@vibgrate/cli 1.0.65 → 1.0.67

package/dist/{baseline-WRLXEJGA.js → baseline-YGEO4GK7.js}

@@ -1,8 +1,8 @@
 import {
   baselineCommand,
   runBaseline
-} from "./chunk-VGZRUFB4.js";
-import "./chunk-XDZGC6KJ.js";
+} from "./chunk-NASOHLRL.js";
+import "./chunk-56UAFVE4.js";
 import "./chunk-TBE6NQ5Z.js";
 export {
   baselineCommand,

package/dist/{chunk-XDZGC6KJ.js → chunk-56UAFVE4.js}

@@ -319,20 +319,6 @@ function formatText(artifact) {
   if (artifact.extended?.architecture) {
     lines.push(...formatArchitectureDiagram(artifact.extended.architecture));
   }
-  if (artifact.relationshipDiagram?.mermaid) {
-    lines.push(chalk.bold.cyan("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557"));
-    lines.push(chalk.bold.cyan("\u2551      Project Relationship Diagram        \u2551"));
-    lines.push(chalk.bold.cyan("\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D"));
-    lines.push("");
-    lines.push(chalk.bold("  Mermaid") + chalk.dim("  (copy into https://mermaid.live or a ```mermaid code block)"));
-    lines.push("");
-    lines.push(chalk.dim("  ```mermaid"));
-    for (const mLine of artifact.relationshipDiagram.mermaid.split("\n")) {
-      lines.push(chalk.dim(`  ${mLine}`));
-    }
-    lines.push(chalk.dim("  ```"));
-    lines.push("");
-  }
   if (artifact.solutions && artifact.solutions.length > 0) {
     lines.push(chalk.bold.cyan("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557"));
     lines.push(chalk.bold.cyan("\u2551        Solution Drift Summary            \u2551"));
@@ -1169,6 +1155,262 @@ import * as crypto3 from "crypto";
 import * as path2 from "path";
 import { Command as Command2 } from "commander";
 import chalk3 from "chalk";
+
+// src/utils/compact-artifact.ts
+import * as zlib from "zlib";
+import { promisify } from "util";
+
+// src/utils/compact-evidence.ts
+var CATEGORY_PATTERNS = [
+  { category: "pricing", pattern: /price|pricing|billing|subscri|trial|credit|plan|tier|upgrade|premium|pro|enterprise/i },
+  { category: "auth", pattern: /sign[- ]?in|sign[- ]?up|log[- ]?in|log[- ]?out|auth|sso|oauth|password|register|invite|onboard/i },
+  { category: "dashboard", pattern: /dashboard|overview|home|main|summary|stats/i },
+  { category: "settings", pattern: /setting|config|preference|option|profile|account/i },
+  { category: "users", pattern: /user|member|team|role|permission|access|admin|owner/i },
+  { category: "integrations", pattern: /integrat|connect|webhook|api[- ]?key|sync|import|export/i },
+  { category: "reports", pattern: /report|analy|metric|chart|graph|insight|track/i },
+  { category: "workflows", pattern: /workflow|automat|schedule|trigger|action|job|task|pipeline/i },
+  { category: "projects", pattern: /project|workspace|organization|folder|repo/i },
+  { category: "navigation", pattern: /menu|nav|sidebar|header|footer|breadcrumb/i }
+];
+function compactUiPurpose(result, maxSamplesPerCategory = 3) {
+  const evidence = result.topEvidence;
+  const dependencies = evidence.filter((e) => e.kind === "dependency").map((e) => e.value).slice(0, 10);
+  const routes = dedupeRoutes(
+    evidence.filter((e) => e.kind === "route").map((e) => e.value)
+  ).slice(0, 15);
+  const textEvidence = evidence.filter(
+    (e) => e.kind !== "dependency" && e.kind !== "route" && e.kind !== "feature_flag"
+  );
+  const byCategory = /* @__PURE__ */ new Map();
+  const categoryCounts = {};
+  for (const item of textEvidence) {
+    const category = categorize(item.value);
+    if (!byCategory.has(category)) {
+      byCategory.set(category, /* @__PURE__ */ new Set());
+    }
+    const normalized = normalizeValue(item.value);
+    if (normalized.length >= 3) {
+      byCategory.get(category).add(normalized);
+    }
+  }
+  const samples = [];
+  for (const [category, values] of byCategory) {
+    const deduped = dedupeStrings([...values]);
+    categoryCounts[category] = deduped.length;
+    for (const value of deduped.slice(0, maxSamplesPerCategory)) {
