npm - brakit - Versions diffs - 0.9.2 → 0.10.1 - Mend

brakit 0.9.2 → 0.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/api.d.ts +148 -5
package/dist/api.js +232 -54
package/dist/bin/brakit.js +228 -35
package/dist/dashboard-client.global.js +742 -385
package/dist/dashboard.html +933 -432
package/dist/mcp/server.js +99 -21
package/dist/runtime/index.js +1551 -430
package/package.json +1 -1

package/dist/runtime/index.js CHANGED Viewed

@@ -15,7 +15,7 @@ var __export = (target, all) => {
 };
 // src/constants/config.ts
-var MAX_REQUEST_ENTRIES, DEFAULT_MAX_BODY_CAPTURE, DEFAULT_API_LIMIT, MAX_TELEMETRY_ENTRIES, MAX_TAB_NAME_LENGTH, MAX_INGEST_BYTES, TERMINAL_TRUNCATE_LENGTH, SENSITIVE_MASK_MIN_LENGTH, SENSITIVE_MASK_VISIBLE_CHARS, MAX_JSON_BODY_BYTES, ANALYSIS_DEBOUNCE_MS, ISSUE_ID_HASH_LENGTH, ISSUES_DATA_VERSION, SENSITIVE_MASK_PLACEHOLDER, PROJECT_HASH_LENGTH, SECRET_SCAN_ARRAY_LIMIT, PII_SCAN_ARRAY_LIMIT, MIN_SECRET_VALUE_LENGTH, FULL_RECORD_MIN_FIELDS, LIST_PII_MIN_ITEMS, MAX_API_LIMIT, MAX_OBJECT_SCAN_DEPTH, MAX_UNIQUE_ENDPOINTS, MAX_ACCUMULATOR_ENTRIES, ISSUE_PRUNE_TTL_MS, FLOW_GAP_MS, SLOW_REQUEST_THRESHOLD_MS, MIN_POLLING_SEQUENCE, ENDPOINT_TRUNCATE_LENGTH, N1_QUERY_THRESHOLD, ERROR_RATE_THRESHOLD_PCT, MIN_REQUESTS_FOR_INSIGHT, HIGH_QUERY_COUNT_PER_REQ, CROSS_ENDPOINT_MIN_ENDPOINTS, CROSS_ENDPOINT_PCT, CROSS_ENDPOINT_MIN_OCCURRENCES, REDUNDANT_QUERY_MIN_COUNT, LARGE_RESPONSE_BYTES, HIGH_ROW_COUNT, OVERFETCH_MIN_REQUESTS, OVERFETCH_MIN_FIELDS, OVERFETCH_MIN_INTERNAL_IDS, OVERFETCH_NULL_RATIO, REGRESSION_PCT_THRESHOLD, REGRESSION_MIN_INCREASE_MS, REGRESSION_MIN_REQUESTS, QUERY_COUNT_REGRESSION_RATIO, OVERFETCH_MANY_FIELDS, OVERFETCH_UNWRAP_MIN_SIZE, MAX_DUPLICATE_INSIGHTS, INSIGHT_WINDOW_PER_ENDPOINT, CLEAN_HITS_FOR_RESOLUTION, STALE_ISSUE_TTL_MS, STRICT_MODE_MAX_GAP_MS, BASELINE_MIN_SESSIONS, BASELINE_MIN_REQUESTS_PER_SESSION, BASELINE_PENDING_POINTS_MIN, METRICS_DIR, METRICS_FILE, PORT_FILE, ISSUES_FILE, METRICS_FLUSH_INTERVAL_MS, METRICS_MAX_SESSIONS, METRICS_MAX_DATA_POINTS, ISSUES_FLUSH_INTERVAL_MS, SSE_HEARTBEAT_INTERVAL_MS, NOISE_HOSTS, NOISE_PATH_PATTERNS, VALID_ISSUE_STATES, VALID_ISSUE_CATEGORIES, VALID_AI_FIX_STATUSES, TELEMETRY_EVENT_SETUP_COMPLETED, TELEMETRY_EVENT_FIRST_REQUEST, TELEMETRY_EVENT_DASHBOARD_VIEWED, TELEMETRY_EVENT_SESSION, EXIT_REASON_CLEAN, EXIT_REASON_SIGINT, EXIT_REASON_SIGTERM, DETAIL_PREVIEW_LENGTH, KNOWN_DEPENDENCY_NAMES;
+var MAX_REQUEST_ENTRIES, DEFAULT_MAX_BODY_CAPTURE, DEFAULT_API_LIMIT, MAX_TELEMETRY_ENTRIES, MAX_TAB_NAME_LENGTH, MAX_INGEST_BYTES, TERMINAL_TRUNCATE_LENGTH, SENSITIVE_MASK_MIN_LENGTH, SENSITIVE_MASK_VISIBLE_CHARS, MAX_JSON_BODY_BYTES, ANALYSIS_DEBOUNCE_MS, ISSUE_ID_HASH_LENGTH, ISSUES_DATA_VERSION, SENSITIVE_MASK_PLACEHOLDER, PROJECT_HASH_LENGTH, SECRET_SCAN_ARRAY_LIMIT, PII_SCAN_ARRAY_LIMIT, MIN_SECRET_VALUE_LENGTH, FULL_RECORD_MIN_FIELDS, LIST_PII_MIN_ITEMS, MAX_API_LIMIT, MAX_OBJECT_SCAN_DEPTH, MAX_UNIQUE_ENDPOINTS, MAX_ACCUMULATOR_ENTRIES, ISSUE_PRUNE_TTL_MS, FLOW_GAP_MS, SLOW_REQUEST_THRESHOLD_MS, MIN_POLLING_SEQUENCE, ENDPOINT_TRUNCATE_LENGTH, N1_QUERY_THRESHOLD, ERROR_RATE_THRESHOLD_PCT, MIN_REQUESTS_FOR_INSIGHT, HIGH_QUERY_COUNT_PER_REQ, CROSS_ENDPOINT_MIN_ENDPOINTS, CROSS_ENDPOINT_PCT, CROSS_ENDPOINT_MIN_OCCURRENCES, REDUNDANT_QUERY_MIN_COUNT, LARGE_RESPONSE_BYTES, HIGH_ROW_COUNT, OVERFETCH_MIN_REQUESTS, OVERFETCH_MIN_FIELDS, OVERFETCH_MIN_INTERNAL_IDS, OVERFETCH_NULL_RATIO, REGRESSION_PCT_THRESHOLD, REGRESSION_MIN_INCREASE_MS, REGRESSION_MIN_REQUESTS, QUERY_COUNT_REGRESSION_RATIO, OVERFETCH_MANY_FIELDS, OVERFETCH_UNWRAP_MIN_SIZE, MAX_DUPLICATE_INSIGHTS, INSIGHT_WINDOW_PER_ENDPOINT, CLEAN_HITS_FOR_RESOLUTION, STALE_ISSUE_TTL_MS, STRICT_MODE_MAX_GAP_MS, BASELINE_MIN_SESSIONS, BASELINE_MIN_REQUESTS_PER_SESSION, BASELINE_PENDING_POINTS_MIN, METRICS_DIR, METRICS_FILE, PORT_FILE, ISSUES_FILE, METRICS_FLUSH_INTERVAL_MS, METRICS_MAX_SESSIONS, METRICS_MAX_DATA_POINTS, ISSUES_FLUSH_INTERVAL_MS, SSE_HEARTBEAT_INTERVAL_MS, NOISE_HOSTS, NOISE_PATH_PATTERNS, VALID_ISSUE_STATES, VALID_ISSUE_CATEGORIES, VALID_AI_FIX_STATUSES, TELEMETRY_EVENT_SETUP_COMPLETED, TELEMETRY_EVENT_FIRST_REQUEST, TELEMETRY_EVENT_DASHBOARD_VIEWED, TELEMETRY_EVENT_SESSION, TELEMETRY_EVENT_GRAPH_FEATURE, EXIT_REASON_CLEAN, EXIT_REASON_SIGINT, EXIT_REASON_SIGTERM, DETAIL_PREVIEW_LENGTH, KNOWN_DEPENDENCY_NAMES;
 var init_config = __esm({
   "src/constants/config.ts"() {
     "use strict";
@@ -94,6 +94,7 @@ var init_config = __esm({
     TELEMETRY_EVENT_FIRST_REQUEST = "first_request";
     TELEMETRY_EVENT_DASHBOARD_VIEWED = "dashboard_viewed";
     TELEMETRY_EVENT_SESSION = "session";
+    TELEMETRY_EVENT_GRAPH_FEATURE = "graph_feature";
     EXIT_REASON_CLEAN = "clean";
     EXIT_REASON_SIGINT = "sigint";
     EXIT_REASON_SIGTERM = "sigterm";
@@ -104,11 +105,14 @@ var init_config = __esm({
       "nuxt",
       "vite",
       "astro",
+      "@nestjs/core",
+      "@adonisjs/core",
+      "sails",
       "express",
       "fastify",
       "hono",
       "koa",
-      "nest",
+      "@hapi/hapi",
       "prisma",
       "drizzle-orm",
       "typeorm",
@@ -118,7 +122,7 @@ var init_config = __esm({
 });
 // src/constants/labels.ts
-var DASHBOARD_PREFIX, DASHBOARD_API_REQUESTS, DASHBOARD_API_EVENTS, DASHBOARD_API_FLOWS, DASHBOARD_API_CLEAR, DASHBOARD_API_LOGS, DASHBOARD_API_FETCHES, DASHBOARD_API_ERRORS, DASHBOARD_API_QUERIES, DASHBOARD_API_INGEST, DASHBOARD_API_METRICS, DASHBOARD_API_ACTIVITY, DASHBOARD_API_METRICS_LIVE, DASHBOARD_API_INSIGHTS, DASHBOARD_API_SECURITY, DASHBOARD_API_TAB, DASHBOARD_API_FINDINGS, DASHBOARD_API_FINDINGS_REPORT, VALID_TABS_TUPLE, VALID_TABS, BRAKIT_REQUEST_ID_HEADER, BRAKIT_FETCH_ID_HEADER, SENSITIVE_HEADER_NAMES, HTTP_OK, HTTP_NO_CONTENT, HTTP_BAD_REQUEST, HTTP_NOT_FOUND, HTTP_METHOD_NOT_ALLOWED, HTTP_PAYLOAD_TOO_LARGE, HTTP_INTERNAL_ERROR, SECURITY_HEADERS, CONTENT_ENCODING_GZIP, CONTENT_ENCODING_BR, CONTENT_ENCODING_DEFLATE, SEVERITY_ICON, SSE_EVENT_FETCH, SSE_EVENT_LOG, SSE_EVENT_ERROR, SSE_EVENT_QUERY, SSE_EVENT_ISSUES, SDK_EVENT_REQUEST, SDK_EVENT_DB_QUERY, SDK_EVENT_FETCH, SDK_EVENT_LOG, SDK_EVENT_ERROR, SDK_EVENT_AUTH_CHECK, POSTHOG_HOST, POSTHOG_CAPTURE_PATH, POSTHOG_REQUEST_TIMEOUT_MS, SPEED_BUCKET_THRESHOLDS, TIMELINE_FETCH, TIMELINE_LOG, TIMELINE_ERROR, TIMELINE_QUERY;
+var DASHBOARD_PREFIX, DASHBOARD_API_REQUESTS, DASHBOARD_API_EVENTS, DASHBOARD_API_FLOWS, DASHBOARD_API_CLEAR, DASHBOARD_API_LOGS, DASHBOARD_API_FETCHES, DASHBOARD_API_ERRORS, DASHBOARD_API_QUERIES, DASHBOARD_API_INGEST, DASHBOARD_API_METRICS, DASHBOARD_API_ACTIVITY, DASHBOARD_API_METRICS_LIVE, DASHBOARD_API_INSIGHTS, DASHBOARD_API_SECURITY, DASHBOARD_API_TAB, DASHBOARD_API_FINDINGS, DASHBOARD_API_FINDINGS_REPORT, DASHBOARD_API_GRAPH, VALID_TABS_TUPLE, VALID_TABS, BRAKIT_REQUEST_ID_HEADER, BRAKIT_FETCH_ID_HEADER, SENSITIVE_HEADER_NAMES, HTTP_OK, HTTP_NO_CONTENT, HTTP_BAD_REQUEST, HTTP_NOT_FOUND, HTTP_METHOD_NOT_ALLOWED, HTTP_PAYLOAD_TOO_LARGE, HTTP_INTERNAL_ERROR, SECURITY_HEADERS, CONTENT_ENCODING_GZIP, CONTENT_ENCODING_BR, CONTENT_ENCODING_DEFLATE, SEVERITY_ICON, SSE_EVENT_FETCH, SSE_EVENT_LOG, SSE_EVENT_ERROR, SSE_EVENT_QUERY, SSE_EVENT_ISSUES, SDK_EVENT_REQUEST, SDK_EVENT_DB_QUERY, SDK_EVENT_FETCH, SDK_EVENT_LOG, SDK_EVENT_ERROR, SDK_EVENT_AUTH_CHECK, POSTHOG_HOST, POSTHOG_CAPTURE_PATH, POSTHOG_REQUEST_TIMEOUT_MS, SPEED_BUCKET_THRESHOLDS, TIMELINE_FETCH, TIMELINE_LOG, TIMELINE_ERROR, TIMELINE_QUERY;
 var init_labels = __esm({
   "src/constants/labels.ts"() {
     "use strict";
@@ -140,16 +144,14 @@ var init_labels = __esm({
     DASHBOARD_API_TAB = `${DASHBOARD_PREFIX}/api/tab`;
     DASHBOARD_API_FINDINGS = `${DASHBOARD_PREFIX}/api/findings`;
     DASHBOARD_API_FINDINGS_REPORT = `${DASHBOARD_PREFIX}/api/findings/report`;
+    DASHBOARD_API_GRAPH = `${DASHBOARD_PREFIX}/api/graph`;
     VALID_TABS_TUPLE = [
       "overview",
       "actions",
-      "requests",
-      "fetches",
-      "queries",
-      "errors",
-      "logs",
+      "insights",
       "performance",
-      "security"
+      "graph",
+      "explorer"
     ];
     VALID_TABS = new Set(VALID_TABS_TUPLE);
     BRAKIT_REQUEST_ID_HEADER = "x-brakit-request-id";
@@ -173,7 +175,7 @@ var init_labels = __esm({
       "x-content-type-options": "nosniff",
       "x-frame-options": "DENY",
       "referrer-policy": "no-referrer",
-      "content-security-policy": "default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; connect-src 'self'; img-src data:"
+      "content-security-policy": "default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; connect-src 'self'; img-src data: blob:"
     };
     CONTENT_ENCODING_GZIP = "gzip";
     CONTENT_ENCODING_BR = "br";
@@ -336,6 +338,214 @@ var init_fetch = __esm({
   }
 });
+// src/utils/log.ts
+function brakitWarn(message) {
+  process.stderr.write(`${PREFIX} ${message}
+`);
+}
+function brakitDebug(message) {
+  if (process.env.DEBUG_BRAKIT) {
+    process.stderr.write(`${PREFIX}:debug ${message}
+`);
+  }
+}
+var PREFIX;
+var init_log = __esm({
+  "src/utils/log.ts"() {
+    "use strict";
+    PREFIX = "[brakit]";
+  }
+});
+// src/utils/type-guards.ts
+function isString(val) {
+  return typeof val === "string";
+}
+function isNumber(val) {
+  return typeof val === "number" && !isNaN(val);
+}
+function isBoolean(val) {
+  return typeof val === "boolean";
+}
+function isThenable(value) {
+  return value != null && typeof value.then === "function";
+}
+function getErrorMessage(err) {
+  if (err instanceof Error) return err.message;
+  if (typeof err === "string") return err;
+  return String(err);
+}
+function isValidIssueState(val) {
+  return typeof val === "string" && VALID_ISSUE_STATES.has(val);
+}
+function isValidIssueCategory(val) {
+  return typeof val === "string" && VALID_ISSUE_CATEGORIES.has(val);
+}
+function isValidAiFixStatus(val) {
+  return typeof val === "string" && VALID_AI_FIX_STATUSES.has(val);
+}
+function validateIssuesData(parsed) {
+  if (parsed == null || typeof parsed !== "object" || Array.isArray(parsed)) return null;
+  const obj = parsed;
+  if (obj.version === ISSUES_DATA_VERSION && Array.isArray(obj.issues)) {
+    return parsed;
+  }
+  return null;
+}
+function validateMetricsData(parsed) {
+  if (parsed == null || typeof parsed !== "object" || Array.isArray(parsed)) return null;
+  const obj = parsed;
+  if (obj.version === 1 && Array.isArray(obj.endpoints)) {
+    return parsed;
+  }
+  return null;
+}
+var init_type_guards = __esm({
+  "src/utils/type-guards.ts"() {
+    "use strict";
+    init_config();
+  }
+});
+// src/runtime/capture.ts
+import { gunzip, brotliDecompress, inflate } from "zlib";
+function outgoingToIncoming(headers2) {
