val="single" w:sz="4" w:color="CCCCCC"/><w:insideH w:val="single" w:sz="4" w:color="E0E0E0"/><w:insideV w:val="single" w:sz="4" w:color="E0E0E0"/></w:tblBorders><w:tblW w:w="5000" w:type="pct"/></w:tblPr>${fileHeaderRow}${fileDataRows}</w:tbl>`);
+  parts.push(wrapTable(fileHeaderRow + fileDataRows));
   parts.push(hr());
+  return parts.join("\n    ");
+}
+function buildDocxFindingsTable(result) {
+  const parts = [];
   parts.push(para("6. STATIC ANALYSIS FINDINGS", "Heading1"));
   const statics = result.findings.filter((f) => !f.tags?.includes("drift") && !f.tags?.includes("codedna"));
   parts.push(para(`${statics.length} findings from ${13} static analyzers.`));
@@ -2211,28 +2340,49 @@ function buildDocumentXml(result) {
   }
   if (statics.length > 50) parts.push(para(`... and ${statics.length - 50} more findings.`));
   parts.push(hr());
-  if ((result.deepInsights ?? []).length > 0) {
-    parts.push(para("7. DEEP ANALYSIS INSIGHTS (AI-POWERED)", "Heading1"));
-    for (const ins of result.deepInsights) {
-      const sevStr = ins.severity === "error" ? "CRITICAL" : ins.severity === "warning" ? "WARNING" : "INFO";
-      parts.push(para(`[${sevStr}] ${ins.title}`, "Heading2"));
-      parts.push(para(ins.description));
-      if (ins.relatedFiles.length > 0) parts.push(para(`  Files: ${ins.relatedFiles.join(", ")}`));
-      if (ins.recommendation) {
-        parts.push(boldPara("Recommendation:", "00D4FF"));
-        parts.push(para(`  ${ins.recommendation}`));
-      }
-      parts.push(para(""));
+  return parts.join("\n    ");
+}
+function buildDocxDeepInsights(result) {
+  if ((result.deepInsights ?? []).length === 0) return "";
+  const parts = [];
+  parts.push(para("7. DEEP ANALYSIS INSIGHTS (AI-POWERED)", "Heading1"));
+  for (const ins of result.deepInsights) {
+    const sevStr = ins.severity === "error" ? "CRITICAL" : ins.severity === "warning" ? "WARNING" : "INFO";
+    parts.push(para(`[${sevStr}] ${ins.title}`, "Heading2"));
+    parts.push(para(ins.description));
+    if (ins.relatedFiles.length > 0) parts.push(para(`  Files: ${ins.relatedFiles.join(", ")}`));
+    if (ins.recommendation) {
+      parts.push(boldPara("Recommendation:", "00D4FF"));
+      parts.push(para(`  ${ins.recommendation}`));
     }
-    parts.push(hr());
+    parts.push(para(""));
   }
+  parts.push(hr());
+  return parts.join("\n    ");
+}
+function buildDocxFooter(result) {
+  const parts = [];
   parts.push(para(""));
   parts.push(para(`Generated by VibeDrift v${getVersion()} | ${result.context.files.length} files | ${result.context.totalLines.toLocaleString()} lines | ${(result.scanTimeMs / 1e3).toFixed(1)}s | No data sent externally`));
   parts.push(para("Re-scan: npx vibedrift ."));
+  return parts.join("\n    ");
+}
+function buildDocumentXml(result) {
+  const sections = [
+    buildDocxTitlePage(result),
+    buildDocxScoreTable(result),
+    buildDocxIntentSection(result),
+    buildDocxDriftSection(result),
+    buildDocxCodeDnaSection(result),
+    buildDocxPerFileTable(result),
+    buildDocxFindingsTable(result),
+    buildDocxDeepInsights(result),
+    buildDocxFooter(result)
+  ].filter(Boolean);
   return `<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <w:document xmlns:w="${W}">
   <w:body>
-    ${parts.join("\n    ")}
+    ${sections.join("\n    ")}
     <w:sectPr>
       <w:pgSz w:w="12240" w:h="15840"/>
       <w:pgMar w:top="1440" w:right="1440" w:bottom="1440" w:left="1440"/>
@@ -2250,13 +2400,14 @@ function renderDocxReport(result) {
   ];
   return buildZip(entries);
 }
-var W;
+var W, TABLE_BORDERS;
 var init_docx = __esm({
   "src/output/docx.ts"() {
     "use strict";
     init_esm_shims();
     init_version();
     W = "http://schemas.openxmlformats.org/wordprocessingml/2006/main";
+    TABLE_BORDERS = `<w:tblBorders><w:top w:val="single" w:sz="4" w:color="CCCCCC"/><w:bottom w:val="single" w:sz="4" w:color="CCCCCC"/><w:insideH w:val="single" w:sz="4" w:color="E0E0E0"/><w:insideV w:val="single" w:sz="4" w:color="E0E0E0"/></w:tblBorders>`;
   }
 });
 
@@ -5153,20 +5304,7 @@ function buildPatternDistribution(profiles) {
   }
   return counts;
 }
-function analyzePatternDistribution(profiles, patternNames) {
-  const counts = buildPatternDistribution(profiles);
-  if (counts.size < 2) return null;
-  let dominant = null;
-  let dominantCount = 0;
-  for (const [pattern, data] of counts) {
-    if (data.count > dominantCount) {
-      dominantCount = data.count;
-      dominant = pattern;
-    }
-  }
-  if (!dominant) return null;
-  const totalFiles = profiles.length;
-  const consistencyScore = Math.round(dominantCount / totalFiles * 100);
+function collectDeviatingFiles(counts, dominant, profiles, patternNames) {
   const deviating = [];
   for (const [pattern, data] of counts) {
     if (pattern === dominant) continue;
@@ -5180,6 +5318,29 @@ function analyzePatternDistribution(profiles, patternNames) {
       });
     }
   }
+  return deviating;
+}
+function findDominantPattern(counts) {
+  let dominant = null;
+  let dominantCount = 0;
+  for (const [pattern, data] of counts) {
+    if (data.count > dominantCount) {
+      dominantCount = data.count;
+      dominant = pattern;
+    }
+  }
+  if (!dominant) return null;
+  return { dominant, dominantCount };
+}
+function analyzePatternDistribution(profiles, patternNames) {
+  const counts = buildPatternDistribution(profiles);
+  if (counts.size < 2) return null;
+  const result = findDominantPattern(counts);
+  if (!result) return null;
+  const { dominant, dominantCount } = result;
+  const totalFiles = profiles.length;
+  const consistencyScore = Math.round(dominantCount / totalFiles * 100);
+  const deviating = collectDeviatingFiles(counts, dominant, profiles, patternNames);
   if (deviating.length === 0) return null;
   return {
     detector: "architectural_consistency",
@@ -5281,13 +5442,25 @@ function classifyName(name) {
   if (/^[a-z][a-z0-9]*$/.test(name)) return "camelCase";
   return null;
 }
-function isIdiomatic(name, convention, symbolType, language) {
-  if (language === "go" && convention === "PascalCase" && /^[A-Z]/.test(name)) return true;
-  if (language === "go" && /^(?:HTTP|URL|ID|JSON|XML|SQL|API|DNS|TCP|UDP|IP|TLS|SSH|EOF)/.test(name)) return true;
-  if ((language === "javascript" || language === "typescript") && symbolType === "class" && convention === "PascalCase") return true;
-  if ((language === "javascript" || language === "typescript") && symbolType === "function" && convention === "PascalCase" && /^[A-Z]\w*$/.test(name)) return true;
-  if (language === "python" && symbolType === "class" && convention === "PascalCase") return true;
-  if (language === "python" && name.startsWith("__") && name.endsWith("__")) return true;
+function isIdiomaticGo(name, convention) {
+  if (convention === "PascalCase" && /^[A-Z]/.test(name)) return true;
+  if (/^(?:HTTP|URL|ID|JSON|XML|SQL|API|DNS|TCP|UDP|IP|TLS|SSH|EOF)/.test(name)) return true;
+  return false;
+}
+function isIdiomaticJsTs(name, convention, symbolType) {