+      samples.push({ kind: "text", value, category });
+    }
+  }
+  const featureFlags = evidence.filter((e) => e.kind === "feature_flag");
+  if (featureFlags.length > 0) {
+    categoryCounts["feature_flags"] = featureFlags.length;
+    samples.push({ kind: "feature_flag", value: "feature flags detected", category: "feature_flags" });
+  }
+  return {
+    samples,
+    categoryCounts,
+    originalCount: evidence.length,
+    dependencies,
+    routes,
+    detectedFrameworks: result.detectedFrameworks
+  };
+}
+function categorize(value) {
+  for (const { category, pattern } of CATEGORY_PATTERNS) {
+    if (pattern.test(value)) return category;
+  }
+  return "general";
+}
+function normalizeValue(value) {
+  return value.toLowerCase().replace(/[^a-z0-9\s-]/g, " ").replace(/\s+/g, " ").trim().slice(0, 60);
+}
+function dedupeStrings(values) {
+  const sorted = values.sort((a, b) => b.length - a.length);
+  const kept = [];
+  for (const value of sorted) {
+    const isDupe = kept.some((k) => {
+      const stem = value.slice(0, 6);
+      return k.startsWith(stem) || k.includes(value) || value.includes(k);
+    });
+    if (!isDupe) {
+      kept.push(value);
+    }
+  }
+  return kept;
+}
+function dedupeRoutes(routes) {
+  const seen = /* @__PURE__ */ new Set();
+  const result = [];
+  for (const route of routes) {
+    const normalized = route.replace(/:[a-z_]+/gi, ":param").replace(/\[\[*\.*\.*[a-z_]+\]*\]/gi, ":param").replace(/\/+$/, "").toLowerCase();
+    if (!seen.has(normalized)) {
+      seen.add(normalized);
+      result.push(route);
+    }
+  }
+  return result;
+}
+
+// src/utils/compact-artifact.ts
+var gzip2 = promisify(zlib.gzip);
+var MAX_ITEMS = 50;
+function extractName(entry) {
+  const match = entry.match(/^(.+?)\s*\(/);
+  return match ? match[1].trim() : entry.trim();
+}
+function compactDataStores(result) {
+  return {
+    databaseTechnologies: result.databaseTechnologies.slice(0, 10),
+    connectionStrings: [],
+    // Don't include connection strings in upload
+    connectionPoolSettings: result.connectionPoolSettings.slice(0, MAX_ITEMS),
+    replicationSettings: result.replicationSettings.slice(0, 20),
+    readReplicaSettings: result.readReplicaSettings.slice(0, 20),
+    failoverSettings: result.failoverSettings.slice(0, 20),
+    collationAndEncoding: result.collationAndEncoding.slice(0, 20),
+    queryTimeoutDefaults: result.queryTimeoutDefaults.slice(0, 20),
+    manualIndexes: result.manualIndexes.map(extractName).slice(0, MAX_ITEMS),
+    tables: result.tables.map(extractName).slice(0, MAX_ITEMS),
+    views: result.views.map(extractName).slice(0, MAX_ITEMS),
+    storedProcedures: result.storedProcedures.map(extractName).slice(0, MAX_ITEMS),
+    triggers: result.triggers.map(extractName).slice(0, MAX_ITEMS),
+    rowLevelSecurityPolicies: result.rowLevelSecurityPolicies.slice(0, 20),
+    otherServices: result.otherServices.slice(0, 20)
+  };
+}
+function compactApiSurface(result) {
+  const seenProviders = /* @__PURE__ */ new Set();
+  const uniqueIntegrations = result.integrations.filter((i) => {
+    const domain = i.provider.split(":")[0];
+    if (seenProviders.has(domain)) return false;
+    seenProviders.add(domain);
+    return true;
+  }).slice(0, MAX_ITEMS).map((i) => ({
+    provider: i.provider,
+    endpoint: "",
+    // Don't include full endpoints
+    version: i.version,
+    parameters: [],
+    // Don't include params
+    configOptions: [],
+    authHints: [],
+    files: []
+    // Don't include file paths
+  }));
+  return {
+    integrations: uniqueIntegrations,
+    openApiSpecifications: result.openApiSpecifications.slice(0, 10),
+    webhookUrls: result.webhookUrls.slice(0, 20),
+    callbackEndpoints: result.callbackEndpoints.slice(0, 20),
+    apiVersionPins: result.apiVersionPins.slice(0, 20),
+    tokenExpirationPolicies: result.tokenExpirationPolicies.slice(0, 20),
+    rateLimitOverrides: result.rateLimitOverrides.slice(0, 20),