+  const result = {};
+  for (const [key, value] of Object.entries(headers2)) {
+    if (value === void 0) continue;
+    if (Array.isArray(value)) {
+      result[key] = value.map(String);
+    } else {
+      result[key] = String(value);
+    }
+  }
+  return result;
+}
+function getDecompressor(encoding) {
+  if (encoding === CONTENT_ENCODING_GZIP) return gunzip;
+  if (encoding === CONTENT_ENCODING_BR) return brotliDecompress;
+  if (encoding === CONTENT_ENCODING_DEFLATE) return inflate;
+  return null;
+}
+function decompressAsync(body, encoding) {
+  const decompressor = getDecompressor(encoding);
+  if (!decompressor) return Promise.resolve(body);
+  return new Promise((resolve6) => {
+    decompressor(body, (err, result) => {
+      resolve6(err ? body : result);
+    });
+  });
+}
+function toBuffer(chunk) {
+  if (Buffer.isBuffer(chunk)) return chunk;
+  if (chunk instanceof Uint8Array) return Buffer.from(chunk.buffer, chunk.byteOffset, chunk.byteLength);
+  if (typeof chunk === "string") return Buffer.from(chunk);
+  return null;
+}
+function drainPendingCaptures() {
+  if (pendingCaptures === 0) return Promise.resolve();
+  return new Promise((resolve6) => {
+    drainResolvers.push(resolve6);
+  });
+}
+function onCaptureSettled() {
+  pendingCaptures--;
+  if (pendingCaptures === 0 && drainResolvers.length > 0) {
+    const resolvers = drainResolvers;
+    drainResolvers = [];
+    for (const resolve6 of resolvers) resolve6();
+  }
+}
+function captureInProcess(req, res, requestId, requestStore, isChild = false) {
+  const startTime = performance.now();
+  const method = req.method ?? "GET";
+  const resChunks = [];
+  let resSize = 0;
+  const originalWrite = res.write;
+  const originalEnd = res.end;
+  let truncated = false;
+  res.write = function(...args) {
+    try {
+      const chunk = args[0];
+      if (chunk != null && typeof chunk !== "function") {
+        if (resSize < DEFAULT_MAX_BODY_CAPTURE) {
+          const buf = toBuffer(chunk);
+          if (buf) {
+            resChunks.push(buf);
+            resSize += buf.length;
+          }
+        } else {
+          truncated = true;
+        }
+      }
+    } catch (e) {
+      brakitDebug(`capture write: ${getErrorMessage(e)}`);
+    }
+    return originalWrite.apply(this, args);
+  };
+  res.end = function(...args) {
+    try {
+      const chunk = typeof args[0] !== "function" ? args[0] : void 0;
+      if (chunk != null && resSize < DEFAULT_MAX_BODY_CAPTURE) {
+        const buf = toBuffer(chunk);
+        if (buf) {
+          resChunks.push(buf);
+        }
+      }
+    } catch (e) {
+      brakitDebug(`capture end: ${getErrorMessage(e)}`);
+    }
+    const result = originalEnd.apply(this, args);
+    const endTime = performance.now();
+    const encoding = String(res.getHeader("content-encoding") ?? "").toLowerCase();
+    const statusCode = res.statusCode;
+    const responseHeaders = outgoingToIncoming(res.getHeaders());
+    const responseContentType = String(res.getHeader("content-type") ?? "");
+    const capturedChunks = resChunks.slice();
+    if (!isChild) {
+      pendingCaptures++;
+      void (async () => {
+        try {
+          let body = capturedChunks.length > 0 ? Buffer.concat(capturedChunks) : null;
+          if (body && encoding && !truncated) {
+            body = await decompressAsync(body, encoding);
+          }
+          requestStore.capture({
+            requestId,
+            method,
+            url: req.url ?? "/",
+            requestHeaders: req.headers,
+            requestBody: null,
+            statusCode,
+            responseHeaders,
+            responseBody: body,
+            responseContentType,
+            startTime,
+            endTime,
+            config: { maxBodyCapture: DEFAULT_MAX_BODY_CAPTURE }
+          });
+        } catch (e) {
+          brakitDebug(`capture store: ${getErrorMessage(e)}`);
+        } finally {
+          onCaptureSettled();
+        }
+      })();
+    }
+    return result;
+  };
+}
+var pendingCaptures, drainResolvers;
+var init_capture = __esm({
+  "src/runtime/capture.ts"() {
+    "use strict";
+    init_constants();
+    init_log();
+    init_type_guards();
+    pendingCaptures = 0;
+    drainResolvers = [];
+  }
+});
 // src/instrument/hooks/console.ts
 import { format } from "util";
 function setupConsoleHook(emit) {
@@ -486,7 +696,15 @@ var init_adapter_registry = __esm({
 function normalizeSQL(sql) {
   if (!sql) return { op: "OTHER", table: "" };
   const trimmed = sql.trim();
-  const keyword = trimmed.split(/\s+/, 1)[0].toUpperCase();
+  let spaceIdx = -1;
+  for (let i = 0; i < trimmed.length; i++) {
+    const c = trimmed[i];
+    if (c === " " || c === "	" || c === "\n" || c === "\r") {
+      spaceIdx = i;
+      break;
+    }
+  }
+  const keyword = (spaceIdx === -1 ? trimmed : trimmed.slice(0, spaceIdx)).toUpperCase();
   const op = VALID_OPS.has(keyword) ? keyword : "OTHER";
   const table = trimmed.match(TABLE_RE)?.[1] ?? "";
   return { op, table };
@@ -528,75 +746,6 @@ var init_normalize = __esm({
   }
 });
-// src/utils/type-guards.ts
-function isString(val) {
-  return typeof val === "string";
-}
-function isNumber(val) {
-  return typeof val === "number" && !isNaN(val);
-}
-function isBoolean(val) {
-  return typeof val === "boolean";
-}
-function isThenable(value) {
-  return value != null && typeof value.then === "function";
-}
-function getErrorMessage(err) {
-  if (err instanceof Error) return err.message;
-  if (typeof err === "string") return err;
-  return String(err);
-}
-function isValidIssueState(val) {
-  return typeof val === "string" && VALID_ISSUE_STATES.has(val);
-}
-function isValidIssueCategory(val) {
-  return typeof val === "string" && VALID_ISSUE_CATEGORIES.has(val);
-}
-function isValidAiFixStatus(val) {
-  return typeof val === "string" && VALID_AI_FIX_STATUSES.has(val);
-}
-function validateIssuesData(parsed) {
-  if (parsed == null || typeof parsed !== "object" || Array.isArray(parsed)) return null;
-  const obj = parsed;
-  if (obj.version === ISSUES_DATA_VERSION && Array.isArray(obj.issues)) {
-    return parsed;
-  }
-  return null;
-}
-function validateMetricsData(parsed) {
-  if (parsed == null || typeof parsed !== "object" || Array.isArray(parsed)) return null;
-  const obj = parsed;
-  if (obj.version === 1 && Array.isArray(obj.endpoints)) {
-    return parsed;
-  }
-  return null;
-}
-var init_type_guards = __esm({
-  "src/utils/type-guards.ts"() {
-    "use strict";
-    init_config();
-  }
-});
-// src/utils/log.ts
-function brakitWarn(message) {
-  process.stderr.write(`${PREFIX} ${message}
-`);
-}
-function brakitDebug(message) {
-  if (process.env.DEBUG_BRAKIT) {
-    process.stderr.write(`${PREFIX}:debug ${message}
-`);
-  }
-}
-var PREFIX;
-var init_log = __esm({
-  "src/utils/log.ts"() {
-    "use strict";
-    PREFIX = "[brakit]";
-  }
-});
 // src/instrument/adapters/shared.ts
 import { createRequire } from "module";
 function tryRequire(id) {
@@ -862,11 +1011,54 @@ var init_adapters = __esm({
     init_mysql2();
     init_prisma();
   }
-});
-// src/utils/endpoint.ts
+});
+// src/utils/endpoint.ts
+function isUUID(s) {
+  if (s.length !== UUID_LEN) return false;
+  for (let i = 0; i < s.length; i++) {
+    const c = s[i];
+    if (i === 8 || i === 13 || i === 18 || i === 23) {
+      if (c !== "-") return false;
+    } else {
+      if (!isHexChar(c)) return false;
+    }
+  }
+  return true;
+}
+function isHexChar(c) {
+  const code = c.charCodeAt(0);
+  return code >= 48 && code <= 57 || code >= 65 && code <= 70 || code >= 97 && code <= 102;
+}
+function isNumericId(s) {
+  if (s.length === 0) return false;
+  for (let i = 0; i < s.length; i++) {
+    const code = s.charCodeAt(i);
+    if (code < 48 || code > 57) return false;
+  }
+  return true;
+}
+function isHexHash(s) {
+  if (s.length < MIN_HEX_LEN) return false;
+  for (let i = 0; i < s.length; i++) {
+    if (!isHexChar(s[i])) return false;
+  }
+  return true;
+}
+function isAlphanumericToken(s) {
+  if (s.length < MIN_TOKEN_LEN) return false;
+  let hasLetter = false;
+  let hasDigit = false;
+  for (let i = 0; i < s.length; i++) {
+    const code = s.charCodeAt(i);
+    if (code >= 65 && code <= 90 || code >= 97 && code <= 122) hasLetter = true;
+    else if (code >= 48 && code <= 57) hasDigit = true;
+    else if (code !== 95 && code !== 45) return false;
+  }
+  return hasLetter && hasDigit;
+}
 function isDynamicSegment(segment) {
-  return UUID_RE.test(segment) || NUMERIC_ID_RE.test(segment) || HEX_HASH_RE.test(segment) || ALPHA_TOKEN_RE.test(segment);
+  return isUUID(segment) || isNumericId(segment) || isHexHash(segment) || isAlphanumericToken(segment);
 }
 function normalizePath(path) {
   const qIdx = path.indexOf("?");
@@ -877,22 +1069,24 @@ function getEndpointKey(method, path) {
   return `${method} ${normalizePath(path)}`;
 }
 function extractEndpointFromDesc(desc) {
-  return desc.match(ENDPOINT_PREFIX_RE)?.[1] ?? null;
+  const spaceIdx = desc.indexOf(" ");
+  if (spaceIdx <= 0) return null;
+  const secondSpace = desc.indexOf(" ", spaceIdx + 1);
+  if (secondSpace === -1) return desc;
+  return desc.slice(0, secondSpace);
 }
 function stripQueryString(path) {
   const i = path.indexOf("?");
   return i === -1 ? path : path.slice(0, i);
 }
-var UUID_RE, NUMERIC_ID_RE, HEX_HASH_RE, ALPHA_TOKEN_RE, DYNAMIC_SEGMENT_PLACEHOLDER, ENDPOINT_PREFIX_RE;
+var UUID_LEN, MIN_HEX_LEN, MIN_TOKEN_LEN, DYNAMIC_SEGMENT_PLACEHOLDER;
 var init_endpoint = __esm({
   "src/utils/endpoint.ts"() {
     "use strict";
-    UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
-    NUMERIC_ID_RE = /^\d+$/;
-    HEX_HASH_RE = /^[0-9a-f]{12,}$/i;
-    ALPHA_TOKEN_RE = /^(?=.*[a-zA-Z])(?=.*\d)[a-zA-Z0-9_-]{8,}$/;
+    UUID_LEN = 36;
+    MIN_HEX_LEN = 12;
+    MIN_TOKEN_LEN = 8;
     DYNAMIC_SEGMENT_PLACEHOLDER = ":id";
-    ENDPOINT_PREFIX_RE = /^(\S+\s+\S+)/;
   }
 });
@@ -913,6 +1107,10 @@ var init_http_status = __esm({
 });
 // src/analysis/categorize.ts
+function isAuthPath(path) {
+  const lower = path.toLowerCase();
+  return lower.startsWith("/api/auth") || lower.startsWith("/clerk") || lower.startsWith("/api/clerk");
+}
 function detectCategory(req) {
   const { method, url, statusCode, responseHeaders } = req;
   if (req.isStatic) return "static";
@@ -921,7 +1119,7 @@ function detectCategory(req) {
     return "auth-handshake";
   }
   const effectivePath = getEffectivePath(req);
-  if (/^\/api\/auth/i.test(effectivePath) || /^\/(api\/)?clerk/i.test(effectivePath)) {
+  if (isAuthPath(effectivePath)) {