+  if (symbolType === "class" && convention === "PascalCase") return true;
+  if (symbolType === "function" && convention === "PascalCase" && /^[A-Z]\w*$/.test(name)) return true;
+  return false;
+}
+function isIdiomaticPython(name, convention, symbolType) {
+  if (symbolType === "class" && convention === "PascalCase") return true;
+  if (name.startsWith("__") && name.endsWith("__")) return true;
+  return false;
+}
+function isIdiomatic(name, convention, symbolType, language) {
+  if (language === "go" && isIdiomaticGo(name, convention)) return true;
+  if ((language === "javascript" || language === "typescript") && isIdiomaticJsTs(name, convention, symbolType)) return true;
+  if (language === "python" && isIdiomaticPython(name, convention, symbolType)) return true;
   if (symbolType === "constant" && convention === "SCREAMING_SNAKE") return true;
   return false;
 }
@@ -5382,6 +5555,68 @@ function analyzeFileNaming(files) {
     recommendation: `Standardize file names to ${dominant}. ${deviating.length} files use a different convention.`
   };
 }
+function collectDeviantFiles(convCounts, dominant) {
+  const fileDeviants = /* @__PURE__ */ new Map();
+  for (const [conv, syms] of convCounts) {
+    if (conv === dominant) continue;
+    for (const s of syms) {
+      if (!fileDeviants.has(s.file)) fileDeviants.set(s.file, []);
+      fileDeviants.get(s.file).push(s);
+    }
+  }
+  const deviatingFiles = [];
+  for (const [filePath, syms] of fileDeviants) {
+    const uniqueConventions = [...new Set(syms.map((s) => s.convention))];
+    deviatingFiles.push({
+      path: filePath,
+      detectedPattern: uniqueConventions.join(", "),
+      evidence: syms.slice(0, 3).map((s) => ({ line: s.line, code: s.name }))
+    });
+  }
+  return deviatingFiles;
+}
+function buildConventionFinding(type, dominant, maxCount, totalSymbols, deviatingFiles) {
+  const deviantCount = totalSymbols - maxCount;
+  const consistencyScore = Math.round(maxCount / totalSymbols * 100);
+  return {
+    detector: "naming_conventions",
+    subCategory: `${type}_names`,
+    driftCategory: "naming_conventions",
+    severity: deviatingFiles.length > 5 ? "error" : "warning",
+    confidence: 0.8,
+    finding: `${type} naming convention oscillates: ${maxCount} use ${dominant}, ${deviantCount} use other conventions \u2014 likely from different AI sessions`,
+    dominantPattern: dominant,
+    dominantCount: maxCount,
+    totalRelevantFiles: totalSymbols,
+    consistencyScore,
+    deviatingFiles: deviatingFiles.slice(0, 10),
+    recommendation: `${maxCount} of ${totalSymbols} ${type} names use ${dominant}. Standardize deviating names.`
+  };
+}
+function analyzeSymbolTypeConventions(type, typeSymbols) {
+  if (typeSymbols.length < 3) return null;
+  const convCounts = /* @__PURE__ */ new Map();
+  for (const s of typeSymbols) {
+    if (!convCounts.has(s.convention)) convCounts.set(s.convention, []);
+    convCounts.get(s.convention).push(s);
+  }
+  if (convCounts.size < 2) return null;
+  let dominant = null;
+  let maxCount = 0;
+  for (const [conv, syms] of convCounts) {
+    if (syms.length > maxCount) {
+      maxCount = syms.length;
+      dominant = conv;
+    }
+  }
+  if (!dominant) return null;
+  const totalSymbols = typeSymbols.length;
+  const deviantCount = totalSymbols - maxCount;
+  if (deviantCount < 3 || deviantCount / totalSymbols < 0.1) return null;
+  const deviatingFiles = collectDeviantFiles(convCounts, dominant);
+  if (deviatingFiles.length < 2) return null;
+  return buildConventionFinding(type, dominant, maxCount, totalSymbols, deviatingFiles);
+}
 var conventionOscillation = {
   id: "convention-oscillation",
   name: "Naming Convention Oscillation",
@@ -5396,62 +5631,8 @@ var conventionOscillation = {
     const symbolTypes = [...new Set(allSymbols.map((s) => s.symbolType))];
     for (const type of symbolTypes) {
       const typeSymbols = allSymbols.filter((s) => s.symbolType === type);
-      if (typeSymbols.length < 3) continue;
-      const convCounts = /* @__PURE__ */ new Map();
-      for (const s of typeSymbols) {
-        if (!convCounts.has(s.convention)) convCounts.set(s.convention, []);
-        convCounts.get(s.convention).push(s);
-      }
-      if (convCounts.size < 2) continue;
-      let dominant = null;
-      let maxCount = 0;
-      for (const [conv, syms] of convCounts) {
-        if (syms.length > maxCount) {
-          maxCount = syms.length;
-          dominant = conv;
-        }
-      }
-      if (!dominant) continue;
-      const totalSymbols = typeSymbols.length;
-      const consistencyScore = Math.round(maxCount / totalSymbols * 100);
-      const deviantCount = totalSymbols - maxCount;
-      if (deviantCount < 3 || deviantCount / totalSymbols < 0.1) continue;
-      const fileDeviants = /* @__PURE__ */ new Map();
-      for (const [conv, syms] of convCounts) {
-        if (conv === dominant) continue;
-        for (const s of syms) {
-          if (!fileDeviants.has(s.file)) fileDeviants.set(s.file, []);
-          fileDeviants.get(s.file).push(s);
-        }
-      }
-      const deviatingFiles = [];
-      for (const [filePath, syms] of fileDeviants) {
-        const uniqueConventions = [...new Set(syms.map((s) => s.convention))];
-        deviatingFiles.push({
-          path: filePath,
-          detectedPattern: uniqueConventions.join(", "),
-          evidence: syms.slice(0, 3).map((s) => ({ line: s.line, code: s.name }))
-        });
-      }
-      if (deviatingFiles.length < 2) continue;
-      const distribution = {};
-      for (const [conv, syms] of convCounts) {
-        distribution[conv] = syms.length;
-      }
-      findings.push({
-        detector: "naming_conventions",
-        subCategory: `${type}_names`,
-        driftCategory: "naming_conventions",
-        severity: deviatingFiles.length > 5 ? "error" : "warning",
-        confidence: 0.8,
-        finding: `${type} naming convention oscillates: ${maxCount} use ${dominant}, ${deviantCount} use other conventions \u2014 likely from different AI sessions`,
-        dominantPattern: dominant,
-        dominantCount: maxCount,
-        totalRelevantFiles: totalSymbols,
-        consistencyScore,
-        deviatingFiles: deviatingFiles.slice(0, 10),
-        recommendation: `${maxCount} of ${totalSymbols} ${type} names use ${dominant}. Standardize deviating names.`
-      });
+      const finding = analyzeSymbolTypeConventions(type, typeSymbols);
+      if (finding) findings.push(finding);
     }
     const fileNaming = analyzeFileNaming(ctx.files);
     if (fileNaming) findings.push(fileNaming);
@@ -5666,33 +5847,48 @@ function isInterfaceImplPair(a, b) {
   const bIsInterface = /(?:interface|store|contract|abstract|base|types)\./i.test(b.file) || b.bodyTokenCount < 10;
   return aIsInterface && !bIsInterface || !aIsInterface && bIsInterface;
 }
-function areSemanticallySimlar(a, b) {
+function isConventionalName(name) {
+  return CONVENTION_NAMES.has(name.toLowerCase());
+}
+function areStructurallySimilar(a, b) {