+    customHeaders: result.customHeaders.slice(0, 20),
+    corsPolicies: result.corsPolicies.slice(0, 20),
+    oauthScopes: result.oauthScopes.slice(0, 20),
+    apiTokens: []
+    // Don't include token references
+  };
+}
+function compactAssetBranding(result) {
+  return {
+    faviconFiles: result.faviconFiles.slice(0, 1),
+    productLogos: []
+    // Don't include logos
+  };
+}
+function prepareArtifactForUpload(artifact) {
+  const compacted = { ...artifact };
+  if (compacted.extended) {
+    const ext = { ...compacted.extended };
+    if (ext.dataStores) {
+      ext.dataStores = compactDataStores(ext.dataStores);
+    }
+    if (ext.apiSurface) {
+      ext.apiSurface = compactApiSurface(ext.apiSurface);
+    }
+    if (ext.assetBranding) {
+      ext.assetBranding = compactAssetBranding(ext.assetBranding);
+    }
+    if (ext.uiPurpose) {
+      const compactedUi = compactUiPurpose(ext.uiPurpose);
+      ext.uiPurpose = {
+        enabled: ext.uiPurpose.enabled,
+        detectedFrameworks: compactedUi.detectedFrameworks,
+        evidenceCount: compactedUi.originalCount,
+        capped: ext.uiPurpose.capped,
+        topEvidence: [],
+        // Clear full evidence
+        unknownSignals: [],
+        // Add compacted data under extended properties
+        ...{ compacted: compactedUi }
+      };
+    }
+    if (ext.runtimeConfiguration) {
+      ext.runtimeConfiguration = {
+        ...ext.runtimeConfiguration,
+        environmentVariables: ext.runtimeConfiguration.environmentVariables.slice(0, 100),
+        hiddenConfigFiles: ext.runtimeConfiguration.hiddenConfigFiles.slice(0, MAX_ITEMS),
+        startupArguments: ext.runtimeConfiguration.startupArguments.slice(0, 100)
+      };
+    }
+    if (ext.operationalResilience) {
+      const ops = ext.operationalResilience;
+      ext.operationalResilience = {
+        implicitTimeouts: ops.implicitTimeouts.slice(0, 30),
+        defaultPaginationSize: ops.defaultPaginationSize.slice(0, 30),
+        implicitRetryLogic: ops.implicitRetryLogic.slice(0, 30),
+        defaultLocale: ops.defaultLocale.slice(0, 20),
+        defaultCurrency: ops.defaultCurrency.slice(0, 20),
+        implicitTimezone: ops.implicitTimezone.slice(0, 20),
+        defaultCharacterEncoding: ops.defaultCharacterEncoding.slice(0, 20),
+        sessionStores: ops.sessionStores.slice(0, 20),
+        distributedLocks: ops.distributedLocks.slice(0, 20),
+        jobSchedulers: ops.jobSchedulers.slice(0, 30),
+        idempotencyKeys: ops.idempotencyKeys.slice(0, 20),
+        rateLimitingCounters: ops.rateLimitingCounters.slice(0, 20),
+        circuitBreakerState: ops.circuitBreakerState.slice(0, 20),
+        abTestToggles: ops.abTestToggles.slice(0, 20),
+        regionalEnablementRules: ops.regionalEnablementRules.slice(0, 20),
+        betaAccessGroups: ops.betaAccessGroups.slice(0, 20),
+        licensingEnforcementLogic: ops.licensingEnforcementLogic.slice(0, 20),
+        killSwitches: ops.killSwitches.slice(0, 20),
+        connectorRetryLogic: ops.connectorRetryLogic.slice(0, 20),
+        apiPollingIntervals: ops.apiPollingIntervals.slice(0, 20),
+        fieldMappings: ops.fieldMappings.slice(0, 20),
+        schemaRegistryRules: ops.schemaRegistryRules.slice(0, 20),
+        deadLetterQueueBehavior: ops.deadLetterQueueBehavior.slice(0, 20),
+        dataMaskingRules: ops.dataMaskingRules.slice(0, 20),
+        transformationLogic: ops.transformationLogic.slice(0, 20),
+        timezoneHandling: ops.timezoneHandling.slice(0, 20),
+        encryptionSettings: ops.encryptionSettings.slice(0, 30),
+        hardcodedSecretSignals: ops.hardcodedSecretSignals.slice(0, 20)
+      };
+    }
+    if (ext.dependencyGraph) {
+      ext.dependencyGraph = {
+        ...ext.dependencyGraph,
+        phantomDependencies: ext.dependencyGraph.phantomDependencies.slice(0, MAX_ITEMS),
+        phantomDependencyDetails: ext.dependencyGraph.phantomDependencyDetails?.slice(0, MAX_ITEMS),