     return "auth-check";
   }
   if (method === "POST" && !effectivePath.startsWith("/api/")) {
@@ -945,6 +1143,13 @@ function detectCategory(req) {
   }
   return "unknown";
 }
+function hasAuthCredentials(req) {
+  if (req.headers["authorization"]) return true;
+  const cookie = (req.headers["cookie"] || "").toLowerCase();
+  if (cookie && AUTH_COOKIE_NAMES.some((name) => cookie.includes(name))) return true;
+  if (req.statusCode === 401) return true;
+  return false;
+}
 function getEffectivePath(req) {
   const rewrite = req.responseHeaders["x-middleware-rewrite"];
   if (!rewrite) return req.path;
@@ -955,9 +1160,21 @@ function getEffectivePath(req) {
     return rewrite.startsWith("/") ? rewrite : req.path;
   }
 }
+var AUTH_COOKIE_NAMES;
 var init_categorize = __esm({
   "src/analysis/categorize.ts"() {
     "use strict";
+    AUTH_COOKIE_NAMES = [
+      "__session=",
+      "__clerk",
+      "__host-next-auth",
+      "next-auth.session-token=",
+      "auth_token=",
+      "session_id=",
+      "access_token=",
+      "_session=",
+      "appsession="
+    ];
   }
 });
@@ -1016,8 +1233,11 @@ function generateHumanLabel(req, category) {
       return failed ? `${req.method} ${req.path} failed` : `${req.method} ${req.path}`;
   }
 }
+function stripApiPrefix(s) {
+  return s.startsWith("/api/") ? s.slice(5) : s;
+}
 function prettifyEndpoint(name) {
-  const cleaned = name.replace(/^\/api\//, "").replace(/\//g, " ").replace(/\.\.\./g, "").trim();
+  const cleaned = stripApiPrefix(name).split("/").join(" ").split("...").join("").trim();
   if (!cleaned) return "data";
   return cleaned.split(" ").map((word) => {
     if (word.endsWith("ses") || word.endsWith("us") || word.endsWith("ss"))
@@ -1029,22 +1249,8 @@ function prettifyEndpoint(name) {
 }
 function deriveActionVerb(method, endpointName) {
   const lower = endpointName.toLowerCase();
-  const VERB_PATTERNS = [
-    [/enhance/, "Enhanced"],
-    [/generate/, "Generated"],
-    [/create/, "Created"],
-    [/update/, "Updated"],
-    [/delete|remove/, "Deleted"],
-    [/send/, "Sent"],
-    [/upload/, "Uploaded"],
-    [/save/, "Saved"],
-    [/submit/, "Submitted"],
-    [/login|signin/, "Logged in"],
-    [/logout|signout/, "Logged out"],
-    [/register|signup/, "Registered"]
-  ];
-  for (const [pattern, verb] of VERB_PATTERNS) {
-    if (pattern.test(lower)) return verb;
+  for (const [keyword, verb] of VERB_MAP) {
+    if (lower.includes(keyword)) return verb;
   }
   switch (method) {
     case "POST":
@@ -1059,24 +1265,45 @@ function deriveActionVerb(method, endpointName) {
   }
 }
 function getEndpointName(path) {
-  const parts = path.replace(/^\/api\//, "").split("/");
+  const parts = stripApiPrefix(path).split("/");
   if (parts.length <= 2) return parts.join("/");
   return parts.map((p) => p.length > ENDPOINT_TRUNCATE_LENGTH ? "..." : p).join("/");
 }
 function prettifyPageName(path) {
-  const clean = path.replace(/^\//, "").replace(/\/$/, "");
+  let clean = path;
+  if (clean.startsWith("/")) clean = clean.slice(1);
+  if (clean.endsWith("/")) clean = clean.slice(0, -1);
   if (!clean) return "Home";
-  return clean.split("/").map((s) => capitalize(s.replace(/[-_]/g, " "))).join(" ");
+  return clean.split("/").map((s) => capitalize(s.split("-").join(" ").split("_").join(" "))).join(" ");
 }
 function capitalize(s) {
   return s.charAt(0).toUpperCase() + s.slice(1);
 }
+var VERB_MAP;
 var init_label = __esm({
   "src/analysis/label.ts"() {
     "use strict";
     init_constants();
     init_categorize();
     init_http_status();
+    VERB_MAP = [
+      ["enhance", "Enhanced"],
+      ["generate", "Generated"],
+      ["create", "Created"],
+      ["update", "Updated"],
+      ["delete", "Deleted"],
+      ["remove", "Deleted"],
+      ["send", "Sent"],
+      ["upload", "Uploaded"],
+      ["save", "Saved"],
+      ["submit", "Submitted"],
+      ["login", "Logged in"],
+      ["signin", "Logged in"],
+      ["logout", "Logged out"],
+      ["signout", "Logged out"],
+      ["register", "Registered"],
+      ["signup", "Registered"]
+    ];
   }
 });
@@ -1522,33 +1749,85 @@ var init_handlers = __esm({
 // src/utils/static-patterns.ts
 function isStaticPath(urlPath) {
-  return STATIC_PATTERNS.some((p) => p.test(urlPath));
+  const dotIdx = urlPath.lastIndexOf(".");
+  if (dotIdx !== -1) {
+    const ext = urlPath.slice(dotIdx).toLowerCase();
+    if (STATIC_EXTENSIONS.has(ext)) return true;
+  }
+  return STATIC_PREFIXES.some((p) => urlPath.startsWith(p));
 }
 function isHealthCheckPath(urlPath) {
-  return HEALTH_CHECK_PATTERNS.some((p) => p.test(urlPath));
+  return HEALTH_CHECK_PATHS.has(urlPath.toLowerCase());
 }
-var STATIC_PATTERNS, HEALTH_CHECK_PATTERNS;
+var STATIC_EXTENSIONS, STATIC_PREFIXES, HEALTH_CHECK_PATHS;
 var init_static_patterns = __esm({
   "src/utils/static-patterns.ts"() {
     "use strict";
-    STATIC_PATTERNS = [
-      /\.(?:js|css|map|ico|png|jpg|jpeg|gif|svg|webp|woff2?|ttf|eot)$/,
-      /^\/favicon/,
-      /^\/node_modules\//,
-      // Framework-specific static/internal paths
-      /^\/_next\//,
-      /^\/__nextjs/,
-      /^\/@vite\//,
-      /^\/__vite/
-    ];
-    HEALTH_CHECK_PATTERNS = [
-      /^\/health(z|check)?$/i,
-      /^\/ping$/i,
-      /^\/(ready|readiness|liveness)$/i,
-      /^\/status$/i,
-      /^\/__health$/i,
-      /^\/api\/health(z|check)?$/i
+    STATIC_EXTENSIONS = /* @__PURE__ */ new Set([
+      ".js",
+      ".css",
+      ".map",
+      ".ico",
+      ".png",
+      ".jpg",
+      ".jpeg",
+      ".gif",
+      ".svg",
+      ".webp",
+      ".woff",
+      ".woff2",
+      ".ttf",
+      ".eot"
+    ]);
+    STATIC_PREFIXES = [
+      "/favicon",
+      "/node_modules/",
+      // Next.js
+      "/_next/",
+      "/__nextjs",
+      // Vite (also used by Nuxt, Astro in dev)
+      "/@vite/",
+      "/__vite",
+      "/@fs/",
+      "/@id/",
+      // Remix
+      "/__remix",
+      // Nuxt
+      "/_nuxt/",
+      "/__nuxt",
+      // Astro
+      "/@astro",
+      "/_astro/",
+      // Django
+      "/static/",
+      "/media/",
+      "/__debug__/",
+      // Flask / Werkzeug
+      "/_debugtoolbar/",
+      // FastAPI / Starlette
+      "/openapi.json",
+      "/docs",
+      "/redoc",
+      // Rails
+      "/assets/",
+      "/packs/",
+      // Browser probes
+      "/.well-known/"
     ];
+    HEALTH_CHECK_PATHS = /* @__PURE__ */ new Set([
+      "/health",
+      "/healthz",
+      "/healthcheck",
+      "/ping",
+      "/ready",
+      "/readiness",
+      "/liveness",
+      "/status",
+      "/__health",
+      "/api/health",
+      "/api/healthz",
+      "/api/healthcheck"
+    ]);
   }
 });
@@ -1704,29 +1983,25 @@ function createIngestHandler(services) {
   const routeEvent = (event) => {
     switch (event.type) {
       case TIMELINE_FETCH:
-        services.fetchStore.add(event.data);
+        bus.emit("telemetry:fetch", event.data);
         break;
       case TIMELINE_LOG:
-        services.logStore.add(event.data);
+        bus.emit("telemetry:log", event.data);
         break;
       case TIMELINE_ERROR:
-        services.errorStore.add(event.data);
+        bus.emit("telemetry:error", event.data);
         break;
       case TIMELINE_QUERY:
-        services.queryStore.add(event.data);
+        bus.emit("telemetry:query", event.data);
         break;
     }
   };
-  const queryStore = services.queryStore;
-  const fetchStore = services.fetchStore;
-  const logStore = services.logStore;
-  const errorStore = services.errorStore;
-  const requestStore = services.requestStore;
+  const { bus, requestStore } = services;
   const stores = {
-    addQuery: (data) => queryStore.add(data),
-    addFetch: (data) => fetchStore.add(data),
-    addLog: (data) => logStore.add(data),
-    addError: (data) => errorStore.add(data),
+    addQuery: (data) => bus.emit("telemetry:query", data),
+    addFetch: (data) => bus.emit("telemetry:fetch", data),
+    addLog: (data) => bus.emit("telemetry:log", data),
+    addError: (data) => bus.emit("telemetry:error", data),
     addRequest: (data) => requestStore.add(data)
   };
   return (req, res) => {
@@ -1977,6 +2252,42 @@ var init_issues = __esm({
   }
 });
+// src/dashboard/api/graph.ts
+function createGraphHandler(services) {
+  return (req, res) => {
+    if (!requireGet(req, res)) return;
+    const url = parseRequestUrl(req);
+    const rawCluster = url.searchParams.get("cluster") ?? void 0;
+    const rawNode = url.searchParams.get("node") ?? void 0;
+    const rawLevel = url.searchParams.get("level") ?? void 0;
+    const rawGrouping = url.searchParams.get("grouping") ?? void 0;
+    const cluster = rawCluster && rawCluster.length <= MAX_PARAM_LENGTH ? rawCluster : void 0;
+    const node = rawNode && rawNode.length <= MAX_PARAM_LENGTH ? rawNode : void 0;
+    const level = rawLevel && VALID_LEVELS.has(rawLevel) ? rawLevel : void 0;
+    const grouping = rawGrouping && VALID_GROUPINGS.has(rawGrouping) ? rawGrouping : void 0;
+    const { graphBuilder, metricsStore } = services;
+    graphBuilder.enrichWithMetrics((endpointKey) => {
+      const metrics = metricsStore.getEndpoint(endpointKey);
+      if (!metrics || metrics.sessions.length === 0) return void 0;
+      const latest = metrics.sessions[metrics.sessions.length - 1];
+      return latest.p95DurationMs;
+    });
+    const data = graphBuilder.getApiResponse({ cluster, node, level, grouping });
+    sendJson(req, res, HTTP_OK, data);
+  };
+}
+var VALID_LEVELS, VALID_GROUPINGS, MAX_PARAM_LENGTH;
+var init_graph = __esm({
+  "src/dashboard/api/graph.ts"() {
+    "use strict";
+    init_labels();
+    init_shared2();
+    VALID_LEVELS = /* @__PURE__ */ new Set(["endpoints", "clusters"]);
+    VALID_GROUPINGS = /* @__PURE__ */ new Set(["path", "auth-boundary", "data-domain"]);
+    MAX_PARAM_LENGTH = 200;
+  }
+});
 // src/dashboard/sse.ts
 function createSSEHandler(services) {
   const clients = /* @__PURE__ */ new Set();
@@ -2249,7 +2560,7 @@ var init_issue_store = __esm({
           existing.occurrences++;
           existing.issue = issue;
           existing.cleanHitsSinceLastSeen = 0;
-          if (existing.state === "resolved" || existing.state === "stale") {
+          if (existing.aiStatus !== "wont_fix" && (existing.state === "resolved" || existing.state === "stale")) {
             existing.state = "regressed";
             existing.resolvedAt = null;
           }
@@ -2275,10 +2586,11 @@ var init_issue_store = __esm({
         return stateful;
       }
       /**
-       * Reconcile issues against the current analysis results using evidence-based resolution.