   if (a.domainCategory !== b.domainCategory || a.domainCategory === "general") return false;
   if (a.file === b.file) return false;
   if (Math.abs(a.paramCount - b.paramCount) > 1) return false;
   const sizeRatio = Math.min(a.bodyTokenCount, b.bodyTokenCount) / Math.max(a.bodyTokenCount, b.bodyTokenCount);
-  if (sizeRatio < 0.4) return false;
-  const nameA = a.name.toLowerCase();
-  const nameB = b.name.toLowerCase();
-  if (CONVENTION_NAMES.has(nameA) || CONVENTION_NAMES.has(nameB)) return false;
-  if (nameA === nameB && /(?:handler|controller|resource|api)/i.test(a.file) && /(?:handler|controller|resource|api)/i.test(b.file)) {
-    if (["list", "get", "create", "update", "delete", "find", "search"].includes(nameA)) return false;
-  }
-  if (nameA === nameB && isInterfaceImplPair(a, b)) return false;
+  return sizeRatio >= 0.4;
+}
+function areNamesSimilar(nameA, nameB, hashA, hashB, tokenCountA) {
+  if (nameA === nameB) return true;
+  if (nameA.length >= 6 && nameB.length >= 6 && levenshtein(nameA, nameB) <= 3) return true;
+  if (hashA === hashB && tokenCountA > 20) return true;
+  return false;
+}
+function isLayerPair(a, b) {
   const aIsRepo = /(?:repository|repo|store|postgres|mysql|mongo|dal)/i.test(a.file);
   const bIsRepo = /(?:repository|repo|store|postgres|mysql|mongo|dal)/i.test(b.file);
   const aIsHandler = /(?:handler|controller|route|endpoint|api)/i.test(a.file);
   const bIsHandler = /(?:handler|controller|route|endpoint|api)/i.test(b.file);
-  if (aIsHandler && bIsRepo || aIsRepo && bIsHandler) return false;
+  if (aIsHandler && bIsRepo || aIsRepo && bIsHandler) return true;
+  const nameA = a.name.toLowerCase();
+  const nameB = b.name.toLowerCase();
   if (nameA === nameB && a.paramCount === b.paramCount) {
-    if (aIsHandler && bIsHandler) return false;
-    if (aIsRepo && bIsRepo) return false;
+    if (aIsHandler && bIsHandler) return true;
+    if (aIsRepo && bIsRepo) return true;
   }
-  if (nameA === nameB) return true;
-  if (nameA.length >= 6 && nameB.length >= 6 && levenshtein(nameA, nameB) <= 3) return true;
-  if (a.bodyHash === b.bodyHash && a.bodyTokenCount > 20) return true;
   return false;
 }
+function areSemanticallySimlar(a, b) {
+  if (!areStructurallySimilar(a, b)) return false;
+  const nameA = a.name.toLowerCase();
+  const nameB = b.name.toLowerCase();
+  if (isConventionalName(nameA) || isConventionalName(nameB)) return false;
+  if (nameA === nameB && /(?:handler|controller|resource|api)/i.test(a.file) && /(?:handler|controller|resource|api)/i.test(b.file)) {
+    if (["list", "get", "create", "update", "delete", "find", "search"].includes(nameA)) return false;
+  }
+  if (nameA === nameB && isInterfaceImplPair(a, b)) return false;
+  if (isLayerPair(a, b)) return false;
+  return areNamesSimilar(nameA, nameB, a.bodyHash, b.bodyHash, a.bodyTokenCount);
+}
 function levenshtein(a, b) {
   const m = a.length, n = b.length;
   if (m === 0) return n;
@@ -5983,8 +6179,7 @@ function detectUnroutedHandlers(allExports, allRoutes, usage) {
   }
   return findings;
 }
-function detectUnusedTypeScaffolding(files, usage) {
-  const findings = [];
+function extractTypeDefinitions(files) {
   const typeDefinitions = [];
   const goMethodReceivers = /* @__PURE__ */ new Set();
   for (const file of files) {
@@ -6014,6 +6209,9 @@ function detectUnusedTypeScaffolding(files, usage) {
       typeDefinitions.push({ name: typeName, file: file.path, line: i + 1 });
     }
   }
+  return typeDefinitions;
+}
+function findUnusedTypes(typeDefinitions, usage) {
   const unusedTypesByFile = /* @__PURE__ */ new Map();
   for (const td of typeDefinitions) {
     const refs = usage.get(td.name);
@@ -6023,6 +6221,12 @@ function detectUnusedTypeScaffolding(files, usage) {
       unusedTypesByFile.get(td.file).push(td);
     }
   }
+  return unusedTypesByFile;
+}
+function detectUnusedTypeScaffolding(files, usage) {
+  const findings = [];
+  const typeDefinitions = extractTypeDefinitions(files);
+  const unusedTypesByFile = findUnusedTypes(typeDefinitions, usage);
   for (const [filePath, unusedTypes] of unusedTypesByFile) {
     if (unusedTypes.length < 3) continue;
     findings.push({
@@ -6465,25 +6669,8 @@ function scoreColorFn(score, max) {
   if (ratio >= 0.5) return chalk.yellow;
   return chalk.red;
 }
-function renderTerminalOutput(result) {
+function renderFindingsList(result) {
   const lines = [];
-  const banner = `  VibeDrift v${getVersion()}  `;
-  const border = "\u2500".repeat(banner.length);
-  lines.push(chalk.cyan(`\u256D${border}\u256E`));
-  lines.push(chalk.cyan(`\u2502${banner}\u2502`));
-  lines.push(chalk.cyan(`\u2570${border}\u256F`));
-  lines.push("");
-  const langCounts = /* @__PURE__ */ new Map();
-  for (const f of result.context.files) {
-    if (f.language) {
-      const label = getLanguageDisplayName(f.language);
-      langCounts.set(label, (langCounts.get(label) ?? 0) + 1);
-    }
-  }
-  const langStr = [...langCounts.entries()].map(([l, c]) => `${l}: ${c}`).join(", ");
-  lines.push(chalk.dim(`Scanning: ${result.context.rootDir}`));
-  lines.push(chalk.dim(`Files: ${result.context.files.length} (${langStr}) | Lines: ${result.context.totalLines.toLocaleString()} | Time: ${(result.scanTimeMs / 1e3).toFixed(1)}s`));
-  lines.push("");
   for (const cat of ALL_CATEGORIES) {
     const config = CATEGORY_CONFIG[cat];
     const s = result.scores[cat];
@@ -6517,6 +6704,10 @@ function renderTerminalOutput(result) {
     }
     lines.push("");
   }
+  return lines;
+}
+function renderCategoryBars(result) {
+  const lines = [];
   lines.push(chalk.bold("\u2500\u2500 Vibe Debt Score \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
   for (const cat of ALL_CATEGORIES) {
     const config = CATEGORY_CONFIG[cat];
@@ -6540,6 +6731,35 @@ function renderTerminalOutput(result) {
   const totalColor = scoreColorFn(result.compositeScore, result.maxCompositeScore);
   lines.push(`  ${padRight("Total Score:", 28)} ${totalColor(`${result.compositeScore.toFixed(0)}/${result.maxCompositeScore}`)}`);
   lines.push("");
+  return lines;
+}
+function renderScoreSection(result) {
+  const lines = [];
+  const banner = `  VibeDrift v${getVersion()}  `;
+  const border = "\u2500".repeat(banner.length);
+  lines.push(chalk.cyan(`\u256D${border}\u256E`));
+  lines.push(chalk.cyan(`\u2502${banner}\u2502`));
+  lines.push(chalk.cyan(`\u2570${border}\u256F`));
+  lines.push("");
+  const langCounts = /* @__PURE__ */ new Map();
+  for (const f of result.context.files) {
+    if (f.language) {
+      const label = getLanguageDisplayName(f.language);
+      langCounts.set(label, (langCounts.get(label) ?? 0) + 1);
+    }
+  }
+  const langStr = [...langCounts.entries()].map(([l, c]) => `${l}: ${c}`).join(", ");
+  lines.push(chalk.dim(`Scanning: ${result.context.rootDir}`));
+  lines.push(chalk.dim(`Files: ${result.context.files.length} (${langStr}) | Lines: ${result.context.totalLines.toLocaleString()} | Time: ${(result.scanTimeMs / 1e3).toFixed(1)}s`));
+  lines.push("");
+  return lines;
+}
+function renderTerminalOutput(result) {
+  const lines = [