+        duplicatedPackages: ext.dependencyGraph.duplicatedPackages.slice(0, MAX_ITEMS)
+      };
+    }
+    compacted.extended = ext;
+  }
+  return compacted;
+}
+async function compressArtifact(artifact) {
+  const json = JSON.stringify(artifact);
+  return gzip2(json, { level: 9 });
+}
+async function prepareCompressedUpload(artifact) {
+  const compacted = prepareArtifactForUpload(artifact);
+  const compressed = await compressArtifact(compacted);
+  return { body: compressed, contentEncoding: "gzip" };
+}
+
+// src/commands/push.ts
 function parseDsn(dsn) {
   const cleaned = dsn.replace(/[\x00-\x1F\x7F\uFEFF\u200B-\u200D\u2060]/g, "").trim();
   const match = cleaned.match(/^vibgrate\+(https?):?\/\/([^:]+):([^@]+)@([^/]+)\/(.+)$/);
@@ -1203,7 +1445,8 @@ var pushCommand = new Command2("push").description("Push scan results to Vibgrat
     if (opts.strict) process.exit(1);
     return;
   }
-  const body = await readTextFile(filePath);
+  const artifact = await readJsonFile(filePath);
+  const { body, contentEncoding } = await prepareCompressedUpload(artifact);
   const timestamp = String(Date.now());
   let host = parsed.host;
   if (opts.region) {
@@ -1216,12 +1459,16 @@ var pushCommand = new Command2("push").description("Push scan results to Vibgrat
     }
   }
   const url = `${parsed.scheme}://${host}/v1/ingest/scan`;
-  console.log(chalk3.dim(`Uploading to ${host}...`));
+  const originalSize = JSON.stringify(artifact).length;
+  const compressedSize = body.length;
+  const ratio = ((1 - compressedSize / originalSize) * 100).toFixed(0);
+  console.log(chalk3.dim(`Uploading to ${host}... (${(compressedSize / 1024).toFixed(0)} KB, ${ratio}% smaller)`));
   try {
     const response = await fetch(url, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
+        "Content-Encoding": contentEncoding,
         "X-Vibgrate-Timestamp": timestamp,
         "Authorization": `VibgrateDSN ${parsed.keyId}:${parsed.secret}`,
         "Connection": "close"
@@ -7467,6 +7714,17 @@ function extract(content, pattern, sourceFile) {
   }
   return out;
 }
+var LOCKFILE_NAMES = /* @__PURE__ */ new Set([
+  "package-lock.json",
+  "pnpm-lock.yaml",
+  "yarn.lock",
+  "composer.lock",
+  "Gemfile.lock",
+  "Cargo.lock",
+  "poetry.lock",
+  "Pipfile.lock",
+  "packages.lock.json"
+]);
 function detectDbBrand(raw) {
   const value = raw.toLowerCase();
   if (value.includes("postgres")) return { kind: "sql", brand: "PostgreSQL", version: null, evidence: raw };
@@ -7477,6 +7735,7 @@ function detectDbBrand(raw) {
   if (value.includes("mongodb")) return { kind: "nosql", brand: "MongoDB", version: null, evidence: raw };
   if (value.includes("redis")) return { kind: "nosql", brand: "Redis", version: null, evidence: raw };
   if (value.includes("cassandra")) return { kind: "nosql", brand: "Cassandra", version: null, evidence: raw };
+  if (value.includes("cosmosdb") || value.includes("@azure/cosmos") || value.includes("cosmos")) return { kind: "nosql", brand: "CosmosDB", version: null, evidence: raw };
   if (value.includes("dynamodb")) return { kind: "nosql", brand: "DynamoDB", version: null, evidence: raw };
   if (value.includes("neo4j")) return { kind: "nosql", brand: "Neo4j", version: null, evidence: raw };
   return null;
@@ -7558,13 +7817,16 @@ async function scanDataStores(rootDir, fileCache) {
   for (const file of files) {
     const connStrings = extract(file.content, /\b(?:postgres(?:ql)?:\/\/[^\s'"`]+|mysql:\/\/[^\s'"`]+|mongodb(?:\+srv)?:\/\/[^\s'"`]+|redis:\/\/[^\s'"`]+)\b/gi, file.relPath);
     result.connectionStrings.push(...connStrings);
-    const dbEvidence = [
-      ...extract(file.content, /\b(?:postgres|postgresql|mysql|mariadb|mssql|sqlserver|oracle|sqlite|mongodb|redis|cassandra|dynamodb|neo4j)\b/gi, file.relPath),
-      ...connStrings
-    ];
-    for (const evidence of dbEvidence) {
-      const detected = detectDbBrand(evidence);