-       *
-       * @param currentIssueIds - IDs of issues detected in the current analysis cycle
-       * @param activeEndpoints - Endpoints that had requests in the current cycle
+       * Evidence-based reconciliation: for each active issue whose endpoint had
+       * traffic but the issue was NOT re-detected, increment cleanHitsSinceLastSeen.
+       * After CLEAN_HITS_FOR_RESOLUTION consecutive clean cycles, auto-resolve.
+       * Issues on endpoints with no recent traffic are marked stale after STALE_ISSUE_TTL_MS.
+       * Resolved and stale issues are pruned after their respective TTLs expire.
        */
       reconcile(currentIssueIds, activeEndpoints) {
         const now = Date.now();
@@ -2428,11 +2740,22 @@ var init_project = __esm({
     "use strict";
     init_fs();
     FRAMEWORKS = [
+      // Meta-frameworks first (they bundle Express/Vite internally)
       { name: "nextjs", dep: "next", devCmd: "next dev", bin: "next", defaultPort: 3e3, devArgs: ["dev", "--port"] },
       { name: "remix", dep: "@remix-run/dev", devCmd: "remix dev", bin: "remix", defaultPort: 3e3, devArgs: ["dev"] },
       { name: "nuxt", dep: "nuxt", devCmd: "nuxt dev", bin: "nuxt", defaultPort: 3e3, devArgs: ["dev", "--port"] },
-      { name: "vite", dep: "vite", devCmd: "vite", bin: "vite", defaultPort: 5173, devArgs: ["--port"] },
-      { name: "astro", dep: "astro", devCmd: "astro dev", bin: "astro", defaultPort: 4321, devArgs: ["dev", "--port"] }
+      { name: "astro", dep: "astro", devCmd: "astro dev", bin: "astro", defaultPort: 4321, devArgs: ["dev", "--port"] },
+      { name: "nestjs", dep: "@nestjs/core", devCmd: "nest start", bin: "nest", defaultPort: 3e3, devArgs: ["--watch"] },
+      { name: "adonis", dep: "@adonisjs/core", devCmd: "node ace serve", bin: "ace", defaultPort: 3333, devArgs: ["serve", "--watch"] },
+      { name: "sails", dep: "sails", devCmd: "sails lift", bin: "sails", defaultPort: 1337, devArgs: ["lift"] },
+      // Server frameworks
+      { name: "hono", dep: "hono", devCmd: "node", bin: "node", defaultPort: 3e3 },
+      { name: "fastify", dep: "fastify", devCmd: "node", bin: "node", defaultPort: 3e3 },
+      { name: "koa", dep: "koa", devCmd: "node", bin: "node", defaultPort: 3e3 },
+      { name: "hapi", dep: "@hapi/hapi", devCmd: "node", bin: "node", defaultPort: 3e3 },
+      { name: "express", dep: "express", devCmd: "node", bin: "node", defaultPort: 3e3 },
+      // Bundlers (last — likely used alongside a framework above)
+      { name: "vite", dep: "vite", devCmd: "vite", bin: "vite", defaultPort: 5173, devArgs: ["--port"] }
     ];
   }
 });
@@ -2478,26 +2801,128 @@ var init_response = __esm({
 });
 // src/analysis/rules/patterns.ts
-var SECRET_KEYS, TOKEN_PARAMS, SAFE_PARAMS, STACK_TRACE_RE, DB_CONN_RE, SQL_FRAGMENT_RE, SECRET_VAL_RE, LOG_SECRET_RE, MASKED_RE, EMAIL_RE, INTERNAL_ID_KEYS, INTERNAL_ID_SUFFIX, SELF_SERVICE_PATH, SENSITIVE_FIELD_NAMES, SELECT_STAR_RE, SELECT_DOT_STAR_RE, RULE_HINTS;
+var SECRET_KEY_SET, SECRET_KEYS, TOKEN_PARAM_SET, TOKEN_PARAMS, SAFE_PARAM_SET, SAFE_PARAMS, INTERNAL_ID_KEY_SET, INTERNAL_ID_KEYS, INTERNAL_ID_SUFFIX, SENSITIVE_FIELD_SET, SENSITIVE_FIELD_NAMES, SELF_SERVICE_SEGMENTS, SELF_SERVICE_PATH, MASKED_LITERALS, MASKED_RE, DB_PROTOCOLS, DB_CONN_RE, SELECT_STAR_RE, SELECT_DOT_STAR_RE, STACK_TRACE_RE, SQL_FRAGMENT_RE, SECRET_VAL_RE, LOG_SECRET_RE, EMAIL_RE, RULE_HINTS;
 var init_patterns = __esm({
   "src/analysis/rules/patterns.ts"() {
     "use strict";
-    SECRET_KEYS = /^(password|passwd|secret|api_key|apiKey|api_secret|apiSecret|private_key|privateKey|client_secret|clientSecret)$/;
-    TOKEN_PARAMS = /^(token|api_key|apiKey|secret|password|access_token|session_id|sessionId)$/;
-    SAFE_PARAMS = /^(_rsc|__clerk_handshake|__clerk_db_jwt|callback|code|state|nonce|redirect_uri|utm_|fbclid|gclid)$/;
+    SECRET_KEY_SET = /* @__PURE__ */ new Set([
+      "password",
+      "passwd",
+      "secret",
+      "api_key",
+      "apiKey",
+      "api_secret",
+      "apiSecret",
+      "private_key",
+      "privateKey",
+      "client_secret",
+      "clientSecret"
+    ]);
+    SECRET_KEYS = { test: (s) => SECRET_KEY_SET.has(s) };
+    TOKEN_PARAM_SET = /* @__PURE__ */ new Set([
+      "token",
+      "api_key",
+      "apiKey",
+      "secret",
+      "password",
+      "access_token",
+      "session_id",
+      "sessionId"
+    ]);
+    TOKEN_PARAMS = { test: (s) => TOKEN_PARAM_SET.has(s) };
+    SAFE_PARAM_SET = /* @__PURE__ */ new Set([
+      "_rsc",
+      "__clerk_handshake",
+      "__clerk_db_jwt",
+      "callback",
+      "code",
+      "state",
+      "nonce",
+      "redirect_uri",
+      "utm_",
+      "fbclid",
+      "gclid"
+    ]);
+    SAFE_PARAMS = { test: (s) => SAFE_PARAM_SET.has(s) };
+    INTERNAL_ID_KEY_SET = /* @__PURE__ */ new Set([
+      "id",
+      "_id",
+      "userId",
+      "user_id",
+      "createdBy",
+      "updatedBy",
+      "organizationId",
+      "org_id",
+      "tenantId",
+      "tenant_id"
+    ]);
+    INTERNAL_ID_KEYS = { test: (s) => INTERNAL_ID_KEY_SET.has(s) };
+    INTERNAL_ID_SUFFIX = {
+      test: (s) => s.endsWith("Id") || s.endsWith("_id")
+    };
+    SENSITIVE_FIELD_SET = /* @__PURE__ */ new Set([
+      "phone",
+      "phonenumber",
+      "phone_number",
+      "ssn",
+      "socialsecuritynumber",
+      "social_security_number",
+      "dateofbirth",
+      "date_of_birth",
+      "dob",
+      "address",
+      "streetaddress",
+      "street_address",
+      "creditcard",
+      "credit_card",
+      "cardnumber",
+      "card_number",
+      "bankaccount",
+      "bank_account",
+      "passport",
+      "passportnumber",
+      "passport_number",
+      "nationalid",
+      "national_id"
+    ]);
+    SENSITIVE_FIELD_NAMES = {
+      test: (s) => SENSITIVE_FIELD_SET.has(s.toLowerCase())
+    };
+    SELF_SERVICE_SEGMENTS = /* @__PURE__ */ new Set(["me", "account", "profile", "settings", "self"]);
+    SELF_SERVICE_PATH = {
+      test: (path) => {
+        const segments = path.toLowerCase().split(/[/?#]/);
+        return segments.some((seg) => SELF_SERVICE_SEGMENTS.has(seg));
+      }
+    };
+    MASKED_LITERALS = ["[REDACTED]", "[FILTERED]", "CHANGE_ME"];
+    MASKED_RE = {
+      test: (s) => {
+        const upper = s.toUpperCase();
+        if (MASKED_LITERALS.some((m) => upper.includes(m))) return true;
+        if (s.length > 0 && s.split("").every((c) => c === "*")) return true;
+        if (s.length >= 3 && s.split("").every((c) => c === "x" || c === "X")) return true;
+        return false;
+      }
+    };
+    DB_PROTOCOLS = ["postgres://", "mysql://", "mongodb://", "redis://"];
+    DB_CONN_RE = {
+      test: (s) => DB_PROTOCOLS.some((p) => s.includes(p))
+    };
+    SELECT_STAR_RE = {
+      test: (s) => {
+        const t = s.trimStart().toUpperCase();
+        return t.startsWith("SELECT *") || t.startsWith("SELECT	*");
+      }
+    };
+    SELECT_DOT_STAR_RE = {
+      test: (s) => s.toUpperCase().includes(".* FROM")
+    };
     STACK_TRACE_RE = /at\s+.+\(.+:\d+:\d+\)|at\s+Module\._compile|at\s+Object\.<anonymous>|at\s+processTicksAndRejections|Traceback \(most recent call last\)|File ".+", line \d+/;
-    DB_CONN_RE = /(postgres|mysql|mongodb|redis):\/\//;
     SQL_FRAGMENT_RE = /\b(SELECT\s+[\w.*]+\s+FROM|INSERT\s+INTO|UPDATE\s+\w+\s+SET|DELETE\s+FROM)\b/i;
     SECRET_VAL_RE = /(api_key|apiKey|secret|token)\s*[:=]\s*["']?[A-Za-z0-9_\-.+/]{8,}/;
     LOG_SECRET_RE = /(password|secret|token|api_key|apiKey)\s*[:=]\s*["']?[A-Za-z0-9_\-.+/]{8,}/i;
-    MASKED_RE = /^\*+$|\[REDACTED\]|\[FILTERED\]|CHANGE_ME|^x{3,}$/i;
     EMAIL_RE = /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/;
-    INTERNAL_ID_KEYS = /^(id|_id|userId|user_id|createdBy|updatedBy|organizationId|org_id|tenantId|tenant_id)$/;
-    INTERNAL_ID_SUFFIX = /Id$|_id$/;
-    SELF_SERVICE_PATH = /\/(?:me|account|profile|settings|self)(?=\/|\?|#|$)/i;
-    SENSITIVE_FIELD_NAMES = /^(phone|phoneNumber|phone_number|ssn|socialSecurityNumber|social_security_number|dateOfBirth|date_of_birth|dob|address|streetAddress|street_address|creditCard|credit_card|cardNumber|card_number|bankAccount|bank_account|passport|passportNumber|passport_number|nationalId|national_id)$/i;
-    SELECT_STAR_RE = /^SELECT\s+\*/i;
-    SELECT_DOT_STAR_RE = /\.\*\s+FROM/i;
     RULE_HINTS = {
       "exposed-secret": "Never include secret fields in API responses. Strip sensitive fields before returning.",
       "token-in-url": "Pass tokens in the Authorization header, not URL query parameters.",
@@ -3956,7 +4381,7 @@ var init_src = __esm({
     init_engine();
     init_insights2();
     init_insights();
-    VERSION = "0.9.2";
+    VERSION = "0.10.1";
   }
 });
@@ -3976,7 +4401,10 @@ function getBaseStyles() {
   --red:#dc2626;
   --cyan:#0891b2;
   --green-bg:rgba(22,163,74,0.08);--green-bg-subtle:rgba(22,163,74,0.05);--green-border:rgba(22,163,74,0.2);--green-border-subtle:rgba(22,163,74,0.15);
-  --amber-bg:rgba(217,119,6,0.07);--red-bg:rgba(220,38,38,0.07);--blue-bg:rgba(37,99,235,0.08);--cyan-bg:rgba(8,145,178,0.07);
+  --amber-bg:rgba(217,119,6,0.08);--amber-border:rgba(217,119,6,0.15);
+  --red-bg:rgba(220,38,38,0.08);--red-border:rgba(220,38,38,0.2);
+  --blue-bg:rgba(37,99,235,0.08);--cyan-bg:rgba(8,145,178,0.07);
+  --accent-bg:rgba(99,102,241,0.08);
   --sidebar-width:232px;--header-height:52px;
   --radius:8px;--radius-sm:6px;
   --shadow-sm:0 1px 3px rgba(0,0,0,0.06),0 1px 2px rgba(0,0,0,0.03);
@@ -4033,6 +4461,7 @@ function getLayoutStyles() {
 .sidebar-logo .logo-version{font-weight:400;font-size:11px;color:var(--text-muted);margin-left:8px;letter-spacing:0}
 .sidebar-nav{padding:12px;flex:1}
 .sidebar-section{font-size:11px;font-weight:600;text-transform:uppercase;letter-spacing:.8px;color:var(--text-muted);padding:16px 12px 8px}
+.sidebar-divider{height:1px;background:var(--border-subtle);margin:8px 12px}
 .sidebar-item{display:flex;align-items:center;gap:12px;padding:10px 12px;border-radius:var(--radius);color:var(--text-dim);font-size:14px;font-weight:500;cursor:pointer;transition:all .15s;border:none;background:transparent;width:100%;text-align:left;font-family:var(--sans)}
 .sidebar-item:hover{background:var(--bg-hover);color:var(--text)}