+    ...renderScoreSection(result),
+    ...renderFindingsList(result),
+    ...renderCategoryBars(result)
+  ];
   if (result.deepInsights.length > 0) {
     lines.push(chalk.bold("\u2500\u2500 Deep Analysis (AI-Powered) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
     for (const insight of result.deepInsights.slice(0, 10)) {
@@ -6673,8 +6893,7 @@ function extractIntentPatterns(result) {
   }
   return patterns;
 }
-function buildFileCoherence(result) {
-  const entries = [...result.perFileScores.entries()];
+function buildDriftFileMap(result) {
   const driftFiles = /* @__PURE__ */ new Map();
   for (const d of result.driftFindings ?? []) {
     for (const df of d.deviatingFiles) {
@@ -6683,6 +6902,9 @@ function buildFileCoherence(result) {
       driftFiles.get(df.path).push({ category: catKey, pattern: df.detectedPattern });
     }
   }
+  return driftFiles;
+}
+function buildCategorySet(result) {
   const subCatNames = {
     data_access: "Data Access",
     error_handling: "Error Handling",
@@ -6703,9 +6925,12 @@ function buildFileCoherence(result) {
       catSet.set(d.driftCategory, baseCatNames[d.driftCategory]);
     }
   }
-  const dna = result.codeDnaResult;
-  let projectDominantPattern = "";
+  return catSet;
+}
+function buildCodeDnaPatternData(result) {
   const filePatternMap = /* @__PURE__ */ new Map();
+  let projectDominantPattern = "";
+  const dna = result.codeDnaResult;
   if (dna?.patternDistributions?.length > 0) {
     const patternCounts = /* @__PURE__ */ new Map();
     for (const pd of dna.patternDistributions) {
@@ -6721,9 +6946,16 @@ function buildFileCoherence(result) {
         projectDominantPattern = p;
       }
     }
-    if (projectDominantPattern) {
-      catSet.set("codedna_architecture", "Architecture");
-    }
+  }
+  return { projectDominantPattern, filePatternMap };
+}
+function buildFileCoherence(result) {
+  const entries = [...result.perFileScores.entries()];
+  const driftFiles = buildDriftFileMap(result);
+  const catSet = buildCategorySet(result);
+  const { projectDominantPattern, filePatternMap } = buildCodeDnaPatternData(result);
+  if (projectDominantPattern) {
+    catSet.set("codedna_architecture", "Architecture");
   }
   const categories = [...catSet.values()];
   const catKeys = [...catSet.keys()];
@@ -6796,9 +7028,7 @@ function buildCoherenceMatrix(files) {
   const colHeaders = categories.map(
     (c) => `<th style="padding:6px 12px;font-size:11px;color:var(--text-tertiary);text-transform:uppercase;letter-spacing:0.5px;text-align:center;font-weight:600">${esc(c)}</th>`
   ).join("");
-  function fileRow(f, open) {
-    const pctColor = f.alignmentPct >= 100 ? "var(--intent-green)" : f.alignmentPct >= 50 ? "var(--drift-amber)" : "var(--drift-red)";
-    const bgTint = f.alignmentPct < 50 ? "var(--tint-red)" : f.alignmentPct < 100 ? "var(--tint-amber)" : "transparent";
+  function buildAlignmentCells(f) {
     const deviations = [];
     const cells = f.alignments.map((a) => {
       if (a.matches) return `<td style="text-align:center;padding:6px 12px;color:var(--intent-green);font-size:14px">&#9679;</td>`;
@@ -6806,7 +7036,16 @@ function buildCoherenceMatrix(files) {
       deviations.push(`${a.category}: ${a.actual ?? "deviates"}`);
       return `<td style="text-align:center;padding:6px 12px;color:${devColor};font-size:13px" data-tooltip="${esc(a.actual ?? "deviates")}">&#9670;</td>`;
     }).join("");
-    const summary = deviations.length > 0 ? `<td style="padding:6px 12px;font-size:11px;color:var(--text-secondary);max-width:250px">${deviations.map((d) => esc(d)).join("; ")}</td>` : `<td style="padding:6px 12px;font-size:11px;color:var(--intent-green)">Fully aligned</td>`;
+    return { cells, deviations };
+  }
+  function buildDeviationSummary(deviations) {
+    return deviations.length > 0 ? `<td style="padding:6px 12px;font-size:11px;color:var(--text-secondary);max-width:250px">${deviations.map((d) => esc(d)).join("; ")}</td>` : `<td style="padding:6px 12px;font-size:11px;color:var(--intent-green)">Fully aligned</td>`;
+  }
+  function fileRow(f, open) {
+    const pctColor = f.alignmentPct >= 100 ? "var(--intent-green)" : f.alignmentPct >= 50 ? "var(--drift-amber)" : "var(--drift-red)";
+    const bgTint = f.alignmentPct < 50 ? "var(--tint-red)" : f.alignmentPct < 100 ? "var(--tint-amber)" : "transparent";
+    const { cells, deviations } = buildAlignmentCells(f);
+    const summary = buildDeviationSummary(deviations);
     return `<tr style="background:${bgTint}" id="file-${esc(f.path.replace(/[^a-zA-Z0-9]/g, "-"))}">
       <td class="mono" style="padding:6px 12px;font-size:12px;color:var(--text-secondary);white-space:nowrap;max-width:280px;overflow:hidden;text-overflow:ellipsis" data-scroll-to="rank-${esc(f.path.replace(/[^a-zA-Z0-9]/g, "-"))}">${esc(f.path)}</td>
       ${cells}
@@ -7069,6 +7308,66 @@ function buildFixFirst(result) {
   ${cards}
 </section>`;
 }
+function buildDeviatingBlocks(d) {
+  const isConvention = d.driftCategory === "naming_conventions";
+  const devByPattern = /* @__PURE__ */ new Map();
+  for (const df of d.deviatingFiles) {
+    const key = df.detectedPattern;
+    if (!devByPattern.has(key)) devByPattern.set(key, []);
+    devByPattern.get(key).push(df);
+  }
+  if (isConvention && d.deviatingFiles.length > 4) {
+    return [...devByPattern.entries()].map(([pattern, files]) => {
+      const fileList = files.map((df) => esc(df.path)).join("</div><div style='padding:1px 0'>");
+      const collapseId = `conv-${pattern.replace(/[^a-zA-Z0-9]/g, "-")}-${Math.random().toString(36).slice(2, 6)}`;
+      return `<div style="background:var(--tint-orange);border-left:3px solid var(--drift-orange);border-radius:0;padding:12px 16px;margin:8px 0">
+        <div class="label" style="color:var(--drift-orange);margin-bottom:4px">DRIFT &mdash; ${esc(pattern)} &mdash; ${files.length} files</div>
+        <div style="cursor:pointer;font-size:12px;color:var(--text-secondary);margin-top:6px" data-collapse="${collapseId}">&#9654; Show ${files.length} files</div>
+        <div id="${collapseId}" style="display:none;padding:6px 0" class="mono" style="font-size:12px;color:var(--text-secondary)"><div style="padding:1px 0">${fileList}</div></div>
+      </div>`;
+    }).join("");
+  }
+  return d.deviatingFiles.slice(0, 4).map((df) => {
+    const evidence = df.evidence.slice(0, 3).map(
+      (e) => `<div style="background:var(--bg-code);padding:6px 12px;border-radius:0;margin:4px 0;overflow-x:auto" class="mono"><span style="color:var(--text-tertiary);margin-right:12px;user-select:none">${e.line}</span>${esc(e.code.slice(0, 120))}</div>`
+    ).join("");
+    return `<div style="background:var(--tint-orange);border-left:3px solid var(--drift-orange);border-radius:0;padding:12px 16px;margin:8px 0">
+      <div class="label" style="color:var(--drift-orange);margin-bottom:4px">DRIFT &mdash; ${esc(df.detectedPattern)}</div>
+      <div class="mono" style="font-size:12px;color:var(--text-secondary);margin-bottom:6px">${esc(df.path)}</div>
+      ${evidence}