-      if (detected) dbTechnologies.push(detected);
+    const isLockFile = LOCKFILE_NAMES.has(path23.basename(file.relPath));
+    if (!isLockFile) {
+      const dbEvidence = [
+        ...extract(file.content, /\b(?:postgres|postgresql|mysql|mariadb|mssql|sqlserver|oracle|sqlite|mongodb|redis|cassandra|cosmosdb|cosmos|dynamodb|neo4j)\b/gi, file.relPath),
+        ...connStrings
+      ];
+      for (const evidence of dbEvidence) {
+        const detected = detectDbBrand(evidence);
+        if (detected) dbTechnologies.push(detected);
+      }
     }
     result.connectionPoolSettings.push(...extract(file.content, /\b(?:pool(?:Size|_size)?|maxPoolSize|minPoolSize|connectionLimit)\b[^\n]*/gi, file.relPath));
     result.replicationSettings.push(...extract(file.content, /\b(?:replication|cluster|replicaSet)\b[^\n]*/gi, file.relPath));
@@ -7581,7 +7843,10 @@ async function scanDataStores(rootDir, fileCache) {
     result.otherServices.push(...extract(file.content, /\b(?:redis:\/\/[^\s'"`]+|amqp:\/\/[^\s'"`]+|kafka:\/\/[^\s'"`]+|elasticsearch:\/\/[^\s'"`]+)\b/gi, file.relPath));
   }
   const dedupDb = /* @__PURE__ */ new Map();
-  for (const db of dbTechnologies) dedupDb.set(`${db.kind}:${db.brand}:${db.evidence}`, db);
+  for (const db of dbTechnologies) {
+    const key = `${db.kind}:${db.brand}`;
+    if (!dedupDb.has(key)) dedupDb.set(key, db);
+  }
   result.databaseTechnologies = [...dedupDb.values()].sort((a, b) => a.brand.localeCompare(b.brand));
   result.connectionStrings = uniq(result.connectionStrings);
   result.connectionPoolSettings = uniq(result.connectionPoolSettings);
@@ -7611,6 +7876,17 @@ function detectOpenApiSpecification(relPath, content) {
   const endpointCount = content.match(/(^|\n)\s*\/[^\n:]+:\s*(get|post|put|patch|delete|options|head)/gim)?.length ?? content.match(/"\/[^"]+"\s*:\s*\{/g)?.length ?? null;
   return { path: relPath, format, version, title, endpointCount };
 }
+function isInternalHost(hostname) {
+  const h = hostname.toLowerCase();
+  if (h === "localhost" || h === "127.0.0.1" || h === "::1" || h === "0.0.0.0") return true;
+  if (/^192\.168\./.test(h) || /^10\./.test(h) || /^172\.(1[6-9]|2\d|3[01])\./.test(h)) return true;
+  if (!h.includes(".")) return true;
+  if (/^(example|test|localhost|local|internal)\b/.test(h)) return true;
+  return false;
+}
+function normalizeUrl(raw) {
+  return raw.replace(/[\u0000-\u001F\u007F-\u009F\u200B-\u200F\u202A-\u202E\u2066-\u2069\uFEFF]/g, "").trim();
+}
 async function scanApiSurface(rootDir, fileCache) {
   const files = await scanTextFiles(rootDir, fileCache);
   const integrations = [];
@@ -7630,18 +7906,29 @@ async function scanApiSurface(rootDir, fileCache) {
   for (const file of files) {
     const openApiSpec = detectOpenApiSpecification(file.relPath, file.content);
     if (openApiSpec) result.openApiSpecifications.push(openApiSpec);
-    const endpoints = extract(file.content, /\bhttps?:\/\/[^\s'"`]+/gi, file.relPath);
-    for (const endpoint of endpoints) {
-      const provider = endpoint.replace(/^https?:\/\//, "").split("/")[0] ?? "unknown";
-      const versionMatch = endpoint.match(/\/(v\d+(?:\.\d+)?)\b/i);
-      const params = endpoint.match(/[?&]([a-zA-Z0-9_.-]+)=/g)?.map((p) => p.replace(/[?&=]/g, "")) ?? [];
+    const urlRegex = /\bhttps?:\/\/[^\s'"`]+/gi;
+    let match;
+    while ((match = urlRegex.exec(file.content)) !== null) {
+      const rawUrl = match[0].replace(/[,;)\]}"'`]+$/, "");
+      const cleanUrl = normalizeUrl(rawUrl);
+      if (!cleanUrl.startsWith("http")) continue;
+      let hostname;
+      try {
+        hostname = new URL(cleanUrl).hostname;
+      } catch {
+        continue;
+      }
+      if (isInternalHost(hostname)) continue;
+      const versionMatch = cleanUrl.match(/\/(v\d+(?:\.\d+)?)\b/i);
+      const params = cleanUrl.match(/[?&]([a-zA-Z0-9_.-]+)=/g)?.map((p) => p.replace(/[?&=]/g, "")) ?? [];
       integrations.push({
-        provider,
-        endpoint,