 .sidebar-item.active{background:var(--bg-active);color:var(--accent)}
@@ -4041,6 +4470,7 @@ function getLayoutStyles() {
 .sidebar-item:hover .item-icon{opacity:.8}
 .sidebar-item .item-label{flex:1}
 .sidebar-item .item-count{font-size:12px;font-family:var(--mono);color:var(--text-muted);background:var(--bg-muted);padding:2px 8px;border-radius:10px;min-width:24px;text-align:center}
+.sidebar-beta{font-size:9px;color:#6366f1;background:#eef2ff;border:1px solid #e0e7ff;border-radius:4px;padding:0 5px;margin-left:auto;line-height:16px}
 .sidebar-item.disabled{opacity:.35;cursor:default;pointer-events:none}
 .sidebar-item .coming-soon{font-size:10px;color:var(--text-muted);background:var(--bg-muted);padding:2px 8px;border-radius:10px;font-weight:600;letter-spacing:.3px}
 .sidebar-footer{padding:16px 24px;border-top:1px solid var(--border-subtle);font-size:12px;color:var(--text-muted);font-family:var(--mono)}
@@ -4065,7 +4495,8 @@ function getLayoutStyles() {
 /* Content */
 .main-content{flex:1;overflow-y:auto}
 bk-dashboard{display:contents}
-bk-overview-view,bk-flows-view,bk-requests-view,bk-fetches-view,bk-queries-view,bk-errors-view,bk-logs-view,bk-security-view,bk-performance-view,bk-timeline-panel,bk-empty-state{display:block}
+bk-overview-view,bk-flows-view,bk-requests-view,bk-fetches-view,bk-queries-view,bk-errors-view,bk-logs-view,bk-security-view,bk-performance-view,bk-explorer-view,bk-insights-view,bk-timeline-panel,bk-empty-state{display:block}
+bk-graph-view{display:block}
 bk-method-badge,bk-status-pill,bk-duration-label,bk-copy-button{display:inline-flex;flex-shrink:0}
 bk-stat-card{display:inline-flex}
 bk-toast{display:block;position:fixed;top:0;left:0;right:0;z-index:100;pointer-events:none}
@@ -4442,7 +4873,7 @@ span.perf-breakdown-dot.perf-breakdown-app{background:var(--breakdown-app)}
 .perf-trend-faster{color:var(--green)}
 `;
 }
-var init_graph = __esm({
+var init_graph2 = __esm({
   "src/dashboard/styles/graph.ts"() {
     "use strict";
   }
@@ -4451,53 +4882,25 @@ var init_graph = __esm({
 // src/dashboard/styles/overview.ts
 function getOverviewStyles() {
   return `
-/* Overview */
-.ov-container{padding:24px 28px}
-/* Summary banner */
-.ov-summary{display:flex;gap:10px;margin-bottom:24px;flex-wrap:wrap}
-.ov-stat{display:flex;flex-direction:column;gap:4px;flex:1;min-width:100px;padding:16px 18px;background:var(--bg-card);border:1px solid var(--border);border-radius:var(--radius);box-shadow:var(--shadow-sm);transition:box-shadow var(--transition, .15s ease)}
-.ov-stat:hover{box-shadow:var(--shadow-md)}
-.ov-stat-value{font-size:22px;font-weight:700;font-family:var(--mono);color:var(--text);line-height:1.2}
-.ov-stat-label{font-size:10px;text-transform:uppercase;letter-spacing:.8px;color:var(--text-muted);font-weight:600}
-/* Section header */
-.ov-section-title{font-size:12px;font-weight:600;text-transform:uppercase;letter-spacing:.8px;color:var(--text-muted);margin-bottom:12px;display:flex;align-items:center;gap:8px}
-.ov-issue-count{font-size:11px;font-family:var(--mono);color:var(--text-dim);background:var(--bg-muted);border:1px solid var(--border);padding:1px 8px;border-radius:10px}
-/* Insight cards */
-.ov-cards{display:flex;flex-direction:column;gap:8px}
-.ov-card{display:flex;align-items:flex-start;gap:14px;padding:16px 20px;background:var(--bg-card);border:1px solid var(--border);border-radius:var(--radius);cursor:pointer;transition:all var(--transition, .15s ease);box-shadow:var(--shadow-sm)}
-.ov-card:hover{background:var(--bg-hover);border-color:var(--border-light);box-shadow:var(--shadow-md);transform:translateY(-1px)}
-.ov-card-icon{width:20px;height:20px;display:flex;align-items:center;justify-content:center;flex-shrink:0;font-size:10px;border-radius:50%;margin-top:2px}
-.ov-card-icon.critical{background:rgba(220,38,38,.08);color:var(--red)}
-.ov-card-icon.warning{background:rgba(217,119,6,.08);color:var(--amber)}
-.ov-card-icon.info{background:rgba(37,99,235,.08);color:var(--blue)}
-.ov-card-icon.resolved{background:var(--green-bg);color:var(--green)}
-.ov-card-body{flex:1;min-width:0}
-.ov-card-title{font-size:13px;font-weight:600;color:var(--text);margin-bottom:2px}
-.ov-card-desc{font-size:12px;color:var(--text-dim);line-height:1.5}
-.ov-card-detail{font-size:11px;font-family:var(--mono);color:var(--text-muted);margin-top:6px;padding:8px 10px;background:var(--bg-muted);border:1px solid var(--border-subtle);border-radius:var(--radius-sm);line-height:1.5}
-.ov-card-desc strong{color:var(--text);font-family:var(--mono);font-weight:600}
-.ov-card-arrow{color:var(--text-muted);font-size:12px;flex-shrink:0;margin-top:2px;font-family:var(--mono);transition:transform .15s}
-/* Expanded card */
-.ov-card.expanded{border-color:var(--border-light);box-shadow:var(--shadow-md)}
-.ov-card-expand{display:none;margin-top:10px;padding-top:10px;border-top:1px solid var(--border)}
-.ov-card-hint{font-size:12px;color:var(--text-dim);line-height:1.5;margin-bottom:10px}
-.ov-card-link{font-size:12px;font-weight:600;color:var(--blue);cursor:pointer;display:inline-block;padding:4px 0}
-.ov-card-link:hover{text-decoration:underline}
-.ov-detail-label{font-size:11px;font-weight:600;color:var(--text-muted);text-transform:uppercase;letter-spacing:.5px;margin-bottom:4px}
-.ov-detail-item{font-size:12px;color:var(--text);font-family:var(--mono);padding:2px 0}
-/* All-clear banner */
-.ov-clear{display:flex;align-items:center;gap:12px;padding:16px 20px;background:var(--green-bg-subtle);border:1px solid var(--green-border);border-radius:var(--radius);color:var(--green);font-size:13px;font-weight:500}
-.ov-clear-icon{font-size:16px}
+.ov-container{padding:28px}
-/* Resolved section */
-.ov-resolved-title{margin-top:24px}
-.ov-card-resolved{opacity:.7;border-color:var(--green-border);cursor:default}
-.ov-card-resolved:hover{opacity:1;box-shadow:var(--shadow-sm)}
+.ov-grid{display:grid;grid-template-columns:repeat(auto-fill,minmax(280px,1fr));gap:16px}
+.ov-card-nav{display:flex;align-items:center;gap:16px;padding:20px 24px;background:var(--bg-card);border:1px solid var(--border);border-radius:12px;cursor:pointer;transition:all .18s ease;box-shadow:0 1px 3px rgba(0,0,0,.04)}
+.ov-card-nav:hover{border-color:var(--border-light);box-shadow:0 4px 16px rgba(0,0,0,.06);transform:translateY(-2px)}
+.ov-card-nav:active{transform:translateY(0)}
+.ov-card-empty{opacity:.55}
+.ov-card-empty:hover{opacity:.8}
+.ov-card-icon-lg{font-size:22px;width:40px;height:40px;display:flex;align-items:center;justify-content:center;flex-shrink:0;background:var(--bg-muted);border-radius:10px;color:var(--text-muted)}
+.ov-card-content{flex:1;min-width:0}
+.ov-card-headline{font-size:16px;font-weight:700;color:var(--text);font-family:var(--mono);line-height:1.3}
+.ov-card-context{font-size:12px;color:var(--text-muted);margin-top:2px;white-space:nowrap;overflow:hidden;text-overflow:ellipsis}
+.ov-card-arrow{font-size:16px;color:var(--text-muted);opacity:0;transition:opacity .15s,transform .15s;flex-shrink:0}
+.ov-card-nav:hover .ov-card-arrow{opacity:1;transform:translateX(2px)}
 `;
 }
 var init_overview = __esm({
@@ -4779,9 +5182,205 @@ var init_timeline = __esm({
   }
 });
+// src/dashboard/styles/graph-view.ts
+function getGraphViewStyles() {
+  return `
+.graph-wrapper{display:flex;flex-direction:column;height:calc(100vh - 120px);outline:none}
+/* Toolbar \u2014 centered search, layers left, flow picker right */
+.graph-toolbar{display:flex;align-items:center;gap:10px;padding:8px 16px;border-bottom:1px solid var(--border)}
+/* Layer toggles */
+.graph-layer-toggles{display:flex;gap:4px;flex-shrink:0}
+.graph-layer-btn{display:flex;align-items:center;gap:3px;font-size:10px;font-weight:500;padding:3px 8px;border:1px solid var(--border);border-radius:12px;background:var(--bg);color:var(--text-muted);cursor:pointer;transition:all .15s;white-space:nowrap}
+.graph-layer-btn:hover{border-color:var(--text-muted);color:var(--text)}
+.graph-layer-btn.active{background:var(--bg-card);font-weight:600}
+/* Search \u2014 takes remaining space, centered */
+.graph-search{flex:1;position:relative;display:flex;align-items:center;max-width:360px;margin:0 auto}
+.graph-search-icon{position:absolute;left:10px;color:var(--text-muted);font-size:13px;pointer-events:none;opacity:0.5}
+.graph-search-input{width:100%;font-size:11px;padding:6px 28px 6px 28px;border:1px solid var(--border);border-radius:8px;background:var(--bg);color:var(--text);font-family:var(--mono);outline:none;transition:border-color .15s,box-shadow .15s}
+.graph-search-input:focus{border-color:#6366f1;box-shadow:0 0 0 3px rgba(99,102,241,.1)}
+.graph-search-input::placeholder{color:var(--text-muted);opacity:0.5}
+.graph-search-clear{position:absolute;right:8px;background:none;border:none;color:var(--text-muted);cursor:pointer;font-size:11px;padding:0 4px;line-height:1;border-radius:3px}
+.graph-search-clear:hover{color:var(--text);background:var(--bg-card)}
+/* Flow picker */
+.graph-flow-picker{font-size:10px;padding:4px 8px;border:1px solid var(--border);border-radius:8px;background:var(--bg);color:var(--text);cursor:pointer;font-family:var(--mono);max-width:200px;flex-shrink:0}
+/* Auth legend \u2014 inline in toolbar */
+.graph-auth-legend{display:flex;gap:8px;align-items:center;font-size:10px;color:var(--text-muted);flex-shrink:0}
+.graph-auth-legend-item{display:flex;align-items:center;gap:3px;white-space:nowrap}
+/* Canvas */
+.graph-body{display:flex;flex:1;min-height:0}
+.graph-canvas{flex:1;overflow:hidden;padding:0;position:relative;min-height:0}
+.graph-svg{display:block}
+.graph-col-header{fill:#c4c4cc;font-size:9px;font-weight:600;font-family:'Inter',system-ui,sans-serif;letter-spacing:1.5px}
+/* Floating controls \u2014 bottom-center pill */
+.graph-float{position:absolute;top:12px;right:12px;display:flex;align-items:center;gap:2px;background:var(--bg-card);border:1px solid var(--border);border-radius:10px;padding:4px 6px;box-shadow:0 2px 12px rgba(0,0,0,.08);z-index:10}
+.graph-float-btn{background:none;border:none;color:var(--text-muted);cursor:pointer;font-size:13px;padding:4px 8px;line-height:1;border-radius:6px;transition:all .12s;white-space:nowrap}
+.graph-float-btn:hover{background:var(--bg);color:var(--text)}