+    </div>`;
+  }).join("");
+}
+function buildDriftRecommendation(d) {
+  let recText = d.recommendation ?? "";
+  if (recText && d.deviatingFiles.length > 0) {
+    const firstDev = d.deviatingFiles[0];
+    const firstEvidence = firstDev.evidence?.[0];
+    if (recText.includes("Migrate deviating files") || recText.includes("Standardize deviating")) {
+      const fileList = d.deviatingFiles.slice(0, 3).map((f) => f.path.split("/").pop()).join(", ");
+      recText = `In ${fileList}${d.deviatingFiles.length > 3 ? ` (+${d.deviatingFiles.length - 3} more)` : ""}: replace ${firstDev.detectedPattern} with the dominant ${d.dominantPattern} pattern (used by ${d.dominantCount}/${d.totalRelevantFiles} files).`;
+      if (firstEvidence) {
+        recText += ` Example: ${firstDev.path.split("/").pop()}:${firstEvidence.line} currently uses ${firstDev.detectedPattern}.`;
+      }
+    }
+  }
+  return recText;
+}
+function buildDistributionBar(d) {
+  const domPct = d.totalRelevantFiles > 0 ? Math.round(d.dominantCount / d.totalRelevantFiles * 100) : 0;
+  const devPct = 100 - domPct;
+  return `<div style="margin:12px 0">
+    <div style="display:flex;height:6px;border-radius:0;overflow:hidden;gap:2px">
+      <div style="width:${domPct}%;background:var(--intent-green);border-radius:0"></div>
+      <div style="width:${devPct}%;background:var(--drift-orange);border-radius:0"></div>
+    </div>
+    <div style="display:flex;gap:16px;margin-top:4px;font-size:11px;color:var(--text-tertiary)">
+      <span>${esc(d.dominantPattern)} (${d.dominantCount})</span>
+      <span>Deviating (${d.totalRelevantFiles - d.dominantCount})</span>
+      <span style="margin-left:auto">${d.consistencyScore}% consistent</span>
+    </div>
+  </div>`;
+}
 function buildDriftFindings(result) {
   const driftCats = ["architectural_consistency", "security_posture", "semantic_duplication", "naming_conventions", "phantom_scaffolding"];
   const catLabels = {
@@ -7092,61 +7391,9 @@ function buildDriftFindings(result) {
       const domBlock = `<div style="background:var(--tint-green);border-left:3px solid var(--intent-green);border-radius:0;padding:12px 16px;margin:8px 0">
         <div class="label" style="color:var(--intent-green);margin-bottom:6px">INTENT (DOMINANT) &mdash; ${esc(d.dominantPattern)} &mdash; ${d.dominantCount} files${closeSplitNote}</div>
       </div>`;
-      const isConvention = d.driftCategory === "naming_conventions";
-      const devByPattern = /* @__PURE__ */ new Map();
-      for (const df of d.deviatingFiles) {
-        const key = df.detectedPattern;
-        if (!devByPattern.has(key)) devByPattern.set(key, []);
-        devByPattern.get(key).push(df);
-      }
-      let devBlocks;
-      if (isConvention && d.deviatingFiles.length > 4) {
-        devBlocks = [...devByPattern.entries()].map(([pattern, files]) => {
-          const fileList = files.map((df) => esc(df.path)).join("</div><div style='padding:1px 0'>");
-          const collapseId = `conv-${pattern.replace(/[^a-zA-Z0-9]/g, "-")}-${Math.random().toString(36).slice(2, 6)}`;
-          return `<div style="background:var(--tint-orange);border-left:3px solid var(--drift-orange);border-radius:0;padding:12px 16px;margin:8px 0">
-            <div class="label" style="color:var(--drift-orange);margin-bottom:4px">DRIFT &mdash; ${esc(pattern)} &mdash; ${files.length} files</div>
-            <div style="cursor:pointer;font-size:12px;color:var(--text-secondary);margin-top:6px" data-collapse="${collapseId}">&#9654; Show ${files.length} files</div>
-            <div id="${collapseId}" style="display:none;padding:6px 0" class="mono" style="font-size:12px;color:var(--text-secondary)"><div style="padding:1px 0">${fileList}</div></div>
-          </div>`;
-        }).join("");
-      } else {
-        devBlocks = d.deviatingFiles.slice(0, 4).map((df) => {
-          const evidence = df.evidence.slice(0, 3).map(
-            (e) => `<div style="background:var(--bg-code);padding:6px 12px;border-radius:0;margin:4px 0;overflow-x:auto" class="mono"><span style="color:var(--text-tertiary);margin-right:12px;user-select:none">${e.line}</span>${esc(e.code.slice(0, 120))}</div>`
-          ).join("");
-          return `<div style="background:var(--tint-orange);border-left:3px solid var(--drift-orange);border-radius:0;padding:12px 16px;margin:8px 0">
-            <div class="label" style="color:var(--drift-orange);margin-bottom:4px">DRIFT &mdash; ${esc(df.detectedPattern)}</div>
-            <div class="mono" style="font-size:12px;color:var(--text-secondary);margin-bottom:6px">${esc(df.path)}</div>
-            ${evidence}
-          </div>`;
-        }).join("");
-      }
-      const domPct = d.totalRelevantFiles > 0 ? Math.round(d.dominantCount / d.totalRelevantFiles * 100) : 0;
-      const devPct = 100 - domPct;
-      const distBar = `<div style="margin:12px 0">
-        <div style="display:flex;height:6px;border-radius:0;overflow:hidden;gap:2px">
-          <div style="width:${domPct}%;background:var(--intent-green);border-radius:0"></div>
-          <div style="width:${devPct}%;background:var(--drift-orange);border-radius:0"></div>
-        </div>
-        <div style="display:flex;gap:16px;margin-top:4px;font-size:11px;color:var(--text-tertiary)">
-          <span>${esc(d.dominantPattern)} (${d.dominantCount})</span>
-          <span>Deviating (${d.totalRelevantFiles - d.dominantCount})</span>
-          <span style="margin-left:auto">${d.consistencyScore}% consistent</span>
-        </div>
-      </div>`;
-      let recText = d.recommendation ?? "";
-      if (recText && d.deviatingFiles.length > 0) {
-        const firstDev = d.deviatingFiles[0];
-        const firstEvidence = firstDev.evidence?.[0];
-        if (recText.includes("Migrate deviating files") || recText.includes("Standardize deviating")) {
-          const fileList = d.deviatingFiles.slice(0, 3).map((f) => f.path.split("/").pop()).join(", ");
-          recText = `In ${fileList}${d.deviatingFiles.length > 3 ? ` (+${d.deviatingFiles.length - 3} more)` : ""}: replace ${firstDev.detectedPattern} with the dominant ${d.dominantPattern} pattern (used by ${d.dominantCount}/${d.totalRelevantFiles} files).`;
-          if (firstEvidence) {
-            recText += ` Example: ${firstDev.path.split("/").pop()}:${firstEvidence.line} currently uses ${firstDev.detectedPattern}.`;
-          }
-        }
-      }
+      const devBlocks = buildDeviatingBlocks(d);
+      const distBar = buildDistributionBar(d);
+      const recText = buildDriftRecommendation(d);
       const closeSplitQualifier = domPctVal < 70 && domPctVal >= 50 ? `<div style="margin-top:8px;padding:8px 14px;background:var(--tint-amber);border-left:3px solid var(--drift-amber);border-radius:0;font-size:13px;line-height:1.6;color:var(--text-secondary)">
           <strong>${esc(d.dominantPattern)}</strong> is dominant at ${domPctVal}%, but the split is close.
           If your team prefers <strong>${esc(d.deviatingFiles[0]?.detectedPattern ?? "the alternative")}</strong>, adopt that instead.