+        provider: hostname,
+        endpoint: cleanUrl,
         version: versionMatch ? versionMatch[1] : null,
         parameters: params,
         configOptions: extract(file.content, /\b(?:baseUrl|apiUrl|endpoint|timeout|retries|apiVersion)\b[^\n]*/gi, file.relPath),
-        authHints: extract(file.content, /\b(?:api[_-]?key|bearer\s+[a-z0-9_.-]+|client[_-]?secret|oauth)\b[^\n]*/gi, file.relPath)
+        authHints: extract(file.content, /\b(?:api[_-]?key|bearer\s+[a-z0-9_.-]+|client[_-]?secret|oauth)\b[^\n]*/gi, file.relPath),
+        files: [file.relPath]
       });
     }
     result.webhookUrls.push(...extract(file.content, /\bhttps?:\/\/[^\s'"`]*(?:webhook|hooks?)[^\s'"`]*/gi, file.relPath));
@@ -7651,18 +7938,27 @@ async function scanApiSurface(rootDir, fileCache) {
     result.rateLimitOverrides.push(...extract(file.content, /\b(?:rate[_-]?limit|max[_-]?requests|throttle)\b[^\n]*/gi, file.relPath));
     result.customHeaders.push(...extract(file.content, /\b(?:x-[a-z0-9-]+|authorization|user-agent)\b[^\n]*/gi, file.relPath));
     result.corsPolicies.push(...extract(file.content, /\b(?:cors|access-control-allow-origin|allowedOrigins)\b[^\n]*/gi, file.relPath));
-    result.oauthScopes.push(...extract(file.content, /\b(?:scope|scopes)\b[^\n]*(?:openid|profile|email|read|write)/gi, file.relPath));
+    result.oauthScopes.push(...extract(file.content, /\bscopes?\s*[=:]\s*['"][^'"]*(?:openid|profile|email|offline_access|read(?::\w+)?|write(?::\w+)?)[^'"]*['"]/gi, file.relPath));
     result.apiTokens.push(...extract(file.content, /\b(?:api[_-]?token|access[_-]?token|bearer[_-]?token)\b[^\n]*/gi, file.relPath));
   }
   const integrationMap = /* @__PURE__ */ new Map();
   for (const integration of integrations) {
-    const key = `${integration.provider}:${integration.endpoint}`;
-    integrationMap.set(key, {
-      ...integration,
-      parameters: uniq(integration.parameters),
-      configOptions: uniq(integration.configOptions),
-      authHints: uniq(integration.authHints)
-    });
+    const key = integration.endpoint;
+    const existing = integrationMap.get(key);
+    if (existing) {
+      existing.files = uniq([...existing.files, ...integration.files]);
+      existing.parameters = uniq([...existing.parameters, ...integration.parameters]);
+      existing.configOptions = uniq([...existing.configOptions, ...integration.configOptions]);
+      existing.authHints = uniq([...existing.authHints, ...integration.authHints]);
+    } else {
+      integrationMap.set(key, {
+        ...integration,
+        parameters: uniq(integration.parameters),
+        configOptions: uniq(integration.configOptions),
+        authHints: uniq(integration.authHints),
+        files: [...integration.files]
+      });
+    }
   }
   result.integrations = [...integrationMap.values()].sort((a, b) => a.provider.localeCompare(b.provider));
   result.openApiSpecifications = [...new Map(result.openApiSpecifications.map((spec) => [spec.path, spec])).values()].sort((a, b) => a.path.localeCompare(b.path));
@@ -7677,8 +7973,27 @@ async function scanApiSurface(rootDir, fileCache) {
   result.apiTokens = uniq(result.apiTokens);
   return result;
 }
+var NON_CODE_EXTENSIONS = /* @__PURE__ */ new Set([
+  ".md",
+  ".mdx",
+  ".markdown",
+  ".txt",
+  ".rst",
+  ".adoc",
+  ".asciidoc",
+  ".html",
+  ".htm",
+  ".pdf",
+  ".docx",
+  ".doc",
+  ".rtf"
+]);
 async function scanOperationalResilience(rootDir, fileCache) {
-  const files = await scanTextFiles(rootDir, fileCache);
+  const allFiles = await scanTextFiles(rootDir, fileCache);
+  const files = allFiles.filter((f) => {
+    const ext = path23.extname(f.relPath).toLowerCase();
+    return !NON_CODE_EXTENSIONS.has(ext);
+  });
   const result = {
     implicitTimeouts: [],
     defaultPaginationSize: [],
@@ -7795,98 +8110,6 @@ async function scanOssGovernance(rootDir, fileCache) {
   };
 }
 
-// src/utils/compact-evidence.ts
-var CATEGORY_PATTERNS = [