+.graph-float-btn-accent{font-size:11px;font-weight:600;color:#6366f1}
+.graph-float-btn-accent:hover{background:rgba(99,102,241,.08);color:#4f46e5}
+.graph-float-zoom{font-size:10px;color:var(--text-muted);font-family:var(--mono);min-width:36px;text-align:center;user-select:none}
+.graph-float-sep{width:1px;height:16px;background:var(--border);margin:0 2px;flex-shrink:0}
+/* Empty & loading states */
+.graph-empty{display:flex;flex-direction:column;align-items:center;justify-content:center;min-height:400px;color:var(--text-muted);text-align:center;padding:40px}
+.graph-empty-icon{font-size:40px;opacity:0.25;margin-bottom:12px}
+.graph-empty-title{font-size:15px;font-weight:600;color:var(--text);margin-bottom:6px}
+.graph-empty-desc{font-size:12px;max-width:320px;line-height:1.5}
+.graph-loading{display:flex;align-items:center;justify-content:center;min-height:400px;color:var(--text-muted);font-size:13px}
+/* Detail panel */
+.graph-detail{width:320px;border-left:1px solid var(--border);overflow-y:auto;padding:16px;background:var(--bg-card);flex-shrink:0;max-height:calc(100vh - 160px)}
+.graph-detail-head{display:flex;justify-content:space-between;align-items:flex-start;margin-bottom:12px}
+.graph-detail-badge{font-size:11px;font-weight:500;text-transform:uppercase;letter-spacing:0.5px;margin-bottom:4px}
+.graph-detail-name{font-size:14px;font-weight:700;color:var(--text);word-break:break-all;font-family:var(--mono)}
+.graph-detail-close{background:none;border:none;color:var(--text-muted);cursor:pointer;font-size:16px;padding:0 4px;line-height:1}
+.graph-detail-close:hover{color:var(--text)}
+.graph-detail-auth-badge{display:inline-block;font-size:10px;font-weight:500;color:#059669;background:#ecfdf5;border:1px solid #a7f3d0;border-radius:4px;padding:1px 6px;margin-top:4px}
+.graph-detail-mw-badge{display:inline-block;font-size:10px;font-weight:500;color:#6b7280;background:#f3f4f6;border:1px solid #d1d5db;border-radius:4px;padding:1px 6px;margin-top:4px;margin-left:4px}
+/* Detail tabs */
+.graph-detail-tabs{display:flex;gap:2px;margin-bottom:12px;border-bottom:1px solid var(--border);padding-bottom:0}
+.graph-detail-tab{background:none;border:none;border-bottom:2px solid transparent;color:var(--text-muted);cursor:pointer;font-size:11px;font-weight:500;padding:6px 10px;transition:all .12s}
+.graph-detail-tab:hover{color:var(--text)}
+.graph-detail-tab.active{color:#6366f1;border-bottom-color:#6366f1}
+/* Detail stats */
+.graph-detail-stats{display:grid;grid-template-columns:1fr 1fr;gap:8px;margin-bottom:12px}
+.graph-detail-stat{background:var(--bg);border-radius:var(--radius-sm);padding:10px 12px}
+.graph-detail-val{font-size:20px;font-weight:700;font-family:var(--mono);color:var(--text);line-height:1.2}
+.graph-detail-lbl{font-size:9px;color:var(--text-muted);text-transform:uppercase;letter-spacing:0.6px;margin-top:2px}
+/* Detail sections */
+.graph-detail-sec{font-size:10px;color:var(--text-muted);text-transform:uppercase;letter-spacing:0.8px;margin:12px 0 8px;padding-top:10px;border-top:1px solid var(--border)}
+.graph-detail-conn{display:flex;align-items:center;gap:6px;font-size:12px;color:var(--text);padding:6px 8px;background:var(--bg);border-radius:var(--radius-sm);margin-bottom:4px;font-family:var(--mono)}
+.graph-detail-edge-dot{width:6px;height:6px;border-radius:50%;flex-shrink:0}
+.graph-detail-edge-type{font-size:10px;font-weight:600;text-transform:uppercase;min-width:42px}
+.graph-detail-dim{color:var(--text-muted);font-size:10px;margin-left:auto;white-space:nowrap}
+.graph-detail-sql{font-size:10px;color:var(--text-muted);padding:8px 10px;background:var(--bg);border-radius:var(--radius-sm);font-family:var(--mono);word-break:break-all;line-height:1.5;margin:0 0 4px;white-space:pre-wrap;border:1px solid var(--border)}
+/* Security findings in detail */
+.graph-detail-finding{padding:8px 10px;background:var(--bg);border-radius:var(--radius-sm);margin-bottom:6px;border:1px solid var(--border)}
+.graph-detail-finding-title{font-size:12px;font-weight:600;color:var(--text);margin-top:4px}
+.graph-detail-finding-meta{font-size:10px;color:var(--text-muted);margin-top:2px;font-family:var(--mono)}
+.graph-detail-severity{font-size:9px;font-weight:700;text-transform:uppercase;letter-spacing:0.5px;padding:1px 6px;border-radius:3px}
+.graph-detail-severity-critical{background:#fef2f2;color:#dc2626;border:1px solid #fecaca}
+.graph-detail-severity-warning{background:#fffbeb;color:#d97706;border:1px solid #fde68a}
+.graph-detail-severity-info{background:#eff6ff;color:#2563eb;border:1px solid #bfdbfe}
+/* Issues in detail */
+.graph-detail-issue-summary{margin-bottom:12px}
+.graph-detail-hint{font-size:11px;color:var(--text-muted);line-height:1.5;margin:0}
+.graph-detail-empty{font-size:12px;color:var(--text-muted);padding:16px;text-align:center}
+/* Pulse animation for critical security badges */
+@keyframes graph-pulse{0%,100%{opacity:1}50%{opacity:0.5}}
+.graph-pulse{animation:graph-pulse 2s ease-in-out infinite}
+/* Flow edge animation */
+@keyframes graph-flow-dash{to{stroke-dashoffset:-24}}
+.graph-flow-edge{animation:graph-flow-dash 1s linear infinite}
+`;
+}
+var init_graph_view = __esm({
+  "src/dashboard/styles/graph-view.ts"() {
+    "use strict";
+  }
+});
+// src/dashboard/styles/explorer.ts
+function getExplorerStyles() {
+  return `
+/* Explorer sub-tabs */
+.explorer-tabs{display:flex;gap:0;border-bottom:1px solid var(--border);padding:0 28px;background:var(--bg);position:sticky;top:0;z-index:2}
+.explorer-tab{padding:10px 16px;font-size:13px;font-weight:500;color:var(--text-muted);background:none;border:none;border-bottom:2px solid transparent;cursor:pointer;transition:all .15s;display:flex;align-items:center;gap:6px;font-family:var(--sans);white-space:nowrap}
+.explorer-tab:hover{color:var(--text)}
+.explorer-tab.active{color:var(--accent);border-bottom-color:var(--accent)}
+.explorer-tab-count{font-size:11px;font-family:var(--mono);color:var(--text-muted);background:var(--bg-muted);padding:1px 6px;border-radius:8px}
+.explorer-tab.active .explorer-tab-count{color:var(--accent);background:var(--accent-bg)}
+`;
+}
+var init_explorer = __esm({
+  "src/dashboard/styles/explorer.ts"() {
+    "use strict";
+  }
+});
+// src/dashboard/styles/insights.ts
+function getInsightsStyles() {
+  return `
+/* Insights filter chips */
+.insights-filters{display:flex;gap:6px;padding:16px 28px;border-bottom:1px solid var(--border);background:var(--bg);position:sticky;top:0;z-index:2}
+.insights-chip{font-size:12px;font-weight:500;padding:5px 14px;border:1px solid var(--border);border-radius:20px;background:var(--bg);color:var(--text-muted);cursor:pointer;transition:all .15s;display:flex;align-items:center;gap:5px;font-family:var(--sans)}
+.insights-chip:hover{border-color:var(--text-muted);color:var(--text)}
+.insights-chip.active{background:var(--accent);color:white;border-color:var(--accent)}
+.insights-chip-count{font-size:10px;font-family:var(--mono);background:rgba(0,0,0,.08);padding:1px 5px;border-radius:8px}
+.insights-chip.active .insights-chip-count{background:rgba(255,255,255,.25)}
+/* Insights card list */
+.insights-list{padding:16px 28px}
+.insights-empty{display:flex;align-items:center;gap:10px;padding:24px;color:var(--green);font-size:14px;font-weight:500}
+.insights-empty-icon{font-size:18px}
+.insights-card{display:flex;align-items:flex-start;gap:12px;padding:14px 18px;background:var(--bg-card);border:1px solid var(--border);border-radius:10px;cursor:pointer;transition:all .15s;margin-bottom:8px}
+.insights-card:hover{border-color:var(--border-light);box-shadow:0 2px 8px rgba(0,0,0,.04)}
+.insights-card.expanded{border-color:var(--border-light);box-shadow:0 2px 8px rgba(0,0,0,.04)}
+.insights-card.resolved{opacity:.55}
+.insights-card.resolved:hover{opacity:.8}
+.insights-card-left{flex-shrink:0;padding-top:2px}
+.insights-sev{width:22px;height:22px;display:flex;align-items:center;justify-content:center;font-size:10px;border-radius:50%}
+.insights-sev.critical{background:var(--red-bg);color:var(--red)}
+.insights-sev.warning{background:var(--amber-bg);color:var(--amber)}
+.insights-sev.info{background:var(--blue-bg);color:var(--blue)}
+.insights-card-body{flex:1;min-width:0}
+.insights-card-header{display:flex;align-items:center;gap:8px;flex-wrap:wrap;margin-bottom:3px}
+.insights-card-title{font-size:13px;font-weight:600;color:var(--text)}
+.insights-card-title.resolved{text-decoration:line-through;color:var(--text-muted)}
+.insights-card-cat{font-size:9px;font-weight:600;text-transform:uppercase;letter-spacing:.5px;color:var(--text-muted);background:var(--bg-muted);padding:1px 6px;border-radius:4px}
+.insights-card-count{font-size:11px;font-family:var(--mono);color:var(--text-muted)}
+.insights-card-desc{font-size:12px;color:var(--text-dim);line-height:1.5}
+.insights-card-detail{font-size:11px;font-family:var(--mono);color:var(--text-muted);margin-top:6px;padding:6px 10px;background:var(--bg-muted);border:1px solid var(--border-subtle);border-radius:6px;line-height:1.5}
+.insights-card-progress{font-size:11px;color:var(--text-muted);margin-top:4px;font-family:var(--mono)}
+.insights-card-hint{font-size:12px;color:var(--text-dim);line-height:1.6;margin-top:8px;padding-top:8px;border-top:1px solid var(--border)}
+.insights-badge-regressed{font-size:9px;font-weight:700;color:var(--red);background:var(--red-bg);padding:1px 6px;border-radius:4px}
+.insights-badge-verifying{font-size:9px;font-weight:700;color:var(--amber);background:var(--amber-bg);padding:1px 6px;border-radius:4px}
+.insights-badge-resolved{font-size:9px;font-weight:700;color:var(--green);background:var(--green-bg);padding:1px 6px;border-radius:4px}
+.insights-card-arrow{color:var(--text-muted);font-size:12px;flex-shrink:0;padding-top:2px;font-family:var(--mono);transition:transform .15s}
+.insights-section{display:flex;align-items:center;gap:8px;padding:14px 0 8px;margin-top:4px;font-size:12px;font-weight:700;color:var(--text);text-transform:uppercase;letter-spacing:.5px;border-top:1px solid var(--border);user-select:none}
+.insights-section:first-child{border-top:none;margin-top:0}
+.insights-section-icon{font-size:11px;width:16px;text-align:center}