@@ -7374,6 +7621,37 @@ function buildDeepInsights(result) {
   ${cards}
 </section>`;
 }
+function buildSequenceCards(similarities) {
+  const seqCards = similarities.slice(0, 6).map((sim) => {
+    const pct = Math.round(sim.similarity * 100);
+    const color = pct >= 90 ? "var(--drift-red)" : "var(--drift-orange)";
+    const matchLabel = pct >= 100 ? "Exact duplicate" : pct >= 90 ? "Near-exact match" : "Similar";
+    return `<div style="display:flex;align-items:center;gap:12px;padding:6px 0;border-bottom:1px solid var(--border-subtle)">
+      <span class="mono" style="min-width:40px;font-weight:700;color:${color}">${pct}%</span>
+      <div style="flex:1">
+        <span style="font-size:11px;font-weight:600;color:${color};margin-right:6px">${matchLabel}</span>
+        <span class="mono" style="font-size:12px;color:var(--text-secondary)">${esc(sim.functionA.name)}()</span>
+        <span style="font-size:11px;color:var(--text-tertiary)"> in ${esc(shortPath(sim.functionA.relativePath || sim.functionA.file))}</span>
+        <span style="color:var(--text-tertiary);margin:0 4px">&harr;</span>
+        <span class="mono" style="font-size:12px;color:var(--drift-orange)">${esc(sim.functionB.name)}()</span>
+        <span style="font-size:11px;color:var(--text-tertiary)"> in ${esc(shortPath(sim.functionB.relativePath || sim.functionB.file))}</span>
+      </div>
+    </div>`;
+  }).join("");
+  return `<details style="margin-bottom:8px"><summary style="cursor:pointer;font-size:13px;font-weight:500;color:var(--text-primary);list-style:none;padding:6px 0"><span class="chevron">&#9654;</span> Operation sequence matches <span style="color:var(--text-tertiary);font-weight:400">${similarities.length} pairs</span></summary><div style="padding:4px 0 4px 16px">${seqCards}</div></details>`;
+}
+function buildDeviationCards(justifications) {
+  const devCards = justifications.map((dj) => {
+    const vColor = dj.verdict === "likely_justified" ? "var(--intent-green)" : dj.verdict === "likely_accidental" ? "var(--drift-red)" : "var(--drift-amber)";
+    const vLabel = dj.verdict === "likely_justified" ? "JUSTIFIED" : dj.verdict === "likely_accidental" ? "ACCIDENTAL" : "UNCERTAIN";
+    return `<div style="display:flex;align-items:center;gap:10px;padding:6px 0;border-bottom:1px solid var(--border-subtle)">
+      <span class="sev-badge" style="background:${vColor};min-width:80px;text-align:center">${vLabel}</span>
+      <span class="mono" style="font-size:12px;color:var(--text-secondary);flex:1">${esc(shortPath(dj.relativePath || dj.file))}</span>
+      <span style="font-size:12px;color:var(--text-tertiary)">${esc(dj.deviatingPattern)} vs ${esc(dj.dominantPattern)}</span>
+    </div>`;
+  }).join("");
+  return `<details style="margin-bottom:8px"><summary style="cursor:pointer;font-size:13px;font-weight:500;color:var(--text-primary);list-style:none;padding:6px 0"><span class="chevron">&#9654;</span> Deviation analysis <span style="color:var(--text-tertiary);font-weight:400">${justifications.length}</span></summary><div style="padding:4px 0 4px 16px">${devCards}</div></details>`;
+}
 function buildCodeDnaSummary(result) {
   const dna = result.codeDnaResult;
   if (!dna) return "";
@@ -7384,35 +7662,10 @@ function buildCodeDnaSummary(result) {
   if (!hasDupes && !hasSeqs && !hasTaint && !hasDevs) return "";
   const parts = [];
   if (hasSeqs) {
-    const seqCards = dna.sequenceSimilarities.slice(0, 6).map((sim) => {
-      const pct = Math.round(sim.similarity * 100);
-      const color = pct >= 90 ? "var(--drift-red)" : "var(--drift-orange)";
-      const matchLabel = pct >= 100 ? "Exact duplicate" : pct >= 90 ? "Near-exact match" : "Similar";
-      return `<div style="display:flex;align-items:center;gap:12px;padding:6px 0;border-bottom:1px solid var(--border-subtle)">
-        <span class="mono" style="min-width:40px;font-weight:700;color:${color}">${pct}%</span>
-        <div style="flex:1">
-          <span style="font-size:11px;font-weight:600;color:${color};margin-right:6px">${matchLabel}</span>
-          <span class="mono" style="font-size:12px;color:var(--text-secondary)">${esc(sim.functionA.name)}()</span>
-          <span style="font-size:11px;color:var(--text-tertiary)"> in ${esc(shortPath(sim.functionA.relativePath || sim.functionA.file))}</span>
-          <span style="color:var(--text-tertiary);margin:0 4px">&harr;</span>
-          <span class="mono" style="font-size:12px;color:var(--drift-orange)">${esc(sim.functionB.name)}()</span>
-          <span style="font-size:11px;color:var(--text-tertiary)"> in ${esc(shortPath(sim.functionB.relativePath || sim.functionB.file))}</span>
-        </div>
-      </div>`;
-    }).join("");
-    parts.push(`<details style="margin-bottom:8px"><summary style="cursor:pointer;font-size:13px;font-weight:500;color:var(--text-primary);list-style:none;padding:6px 0"><span class="chevron">&#9654;</span> Operation sequence matches <span style="color:var(--text-tertiary);font-weight:400">${dna.sequenceSimilarities.length} pairs</span></summary><div style="padding:4px 0 4px 16px">${seqCards}</div></details>`);
+    parts.push(buildSequenceCards(dna.sequenceSimilarities));
   }
   if (hasDevs) {
-    const devCards = dna.deviationJustifications.map((dj) => {
-      const vColor = dj.verdict === "likely_justified" ? "var(--intent-green)" : dj.verdict === "likely_accidental" ? "var(--drift-red)" : "var(--drift-amber)";
-      const vLabel = dj.verdict === "likely_justified" ? "JUSTIFIED" : dj.verdict === "likely_accidental" ? "ACCIDENTAL" : "UNCERTAIN";
-      return `<div style="display:flex;align-items:center;gap:10px;padding:6px 0;border-bottom:1px solid var(--border-subtle)">
-        <span class="sev-badge" style="background:${vColor};min-width:80px;text-align:center">${vLabel}</span>
-        <span class="mono" style="font-size:12px;color:var(--text-secondary);flex:1">${esc(shortPath(dj.relativePath || dj.file))}</span>
-        <span style="font-size:12px;color:var(--text-tertiary)">${esc(dj.deviatingPattern)} vs ${esc(dj.dominantPattern)}</span>
-      </div>`;
-    }).join("");
-    parts.push(`<details style="margin-bottom:8px"><summary style="cursor:pointer;font-size:13px;font-weight:500;color:var(--text-primary);list-style:none;padding:6px 0"><span class="chevron">&#9654;</span> Deviation analysis <span style="color:var(--text-tertiary);font-weight:400">${dna.deviationJustifications.length}</span></summary><div style="padding:4px 0 4px 16px">${devCards}</div></details>`);
+    parts.push(buildDeviationCards(dna.deviationJustifications));
   }
   if (parts.length === 0) return "";
   const totalFindings = dna.findings?.length ?? 0;
@@ -7807,34 +8060,8 @@ function exportCSV() {
 }
 
 // \u2500\u2500\u2500\u2500 Export: DOCX (Word-compatible HTML) \u2500\u2500\u2500\u2500
-function exportDOCX() {
-  const d = window.__VIBEDRIFT_DATA;
-  if (!d) { alert('Report data not available'); return; }
-
-  let html = '<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word"><head><meta charset="utf-8"><style>';
-  html += 'body{font-family:Calibri,sans-serif;font-size:11pt;color:#222;margin:40px}';
-  html += 'h1{font-size:20pt;color:#0B0F15;border-bottom:2px solid #00D4FF;padding-bottom:8px;margin-top:28px}';
-  html += 'h2{font-size:14pt;color:#333;margin-top:20px}';
-  html += 'h3{font-size:12pt;color:#555;margin-top:14px}';
-  html += 'table{border-collapse:collapse;width:100%;margin:10px 0}';
-  html += 'th,td{border:1px solid #ddd;padding:6px 10px;text-align:left;font-size:10pt}';
-  html += 'th{background:#f0f4f8;font-weight:600}';
-  html += '.sev-critical{color:#dc2626;font-weight:700} .sev-warning{color:#d97706;font-weight:700} .sev-info{color:#2563eb}';
-  html += '.intent{background:#ecfdf5;border-left:3px solid #10b981;padding:8px 12px;margin:6px 0}';
-  html += '.drift{background:#fff7ed;border-left:3px solid #f97316;padding:8px 12px;margin:6px 0}';
-  html += '.rec{background:#f0f9ff;border-left:3px solid #0ea5e9;padding:8px 12px;margin:6px 0}';
-  html += 'code{font-family:Consolas,monospace;font-size:9pt;background:#f5f5f5;padding:1px 4px}';
-  html += '.page-break{page-break-before:always}';