-  { category: "pricing", pattern: /price|pricing|billing|subscri|trial|credit|plan|tier|upgrade|premium|pro|enterprise/i },
-  { category: "auth", pattern: /sign[- ]?in|sign[- ]?up|log[- ]?in|log[- ]?out|auth|sso|oauth|password|register|invite|onboard/i },
-  { category: "dashboard", pattern: /dashboard|overview|home|main|summary|stats/i },
-  { category: "settings", pattern: /setting|config|preference|option|profile|account/i },
-  { category: "users", pattern: /user|member|team|role|permission|access|admin|owner/i },
-  { category: "integrations", pattern: /integrat|connect|webhook|api[- ]?key|sync|import|export/i },
-  { category: "reports", pattern: /report|analy|metric|chart|graph|insight|track/i },
-  { category: "workflows", pattern: /workflow|automat|schedule|trigger|action|job|task|pipeline/i },
-  { category: "projects", pattern: /project|workspace|organization|folder|repo/i },
-  { category: "navigation", pattern: /menu|nav|sidebar|header|footer|breadcrumb/i }
-];
-function compactUiPurpose(result, maxSamplesPerCategory = 3) {
-  const evidence = result.topEvidence;
-  const dependencies = evidence.filter((e) => e.kind === "dependency").map((e) => e.value).slice(0, 10);
-  const routes = dedupeRoutes(
-    evidence.filter((e) => e.kind === "route").map((e) => e.value)
-  ).slice(0, 15);
-  const textEvidence = evidence.filter(
-    (e) => e.kind !== "dependency" && e.kind !== "route" && e.kind !== "feature_flag"
-  );
-  const byCategory = /* @__PURE__ */ new Map();
-  const categoryCounts = {};
-  for (const item of textEvidence) {
-    const category = categorize(item.value);
-    if (!byCategory.has(category)) {
-      byCategory.set(category, /* @__PURE__ */ new Set());
-    }
-    const normalized = normalizeValue(item.value);
-    if (normalized.length >= 3) {
-      byCategory.get(category).add(normalized);
-    }
-  }
-  const samples = [];
-  for (const [category, values] of byCategory) {
-    const deduped = dedupeStrings([...values]);
-    categoryCounts[category] = deduped.length;
-    for (const value of deduped.slice(0, maxSamplesPerCategory)) {
-      samples.push({ kind: "text", value, category });
-    }
-  }
-  const featureFlags = evidence.filter((e) => e.kind === "feature_flag");
-  if (featureFlags.length > 0) {
-    categoryCounts["feature_flags"] = featureFlags.length;
-    samples.push({ kind: "feature_flag", value: "feature flags detected", category: "feature_flags" });
-  }
-  return {
-    samples,
-    categoryCounts,
-    originalCount: evidence.length,
-    dependencies,
-    routes,
-    detectedFrameworks: result.detectedFrameworks
-  };
-}
-function categorize(value) {
-  for (const { category, pattern } of CATEGORY_PATTERNS) {
-    if (pattern.test(value)) return category;
-  }
-  return "general";
-}
-function normalizeValue(value) {
-  return value.toLowerCase().replace(/[^a-z0-9\s-]/g, " ").replace(/\s+/g, " ").trim().slice(0, 60);
-}
-function dedupeStrings(values) {
-  const sorted = values.sort((a, b) => b.length - a.length);
-  const kept = [];
-  for (const value of sorted) {
-    const isDupe = kept.some((k) => {
-      const stem = value.slice(0, 6);
-      return k.startsWith(stem) || k.includes(value) || value.includes(k);
-    });
-    if (!isDupe) {
-      kept.push(value);
-    }
-  }
-  return kept;
-}
-function dedupeRoutes(routes) {
-  const seen = /* @__PURE__ */ new Set();
-  const result = [];
-  for (const route of routes) {
-    const normalized = route.replace(/:[a-z_]+/gi, ":param").replace(/\[\[*\.*\.*[a-z_]+\]*\]/gi, ":param").replace(/\/+$/, "").toLowerCase();
-    if (!seen.has(normalized)) {
-      seen.add(normalized);
-      result.push(route);
-    }
-  }
-  return result;
-}
-
 // src/utils/tool-installer.ts
 import { spawn as spawn5 } from "child_process";
 import chalk5 from "chalk";
@@ -8745,12 +8968,10 @@ async function runScan(rootDir, opts) {
     steps: progress.getStepTimings()
   });