+.insights-section-count{font-size:11px;font-family:var(--mono);color:var(--text-muted);background:var(--bg-muted);padding:1px 7px;border-radius:8px;font-weight:500}
+.insights-section-regressed{color:var(--red)}
+.insights-section-regressed .insights-section-count{color:var(--red);background:var(--red-bg)}
+.insights-section-verifying{color:var(--amber)}
+.insights-section-verifying .insights-section-count{color:var(--amber);background:var(--amber-bg)}
+.insights-section-resolved{color:var(--green)}
+.insights-section-resolved .insights-section-count{color:var(--green);background:var(--green-bg)}
+.insights-section-dismissed{color:var(--text-muted);cursor:pointer}
+.insights-section-dismissed:hover{color:var(--text)}
+`;
+}
+var init_insights3 = __esm({
+  "src/dashboard/styles/insights.ts"() {
+    "use strict";
+  }
+});
 // src/dashboard/styles.ts
 function getStyles() {
-  return getBaseStyles() + getLayoutStyles() + getFlowStyles() + getRequestStyles() + getPerformanceStyles() + getOverviewStyles() + getSecurityStyles() + getTimelineStyles();
+  return getBaseStyles() + getLayoutStyles() + getFlowStyles() + getRequestStyles() + getPerformanceStyles() + getOverviewStyles() + getSecurityStyles() + getTimelineStyles() + getGraphViewStyles() + getExplorerStyles() + getInsightsStyles();
 }
 var init_styles = __esm({
   "src/dashboard/styles.ts"() {
@@ -4790,10 +5389,13 @@ var init_styles = __esm({
     init_layout();
     init_flows();
     init_requests();
-    init_graph();
+    init_graph2();
     init_overview();
     init_security2();
     init_timeline();
+    init_graph_view();
+    init_explorer();
+    init_insights3();
   }
 });
@@ -4976,6 +5578,12 @@ function recordDashboardOpened() {
     request_count_at_open: session.requestCount
   });
 }
+function recordGraphFeature(feature, detail) {
+  trackEvent(TELEMETRY_EVENT_GRAPH_FEATURE, {
+    feature,
+    ...detail ? { detail } : {}
+  });
+}
 function recordSetupCompleted(info) {
   session.frameworkCandidates = info.frameworkCandidates;
   session.adaptersFailed = info.adaptersFailed;
@@ -5035,8 +5643,8 @@ function trackSession(services) {
     tabs_viewed: [...session.tabsViewed],
     dashboard_opened: session.dashboardOpened,
     explain_used: session.explainUsed,
-    session_duration_s: Math.round((now - session.startTime) / 1e3),
-    // Enhanced fields
+    session_duration_s: Math.ceil((now - session.startTime) / 1e3),
+    session_duration_ms: now - session.startTime,
     setup_succeeded: session.setupSucceeded,
     setup_duration_ms: session.setupDurationMs,
     framework_detection_candidates: session.frameworkCandidates,
@@ -5108,11 +5716,19 @@ function createDashboardHandler(services) {
     issueStore,
     services.bus
   );
+  routes[DASHBOARD_API_GRAPH] = createGraphHandler(services);
   routes[DASHBOARD_API_TAB] = (req, res) => {
-    const raw = (req.url ?? "").split("tab=")[1];
-    if (raw) {
-      const tab = decodeURIComponent(raw).slice(0, MAX_TAB_NAME_LENGTH);
-      if (VALID_TABS.has(tab) && isTelemetryEnabled()) recordTabViewed(tab);
+    if (isTelemetryEnabled()) {
+      const url = new URL(req.url ?? "/", "http://localhost");
+      const tab = url.searchParams.get("tab");
+      if (tab && tab.length <= MAX_TAB_NAME_LENGTH && VALID_TABS.has(tab)) {
+        recordTabViewed(tab);
+      }
+      const event = url.searchParams.get("event");
+      if (event && event.length <= MAX_TAB_NAME_LENGTH) {
+        const detail = url.searchParams.get("detail") ?? void 0;
+        recordGraphFeature(event, detail?.slice(0, MAX_TAB_NAME_LENGTH));
+      }
     }
     res.writeHead(HTTP_NO_CONTENT);
     res.end();
@@ -5141,6 +5757,7 @@ var init_router = __esm({
     init_labels();
     init_api();
     init_issues();
+    init_graph();
     init_sse();
     init_page();
     init_telemetry();
@@ -5557,116 +6174,732 @@ var init_metrics_store = __esm({
           if (epMetrics.sessions.length > METRICS_MAX_SESSIONS) {
             epMetrics.sessions = epMetrics.sessions.slice(-METRICS_MAX_SESSIONS);
           }
-          acc.durations.length = 0;
-          acc.queryCounts.length = 0;
-          acc.errorCount = 0;
+          acc.durations.length = 0;
+          acc.queryCounts.length = 0;
+          acc.errorCount = 0;
+        }
+        for (const [endpoint, points] of this.pendingPoints) {
+          if (points.length === 0) continue;
+          const epMetrics = this.getOrCreateEndpoint(endpoint);
+          const existing = epMetrics.dataPoints ?? [];
+          epMetrics.dataPoints = existing.concat(points).slice(-METRICS_MAX_DATA_POINTS);
+        }
+        this.pendingPoints.clear();
+        this.baselineCache.clear();
+        if (!this.dirty) return;
+        if (sync) {
+          this.persistence.saveSync(this.data);
+        } else {
+          this.persistence.save(this.data);
+        }
+        this.dirty = false;
+      }
+      getOrCreateEndpoint(endpoint) {
+        let ep = this.endpointIndex.get(endpoint);
+        if (!ep) {
+          ep = { endpoint, sessions: [] };
+          this.data.endpoints.push(ep);
+          this.endpointIndex.set(endpoint, ep);
+        }
+        return ep;
+      }
+    };
+  }
+});
+// src/store/metrics/persistence.ts
+import { readFile as readFile4 } from "fs/promises";
+import { readFileSync as readFileSync5, existsSync as existsSync6, unlinkSync as unlinkSync2 } from "fs";
+import { resolve as resolve4 } from "path";
+var DEFAULT_METRICS, FileMetricsPersistence;
+var init_persistence = __esm({
+  "src/store/metrics/persistence.ts"() {
+    "use strict";
+    init_constants();
+    init_atomic_writer();
+    init_fs();
+    init_log();
+    init_type_guards();
+    DEFAULT_METRICS = { version: 1, endpoints: [] };
+    FileMetricsPersistence = class {
+      constructor(dataDir) {
+        this.metricsPath = resolve4(dataDir, METRICS_FILE);
+        this.writer = new AtomicWriter({
+          dir: dataDir,
+          filePath: this.metricsPath,
+          label: "metrics"
+        });
+      }
+      load() {
+        try {
+          if (existsSync6(this.metricsPath)) {
+            return this.parseMetrics(readFileSync5(this.metricsPath, "utf-8"));
+          }
+        } catch (err) {
+          brakitWarn(`failed to load ${this.metricsPath}: ${getErrorMessage(err)}`);
+        }
+        return { ...DEFAULT_METRICS };
+      }
+      async loadAsync() {
+        try {
+          if (await fileExists(this.metricsPath)) {
+            return this.parseMetrics(await readFile4(this.metricsPath, "utf-8"));
+          }
+        } catch (err) {
+          brakitWarn(`failed to load ${this.metricsPath}: ${getErrorMessage(err)}`);
+        }
+        return { ...DEFAULT_METRICS };
+      }
+      /** Parse and validate metrics JSON, returning default empty data on invalid input. */
+      parseMetrics(raw) {
+        return validateMetricsData(JSON.parse(raw)) ?? { ...DEFAULT_METRICS };
+      }
+      save(data) {
+        this.writer.writeAsync(JSON.stringify(data));
+      }
+      saveSync(data) {
+        this.writer.writeSync(JSON.stringify(data));
+      }
+      remove() {
+        try {
+          if (existsSync6(this.metricsPath)) {
+            unlinkSync2(this.metricsPath);
+          }
+        } catch (err) {
+          brakitDebug(`failed to remove metrics file: ${getErrorMessage(err)}`);
+        }
+      }
+    };
+  }
+});
+// src/store/index.ts
+var init_store = __esm({
+  "src/store/index.ts"() {
+    "use strict";
+    init_request_store();
+    init_telemetry_store();
+    init_metrics_store();
+    init_persistence();
+  }
+});
+// src/graph/constants.ts
+var MAX_PATTERNS_PER_EDGE, CLUSTER_SPLIT_THRESHOLD, COMMON_PATH_PREFIXES, PENDING_BUFFER_MAX, PENDING_EVICTION_TARGET, PENDING_TTL_MS;
+var init_constants2 = __esm({
+  "src/graph/constants.ts"() {
+    "use strict";
+    MAX_PATTERNS_PER_EDGE = 10;
+    CLUSTER_SPLIT_THRESHOLD = 15;
+    COMMON_PATH_PREFIXES = /* @__PURE__ */ new Set(["api", "v1", "v2", "v3", "v4"]);
+    PENDING_BUFFER_MAX = 500;
+    PENDING_EVICTION_TARGET = 200;
+    PENDING_TTL_MS = 6e4;
+  }
+});
+// src/graph/graph-builder.ts
+function shouldSkipRequest(req) {
+  if (req.isStatic || req.isHealthCheck) return true;
+  if (isDashboardRequest(req.path)) return true;
+  return false;
+}
+function extractHostname(url) {
+  try {
+    const parsed = new URL(url);
+    const host = parsed.hostname;
+    if (host === "localhost" || host === "127.0.0.1" || host === "::1")
+      return null;
+    return host;
+  } catch {
+    return null;
+  }
+}
+function makeEdgeId(source, target) {
+  return `${source} -> ${target}`;
+}
+function upsertNode(graph, id, type, label, now) {
+  let node = graph.nodes.get(id);
+  if (!node) {
+    node = {
+      id,
+      type,
+      label,
+      stats: {
+        requestCount: 0,
+        avgLatencyMs: 0,
+        errorRate: 0,
+        avgQueryCount: 0,
+        lastSeenAt: now,
+        firstSeenAt: now
+      }
+    };
+    graph.nodes.set(id, node);
+  }
+  node.stats.lastSeenAt = now;
+  return node;
+}
+function upsertEdge(graph, source, target, type, now) {
+  const id = makeEdgeId(source, target);
+  let edge = graph.edges.get(id);
+  if (!edge) {
+    edge = {
+      id,
+      source,
+      target,
+      type,
+      stats: {
+        frequency: 0,
+        avgLatencyMs: 0,
+        lastSeenAt: now,
+        firstSeenAt: now
+      }
+    };
+    graph.edges.set(id, edge);
+  }
+  edge.stats.lastSeenAt = now;
+  return edge;
+}
+function updateRollingAvg(current, newValue, count) {
+  return Math.round(current + (newValue - current) / count);
+}
+var GraphBuilder;
+var init_graph_builder = __esm({
+  "src/graph/graph-builder.ts"() {
+    "use strict";
+    init_endpoint();
+    init_normalize();
+    init_router();
+    init_categorize();
+    init_constants2();
+    GraphBuilder = class {
+      constructor(bus, requestStore) {
+        this.bus = bus;
+        this.requestStore = requestStore;
+        this.graph = {
+          nodes: /* @__PURE__ */ new Map(),
+          edges: /* @__PURE__ */ new Map(),
+          metadata: { totalObservations: 0, lastUpdatedAt: Date.now() }
+        };
+        /**
+         * Buffered telemetry events waiting for their parent request to complete.