-  html += '</style></head><body>';
-
-  // Title
-  html += '<div style="text-align:center;margin-bottom:30px">';
-  html += '<h1 style="border:none;font-size:28pt;color:#00D4FF">VIBEDRIFT REPORT</h1>';
-  html += '<p style="font-size:16pt;color:#333">' + esc2(d.project) + '</p>';
-  html += '<p>' + d.fileCount + ' files &middot; ' + d.totalLines.toLocaleString() + ' LOC &middot; Score: <strong>' + d.score + '/' + d.maxScore + '</strong></p>';
-  html += '</div>';
-
-  // Drift findings
+function buildDocxFindingsHtml(d) {
+  let html = '';
   html += '<h1>Drift Findings</h1>';
   for (const f of d.driftFindings || []) {
     const sev = f.severity === 'error' ? 'critical' : f.severity;
@@ -7844,8 +8071,6 @@ function exportDOCX() {
     html += '<div class="drift"><strong>DEVIATING:</strong> ' + esc2(f.devFiles) + '</div>';
     if (f.recommendation) html += '<div class="rec"><strong>Fix:</strong> ' + esc2(f.recommendation) + '</div>';
   }
-
-  // All findings
   html += '<div class="page-break"></div><h1>All Findings</h1>';
   html += '<table><tr><th>Severity</th><th>Analyzer</th><th>Finding</th><th>File</th><th>Line</th></tr>';
   for (const f of d.findings || []) {
@@ -7854,16 +8079,17 @@ function exportDOCX() {
     html += '<td><code>' + esc2(f.file) + '</code></td><td>' + f.line + '</td></tr>';
   }
   html += '</table>';
+  return html;
+}
 
-  // File scores
+function buildDocxScoresHtml(d) {
+  let html = '';
   html += '<div class="page-break"></div><h1>File Scores</h1>';
   html += '<table><tr><th>File</th><th>Score</th><th>Findings</th></tr>';
   for (const f of d.fileScores || []) {
     html += '<tr><td><code>' + esc2(f.file) + '</code></td><td>' + f.score + '/100</td><td>' + f.findings + '</td></tr>';
   }
   html += '</table>';
-
-  // Code DNA
   if (d.codeDna) {
     html += '<div class="page-break"></div><h1>Code DNA Analysis</h1>';
     if (d.codeDna.sequences && d.codeDna.sequences.length > 0) {
@@ -7877,8 +8103,6 @@ function exportDOCX() {
       html += '</table>';
     }
   }
-
-  // Deep insights
   if (d.deepInsights && d.deepInsights.length > 0) {
     html += '<div class="page-break"></div><h1>Deep Analysis Insights (AI-Powered)</h1>';
     for (const ins of d.deepInsights) {
@@ -7887,6 +8111,37 @@ function exportDOCX() {
       if (ins.recommendation) html += '<div class="rec"><strong>Fix:</strong> ' + esc2(ins.recommendation) + '</div>';
     }
   }
+  return html;
+}
+
+function exportDOCX() {
+  const d = window.__VIBEDRIFT_DATA;
+  if (!d) { alert('Report data not available'); return; }
+
+  let html = '<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word"><head><meta charset="utf-8"><style>';
+  html += 'body{font-family:Calibri,sans-serif;font-size:11pt;color:#222;margin:40px}';
+  html += 'h1{font-size:20pt;color:#0B0F15;border-bottom:2px solid #00D4FF;padding-bottom:8px;margin-top:28px}';
+  html += 'h2{font-size:14pt;color:#333;margin-top:20px}';
+  html += 'h3{font-size:12pt;color:#555;margin-top:14px}';
+  html += 'table{border-collapse:collapse;width:100%;margin:10px 0}';
+  html += 'th,td{border:1px solid #ddd;padding:6px 10px;text-align:left;font-size:10pt}';
+  html += 'th{background:#f0f4f8;font-weight:600}';
+  html += '.sev-critical{color:#dc2626;font-weight:700} .sev-warning{color:#d97706;font-weight:700} .sev-info{color:#2563eb}';
+  html += '.intent{background:#ecfdf5;border-left:3px solid #10b981;padding:8px 12px;margin:6px 0}';
+  html += '.drift{background:#fff7ed;border-left:3px solid #f97316;padding:8px 12px;margin:6px 0}';
+  html += '.rec{background:#f0f9ff;border-left:3px solid #0ea5e9;padding:8px 12px;margin:6px 0}';
+  html += 'code{font-family:Consolas,monospace;font-size:9pt;background:#f5f5f5;padding:1px 4px}';
+  html += '.page-break{page-break-before:always}';
+  html += '</style></head><body>';
+
+  html += '<div style="text-align:center;margin-bottom:30px">';
+  html += '<h1 style="border:none;font-size:28pt;color:#00D4FF">VIBEDRIFT REPORT</h1>';
+  html += '<p style="font-size:16pt;color:#333">' + esc2(d.project) + '</p>';
+  html += '<p>' + d.fileCount + ' files &middot; ' + d.totalLines.toLocaleString() + ' LOC &middot; Score: <strong>' + d.score + '/' + d.maxScore + '</strong></p>';
+  html += '</div>';
+
+  html += buildDocxFindingsHtml(d);
+  html += buildDocxScoresHtml(d);
 
   html += '<hr><p style="color:#999;font-size:9pt">Generated by VibeDrift v' + d.version + ' | ' + d.fileCount + ' files | No data sent externally</p>';
   html += '</body></html>';
@@ -8305,9 +8560,8 @@ async function resolveAuthAndBanner(options) {
   }
   return { bearerToken, apiUrl };
 }
-async function runAnalysisPipeline(rootDir, options, spinner) {
+async function discoverAndFilterFiles(rootDir, options, spinner) {
   const isTerminal = options.format === "terminal" && !options.json;
-  const timings = {};
   const t0 = Date.now();
   const { ctx, warnings } = await buildAnalysisContext(rootDir);
   const includes = options.include ?? [];
@@ -8321,7 +8575,7 @@ async function runAnalysisPipeline(rootDir, options, spinner) {
       console.error(chalk2.dim(`[filter] ${before} \u2192 ${filtered.length} files after include/exclude`));
     }
   }
-  timings.discovery = Date.now() - t0;
+  const discoveryMs = Date.now() - t0;
   if (isTerminal) {
     if (warnings.truncated) {
       console.warn(chalk2.yellow(`
@@ -8339,6 +8593,13 @@ Warning: File limit reached (${warnings.truncatedAt}). Only partial coverage \u2
     console.log("No source files found to analyze.");
     process.exit(0);
   }
+  return { ctx, discoveryMs };
+}
+async function runAnalysisPipeline(rootDir, options, spinner) {
+  const isTerminal = options.format === "terminal" && !options.json;
+  const timings = {};
+  const { ctx, discoveryMs } = await discoverAndFilterFiles(rootDir, options, spinner);
+  timings.discovery = discoveryMs;
   if (spinner) spinner.text = `Parsing ${ctx.files.length} files...`;
   const t1 = Date.now();
   await parseFiles(ctx.files);
@@ -8521,6 +8782,12 @@ async function logAndRender(result, options, bearerToken, apiUrl, rootDir, codeD
     }
   }
   const format = options.format ?? (options.json ? "json" : "html");
+  await renderToFormat(result, format, options);
+  if (options.failOnScore !== void 0 && compositeScore < options.failOnScore) {
+    process.exit(1);
+  }
+}
+async function renderToFormat(result, format, options) {
   if (format === "html") {
     const html = renderHtmlReport(result);
     const outputPath = options.output ?? "vibedrift-report.html";
@@ -8569,9 +8836,6 @@ async function logAndRender(result, options, bearerToken, apiUrl, rootDir, codeD
   } else {
     console.log(renderTerminalOutput(result));
   }
-  if (options.failOnScore !== void 0 && compositeScore < options.failOnScore) {
-    process.exit(1);
-  }
 }
 async function runScan(targetPath, options) {
   const rootDir = resolve(targetPath);
@@ -8786,58 +9050,7 @@ async function runLogin(options = {}) {
     }
     if (result.status === "pending") continue;
     if (result.status === "authorized") {
-      await patchConfig({
-        token: result.access_token,
-        email: result.email,
-        plan: result.plan,
-        expiresAt: result.expires_at,
-        loggedInAt: (/* @__PURE__ */ new Date()).toISOString(),
-        apiUrl: options.apiUrl
-      });
-      console.log(chalk4.green("  \u2713 Logged in successfully."));
-      console.log("");
-      console.log(`  Account: ${chalk4.bold(result.email)}`);
-      console.log(`  Plan:    ${chalk4.bold(result.plan)}`);
-      console.log("");
-      try {
-        const credits = await fetchCredits(result.access_token, {
-          apiUrl: options.apiUrl
-        });
-        if (credits.has_free_deep_scan && !credits.unlimited) {
-          console.log(
-            chalk4.bgYellow.black.bold("  \u{1F381} 1 FREE deep scan included with your account  ")
-          );
-          console.log("");
-          console.log(
-            chalk4.yellow("  Try the full pipeline (Claude analysis, security review,")
-          );
-          console.log(
-            chalk4.yellow("  AI-powered drift detection) on any project \u2014 no card needed.")