   if (!opts.noLocalArtifacts && !maxPrivacyMode) {
+    const projectScores = {};
     for (const project of allProjects) {
       if (project.drift && project.path) {
-        const projectDir = path24.resolve(rootDir, project.path);
-        const projectVibgrateDir = path24.join(projectDir, ".vibgrate");
-        await ensureDir(projectVibgrateDir);
-        await writeJsonFile(path24.join(projectVibgrateDir, "project_score.json"), {
+        projectScores[project.path] = {
           projectId: project.projectId,
           name: project.name,
           type: project.type,
@@ -8763,9 +8984,14 @@ async function runScan(rootDir, opts) {
           vibgrateVersion: VERSION,
           solutionId: project.solutionId,
           solutionName: project.solutionName
-        });
+        };
       }
     }
+    if (Object.keys(projectScores).length > 0) {
+      const vibgrateDir = path24.join(rootDir, ".vibgrate");
+      await ensureDir(vibgrateDir);
+      await writeJsonFile(path24.join(vibgrateDir, "project_scores.json"), projectScores);
+    }
   }
   if (opts.format === "json") {
     const jsonStr = JSON.stringify(artifact, null, 2);
@@ -8836,7 +9062,7 @@ async function autoPush(artifact, rootDir, opts) {
     if (opts.strict) process.exit(1);
     return;
   }
-  const body = JSON.stringify(artifact);
+  const { body, contentEncoding } = await prepareCompressedUpload(artifact);
   const timestamp = String(Date.now());
   let host = parsed.host;
   if (opts.region) {
@@ -8849,12 +9075,16 @@ async function autoPush(artifact, rootDir, opts) {
     }
   }
   const url = `${parsed.scheme}://${host}/v1/ingest/scan`;
-  console.log(chalk6.dim(`Uploading to ${host}...`));
+  const originalSize = JSON.stringify(artifact).length;
+  const compressedSize = body.length;
+  const ratio = ((1 - compressedSize / originalSize) * 100).toFixed(0);
+  console.log(chalk6.dim(`Uploading to ${host}... (${(compressedSize / 1024).toFixed(0)} KB, ${ratio}% smaller)`));
   try {
     const response = await fetch(url, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
+        "Content-Encoding": contentEncoding,
         "X-Vibgrate-Timestamp": timestamp,
         "Authorization": `VibgrateDSN ${parsed.keyId}:${parsed.secret}`,
         "Connection": "close"

package/dist/{chunk-VGZRUFB4.js → chunk-NASOHLRL.js}

@@ -1,6 +1,6 @@
 import {
   runScan
-} from "./chunk-XDZGC6KJ.js";
+} from "./chunk-56UAFVE4.js";
 import {
   writeJsonFile
 } from "./chunk-TBE6NQ5Z.js";

package/dist/cli.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   baselineCommand
-} from "./chunk-VGZRUFB4.js";
+} from "./chunk-NASOHLRL.js";
 import {
   VERSION,
   dsnCommand,
@@ -10,7 +10,7 @@ import {
   pushCommand,
   scanCommand,
   writeDefaultConfig
-} from "./chunk-XDZGC6KJ.js";
+} from "./chunk-56UAFVE4.js";
 import {
   ensureDir,
   pathExists,
@@ -39,7 +39,7 @@ var initCommand = new Command("init").description("Initialize vibgrate in a proj
     console.log(chalk.green("\u2714") + ` Created ${chalk.bold("vibgrate.config.ts")}`);
   }
   if (opts.baseline) {
-    const { runBaseline } = await import("./baseline-WRLXEJGA.js");
+    const { runBaseline } = await import("./baseline-YGEO4GK7.js");
     await runBaseline(rootDir);
   }
   console.log("");

package/dist/index.d.ts

@@ -541,6 +541,7 @@ interface ApiIntegration {
     parameters: string[];
     configOptions: string[];
     authHints: string[];
+    files: string[];
 }
 interface ApiSurfaceResult {
     integrations: ApiIntegration[];

package/dist/index.js

@@ -5,7 +5,7 @@ import {
   formatText,
   generateFindings,
   runScan
-} from "./chunk-XDZGC6KJ.js";
+} from "./chunk-56UAFVE4.js";
 import "./chunk-TBE6NQ5Z.js";
 export {
   computeDriftScore,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibgrate/cli",
-  "version": "1.0.65",
+  "version": "1.0.67",
   "description": "CLI for measuring upgrade drift across Node, .NET, Python & Java projects",
   "type": "module",
   "bin": {