-          );
-          console.log("");
-          console.log(`    ${chalk4.cyan("vibedrift . --deep")}`);
-          console.log("");
-        } else if (credits.unlimited) {
-          console.log(chalk4.dim("  Run `vibedrift . --deep` to use AI-powered analysis."));
-          console.log("");
-        } else if (credits.available_total > 0) {
-          console.log(
-            chalk4.dim(`  You have ${credits.available_total} deep scan credit${credits.available_total === 1 ? "" : "s"} available.`)
-          );
-          console.log(chalk4.dim("  Run `vibedrift . --deep` to use one."));
-          console.log("");
-        } else {
-          console.log(chalk4.dim("  Run `vibedrift upgrade` to enable deep AI scans."));
-          console.log("");
-        }
-      } catch {
-        if (result.plan === "free") {
-          console.log(chalk4.dim("  Run `vibedrift upgrade` to enable deep AI scans."));
-        } else {
-          console.log(chalk4.dim("  Run `vibedrift . --deep` to use AI-powered analysis."));
-        }
-        console.log("");
-      }
+      await handleLoginSuccess(result, options);
       return;
     }
     if (result.status === "denied") {
@@ -8855,6 +9068,60 @@ async function runLogin(options = {}) {
   console.error(chalk4.dim("    Run `vibedrift login` again to retry.\n"));
   process.exit(1);
 }
+async function handleLoginSuccess(result, options) {
+  await patchConfig({
+    token: result.access_token,
+    email: result.email,
+    plan: result.plan,
+    expiresAt: result.expires_at,
+    loggedInAt: (/* @__PURE__ */ new Date()).toISOString(),
+    apiUrl: options.apiUrl
+  });
+  console.log(chalk4.green("  \u2713 Logged in successfully."));
+  console.log("");
+  console.log(`  Account: ${chalk4.bold(result.email)}`);
+  console.log(`  Plan:    ${chalk4.bold(result.plan)}`);
+  console.log("");
+  try {
+    const credits = await fetchCredits(result.access_token, {
+      apiUrl: options.apiUrl
+    });
+    if (credits.has_free_deep_scan && !credits.unlimited) {
+      console.log(
+        chalk4.bgYellow.black.bold("  \u{1F381} 1 FREE deep scan included with your account  ")
+      );
+      console.log("");
+      console.log(
+        chalk4.yellow("  Try the full pipeline (Claude analysis, security review,")
+      );
+      console.log(
+        chalk4.yellow("  AI-powered drift detection) on any project \u2014 no card needed.")
+      );
+      console.log("");
+      console.log(`    ${chalk4.cyan("vibedrift . --deep")}`);
+      console.log("");
+    } else if (credits.unlimited) {
+      console.log(chalk4.dim("  Run `vibedrift . --deep` to use AI-powered analysis."));
+      console.log("");
+    } else if (credits.available_total > 0) {
+      console.log(
+        chalk4.dim(`  You have ${credits.available_total} deep scan credit${credits.available_total === 1 ? "" : "s"} available.`)
+      );
+      console.log(chalk4.dim("  Run `vibedrift . --deep` to use one."));
+      console.log("");
+    } else {
+      console.log(chalk4.dim("  Run `vibedrift upgrade` to enable deep AI scans."));
+      console.log("");
+    }
+  } catch {
+    if (result.plan === "free") {
+      console.log(chalk4.dim("  Run `vibedrift upgrade` to enable deep AI scans."));
+    } else {
+      console.log(chalk4.dim("  Run `vibedrift . --deep` to use AI-powered analysis."));
+    }
+    console.log("");
+  }
+}
 function fail(intro, err) {
   const msg = err instanceof VibeDriftApiError ? `${err.status ? `HTTP ${err.status}: ` : ""}${err.message}` : err instanceof Error ? err.message : String(err);
   console.error(chalk4.red(`
@@ -9102,58 +9369,8 @@ import { homedir as homedir3, platform, arch } from "os";
 import { join as join7 } from "path";
 import { stat as stat4, access, constants } from "fs/promises";
 init_version();
-async function runDoctor() {
-  let failures = 0;
-  console.log("");
-  console.log(chalk10.bold("  VibeDrift Doctor"));
-  console.log("");
-  console.log(chalk10.bold("  Environment"));
-  ok("CLI version", getVersion());
-  ok("Node", process.version);
-  ok("Platform", `${platform()} ${arch()}`);
-  ok("HOME", homedir3());
-  console.log("");
-  console.log(chalk10.bold("  Config"));
-  const configDir = getConfigDir();
-  const configPath = getConfigPath();
-  let configDirOk = false;
-  try {
-    const info2 = await stat4(configDir);
-    if (info2.isDirectory()) {
-      configDirOk = true;
-      const mode = (info2.mode & 511).toString(8);
-      ok("Config dir", `${configDir} (mode ${mode})`);
-    } else {
-      bad(`Config dir exists but is not a directory: ${configDir}`);
-      failures++;
-    }
-  } catch {
-    info("Config dir", `${configDir} (will be created on first login)`);
-    configDirOk = true;
-  }
-  if (configDirOk) {
-    try {
-      await access(configPath, constants.R_OK);
-      const info2 = await stat4(configPath);
-      const mode = (info2.mode & 511).toString(8);
-      if ((info2.mode & 63) !== 0) {
-        warn("Config file", `${configPath} (mode ${mode}, world/group readable \u2014 should be 600)`);
-      } else {
-        ok("Config file", `${configPath} (mode ${mode})`);
-      }
-    } catch {
-      info("Config file", "absent (not logged in)");
-    }
-  }
-  const historyDir = join7(homedir3(), ".vibedrift", "scans");
-  try {
-    const info2 = await stat4(historyDir);
-    if (info2.isDirectory()) ok("Scan history", historyDir);
-    else warn("Scan history", `${historyDir} exists but is not a directory`);
-  } catch {
-    info("Scan history", "empty (no scans run yet)");
-  }
-  console.log("");
+async function checkAuthStatus() {
+  let authFailures = 0;
   console.log(chalk10.bold("  Authentication"));
   const config = await readConfig();
   const resolved = await resolveToken();
@@ -9170,7 +9387,7 @@ async function runDoctor() {
         const now = Date.now();
         if (expires < now) {
           bad(`Token expired ${Math.floor((now - expires) / 864e5)} days ago`);
-          failures++;
+          authFailures++;
         } else {
           ok("Token expires", `${config.expiresAt} (${Math.ceil((expires - now) / 864e5)} days)`);
         }
@@ -9178,6 +9395,10 @@ async function runDoctor() {
     }
   }
   console.log("");
+  return { resolved, authFailures };
+}
+async function checkApiConnectivity(resolved) {
+  let failures = 0;
   console.log(chalk10.bold("  API"));
   const apiUrl = await resolveApiUrl();
   ok("API URL", apiUrl);
@@ -9212,6 +9433,64 @@ async function runDoctor() {
     }
   }
   console.log("");
+  return failures;
+}
+async function runDoctor() {
+  let failures = 0;
+  console.log("");
+  console.log(chalk10.bold("  VibeDrift Doctor"));
+  console.log("");
+  console.log(chalk10.bold("  Environment"));
+  ok("CLI version", getVersion());
+  ok("Node", process.version);
+  ok("Platform", `${platform()} ${arch()}`);
+  ok("HOME", homedir3());
+  console.log("");
+  console.log(chalk10.bold("  Config"));
+  const configDir = getConfigDir();
+  const configPath = getConfigPath();
+  let configDirOk = false;
+  try {
+    const info2 = await stat4(configDir);
+    if (info2.isDirectory()) {
+      configDirOk = true;
+      const mode = (info2.mode & 511).toString(8);
+      ok("Config dir", `${configDir} (mode ${mode})`);
+    } else {
+      bad(`Config dir exists but is not a directory: ${configDir}`);
+      failures++;
+    }
+  } catch {
+    info("Config dir", `${configDir} (will be created on first login)`);
+    configDirOk = true;
+  }
+  if (configDirOk) {
+    try {
+      await access(configPath, constants.R_OK);
+      const info2 = await stat4(configPath);
+      const mode = (info2.mode & 511).toString(8);
+      if ((info2.mode & 63) !== 0) {
+        warn("Config file", `${configPath} (mode ${mode}, world/group readable \u2014 should be 600)`);
+      } else {
+        ok("Config file", `${configPath} (mode ${mode})`);
+      }
+    } catch {
+      info("Config file", "absent (not logged in)");
+    }
+  }
+  const historyDir = join7(homedir3(), ".vibedrift", "scans");
+  try {
+    const info2 = await stat4(historyDir);
+    if (info2.isDirectory()) ok("Scan history", historyDir);
+    else warn("Scan history", `${historyDir} exists but is not a directory`);
+  } catch {
+    info("Scan history", "empty (no scans run yet)");
+  }
+  console.log("");
+  const { resolved, authFailures } = await checkAuthStatus();
+  failures += authFailures;
+  const apiFailures = await checkApiConnectivity(resolved);
+  failures += apiFailures;
   if (failures === 0) {
     console.log(chalk10.green("  \u2713 All checks passed."));
   } else {