+         * Key = parentRequestId, value = pending queries/fetches.
+         */
+        this.pending = /* @__PURE__ */ new Map();
+        /** Accumulated request categories per endpoint node. */
+        this.nodeCategories = /* @__PURE__ */ new Map();
+        /** Latest analysis snapshot — refreshed on every analysis:updated event. */
+        this.latestAnalysis = null;
+        this.cleanupUnsubs = [];
+      }
+      start() {
+        this.cleanupUnsubs.push(
+          this.bus.on("request:completed", (req) => this.handleRequest(req)),
+          this.bus.on("telemetry:query", (q) => this.handleQuery(q)),
+          this.bus.on("telemetry:fetch", (f) => this.handleFetch(f)),
+          this.bus.on(
+            "analysis:updated",
+            (update) => this.handleAnalysisUpdate(update)
+          )
+        );
+      }
+      stop() {
+        for (const unsub of this.cleanupUnsubs) unsub();
+        this.cleanupUnsubs.length = 0;
+      }
+      getGraph() {
+        return this.graph;
+      }
+      /**
+       * Enrich endpoint nodes with p95 from an external metrics source.
+       * Called by the API handler which has access to MetricsStore.
+       */
+      enrichWithMetrics(getP95) {
+        for (const node of this.graph.nodes.values()) {
+          if (node.type !== "endpoint") continue;
+          const key = node.label;
+          const p95 = getP95(key);
+          if (p95 !== void 0) {
+            if (!node.annotations) node.annotations = {};
+            node.annotations.p95Ms = Math.round(p95);
+          }
+        }
+      }
+      getApiResponse(options) {
+        const grouping = options?.grouping ?? "path";
+        const clusters = this.computeClusters(grouping);
+        if (options?.level === "endpoints") {
+          return this.getEndpointView();
+        }
+        if (options?.node) {
+          return this.getNodeNeighborhood(options.node, clusters);
+        }
+        if (options?.cluster) {
+          return this.getClusterExpanded(options.cluster, clusters);
+        }
+        return this.getClusterView(clusters);
+      }
+      clear() {
+        this.graph.nodes.clear();
+        this.graph.edges.clear();
+        this.graph.metadata.totalObservations = 0;
+        this.pending.clear();
+        this.nodeCategories.clear();
+        this.latestAnalysis = null;
+      }
+      handleAnalysisUpdate(update) {
+        this.latestAnalysis = update;
+        this.enrichNodesFromAnalysis();
+      }
+      enrichNodesFromAnalysis() {
+        if (!this.latestAnalysis) return;
+        const { findings, insights, issues } = this.latestAnalysis;
+        for (const node of this.graph.nodes.values()) {
+          if (node.type !== "endpoint") continue;
+          if (node.annotations) {
+            node.annotations.securityFindings = void 0;
+            node.annotations.insights = void 0;
+            node.annotations.openIssueCount = void 0;
+          }
+        }
+        for (const f of findings) {
+          if (!f.endpoint) continue;
+          const nodeId = `endpoint:${f.endpoint}`;
+          const node = this.graph.nodes.get(nodeId);
+          if (!node) continue;
+          if (!node.annotations) node.annotations = {};
+          if (!node.annotations.securityFindings)
+            node.annotations.securityFindings = [];
+          const existing = node.annotations.securityFindings.find(
+            (s) => s.rule === f.rule
+          );
+          if (existing) {
+            existing.count = f.count;
+          } else {
+            node.annotations.securityFindings.push({
+              rule: f.rule,
+              severity: f.severity,
+              title: f.title,
+              count: f.count
+            });
+          }
+        }
+        const endpointNodesByLabel = /* @__PURE__ */ new Map();
+        for (const node of this.graph.nodes.values()) {
+          if (node.type === "endpoint") endpointNodesByLabel.set(node.label, node);
+        }
+        for (const insight of insights) {
+          if (!insight.nav) continue;
+          for (const [label, node] of endpointNodesByLabel) {
+            if (insight.title.includes(label) || insight.desc.includes(label)) {
+              if (!node.annotations) node.annotations = {};
+              if (!node.annotations.insights) node.annotations.insights = [];
+              if (!node.annotations.insights.some(
+                (i) => i.type === insight.type && i.title === insight.title
+              )) {
+                node.annotations.insights.push({
+                  type: insight.type,
+                  severity: insight.severity,
+                  title: insight.title
+                });
+              }
+            }
+          }
+        }
+        for (const si of issues) {
+          if (!si.issue.endpoint) continue;
+          const nodeId = `endpoint:${si.issue.endpoint}`;
+          const node = this.graph.nodes.get(nodeId);
+          if (!node) continue;
+          if (si.state === "open" || si.state === "regressed") {
+            if (!node.annotations) node.annotations = {};
+            node.annotations.openIssueCount = (node.annotations.openIssueCount ?? 0) + 1;
+          }
+        }
+        for (const insight of insights) {
+          if (insight.type !== "n1" && insight.type !== "redundant-query") continue;
+          for (const edge of this.graph.edges.values()) {
+            if (edge.type !== "reads" && edge.type !== "writes") continue;
+            const sourceNode = this.graph.nodes.get(edge.source);
+            if (sourceNode?.annotations?.insights?.some(
+              (i) => i.type === insight.type
+            )) {
+              if (!edge.annotations) edge.annotations = {};
+              edge.annotations.hasIssue = true;
+            }
+          }
+        }
+      }
+      handleRequest(req) {
+        if (shouldSkipRequest(req)) return;
+        const now = Date.now();
+        const endpointKey = getEndpointKey(req.method, req.path);
+        const nodeId = `endpoint:${endpointKey}`;
+        const node = upsertNode(this.graph, nodeId, "endpoint", endpointKey, now);
+        node.stats.requestCount++;
+        const category = detectCategory(req);
+        let cats = this.nodeCategories.get(nodeId);
+        if (!cats) {
+          cats = /* @__PURE__ */ new Set();
+          this.nodeCategories.set(nodeId, cats);
+        }
+        cats.add(category);
+        if (!node.annotations) node.annotations = {};
+        node.annotations.categories = [...cats];
+        node.annotations.isMiddleware = cats.has("middleware");
+        if (!node.annotations.hasAuth) {
+          node.annotations.hasAuth = cats.has("auth-check") || cats.has("auth-handshake") || hasAuthCredentials(req);
+        }
+        node.stats.avgLatencyMs = updateRollingAvg(
+          node.stats.avgLatencyMs,
+          req.durationMs,
+          node.stats.requestCount
+        );
+        const isError = req.statusCode >= 400 ? 1 : 0;
+        node.stats.errorRate = node.stats.errorRate + (isError - node.stats.errorRate) / node.stats.requestCount;
+        this.graph.metadata.totalObservations++;
+        this.graph.metadata.lastUpdatedAt = now;
+        const buffered = this.pending.get(req.id);
+        if (buffered) {
+          let queryCount = 0;
+          for (const query of buffered.queries) {
+            this.processQuery(query, nodeId, now);
+            queryCount++;
+          }
+          for (const fetch of buffered.fetches) {
+            this.processFetch(fetch, nodeId, now);
+          }
+          this.pending.delete(req.id);
+          if (queryCount > 0) {
+            node.stats.avgQueryCount = updateRollingAvg(
+              node.stats.avgQueryCount,
+              queryCount,
+              node.stats.requestCount
+            );
+          }
         }
-        for (const [endpoint, points] of this.pendingPoints) {
-          if (points.length === 0) continue;
-          const epMetrics = this.getOrCreateEndpoint(endpoint);
-          const existing = epMetrics.dataPoints ?? [];
-          epMetrics.dataPoints = existing.concat(points).slice(-METRICS_MAX_DATA_POINTS);
+        const now2 = Date.now();
+        for (const [key, entry] of this.pending) {
+          if (now2 - entry.createdAt > PENDING_TTL_MS) this.pending.delete(key);
         }
-        this.pendingPoints.clear();
-        this.baselineCache.clear();
-        if (!this.dirty) return;
-        if (sync) {
-          this.persistence.saveSync(this.data);
-        } else {
-          this.persistence.save(this.data);
+        if (this.pending.size > PENDING_BUFFER_MAX) {
+          const keys = [...this.pending.keys()];
+          for (let i = 0; i < keys.length - PENDING_EVICTION_TARGET; i++) {
+            this.pending.delete(keys[i]);
+          }
         }
-        this.dirty = false;
       }
-      getOrCreateEndpoint(endpoint) {
-        let ep = this.endpointIndex.get(endpoint);
-        if (!ep) {
-          ep = { endpoint, sessions: [] };
-          this.data.endpoints.push(ep);
-          this.endpointIndex.set(endpoint, ep);
+      handleQuery(query) {
+        if (!query.parentRequestId || !query.table) return;
+        let pending2 = this.pending.get(query.parentRequestId);
+        if (!pending2) {
+          pending2 = { queries: [], fetches: [], createdAt: Date.now() };
+          this.pending.set(query.parentRequestId, pending2);
         }
-        return ep;
-      }
-    };
-  }
-});
-// src/store/metrics/persistence.ts
-import { readFile as readFile4 } from "fs/promises";
-import { readFileSync as readFileSync5, existsSync as existsSync6, unlinkSync as unlinkSync2 } from "fs";
-import { resolve as resolve4 } from "path";
-var DEFAULT_METRICS, FileMetricsPersistence;
-var init_persistence = __esm({
-  "src/store/metrics/persistence.ts"() {
-    "use strict";
-    init_constants();
-    init_atomic_writer();
-    init_fs();
-    init_log();
-    init_type_guards();
-    DEFAULT_METRICS = { version: 1, endpoints: [] };
-    FileMetricsPersistence = class {
-      constructor(dataDir) {
-        this.metricsPath = resolve4(dataDir, METRICS_FILE);
-        this.writer = new AtomicWriter({
-          dir: dataDir,
-          filePath: this.metricsPath,
-          label: "metrics"
-        });
+        pending2.queries.push(query);
       }
-      load() {
-        try {
-          if (existsSync6(this.metricsPath)) {
-            return this.parseMetrics(readFileSync5(this.metricsPath, "utf-8"));
+      handleFetch(fetch) {
+        if (!fetch.parentRequestId) return;
+        const hostname = extractHostname(fetch.url);
+        if (!hostname) return;
+        let pending2 = this.pending.get(fetch.parentRequestId);
+        if (!pending2) {
+          pending2 = { queries: [], fetches: [], createdAt: Date.now() };
+          this.pending.set(fetch.parentRequestId, pending2);
+        }
+        pending2.fetches.push(fetch);
+      }
+      // ── Process buffered events (called after request completes) ──
+      processQuery(query, endpointNodeId, now) {
+        if (!query.table) return;
+        const tableNodeId = `table:${query.table}`;
+        upsertNode(this.graph, tableNodeId, "table", query.table, now);
+        const edgeType = query.normalizedOp === "SELECT" ? "reads" : "writes";
+        const edge = upsertEdge(
+          this.graph,
+          endpointNodeId,
+          tableNodeId,
+          edgeType,
+          now
+        );
+        edge.stats.frequency++;
+        edge.stats.avgLatencyMs = updateRollingAvg(
+          edge.stats.avgLatencyMs,
+          query.durationMs,
+          edge.stats.frequency
+        );
+        if (query.sql) {
+          const normalized = normalizeQueryParams(query.sql);
+          if (normalized) {
+            if (!edge.patterns) edge.patterns = [];
+            if (!edge.patterns.includes(normalized) && edge.patterns.length < MAX_PATTERNS_PER_EDGE) {
+              edge.patterns.push(normalized);
+            }
           }
-        } catch (err) {
-          brakitWarn(`failed to load ${this.metricsPath}: ${getErrorMessage(err)}`);
         }
-        return { ...DEFAULT_METRICS };
       }
-      async loadAsync() {
-        try {
-          if (await fileExists(this.metricsPath)) {
-            return this.parseMetrics(await readFile4(this.metricsPath, "utf-8"));
+      processFetch(fetch, endpointNodeId, now) {
+        const hostname = extractHostname(fetch.url);
+        if (!hostname) return;
+        const externalNodeId = `external:${hostname}`;
+        upsertNode(this.graph, externalNodeId, "external", hostname, now);
+        const edge = upsertEdge(
+          this.graph,
+          endpointNodeId,
+          externalNodeId,
+          "fetches",
+          now
+        );
+        edge.stats.frequency++;
+        edge.stats.avgLatencyMs = updateRollingAvg(
+          edge.stats.avgLatencyMs,
+          fetch.durationMs,
+          edge.stats.frequency
+        );
+      }
+      // ── Clustering ──
+      computeClusters(strategy = "path") {
+        const endpointNodes = [...this.graph.nodes.values()].filter(
+          (n) => n.type === "endpoint"
+        );
+        if (strategy === "auth-boundary") {
+          return this.clusterByAuthBoundary(endpointNodes);
+        }
+        if (strategy === "data-domain") {
+          return this.clusterByDataDomain(endpointNodes);
+        }
+        return this.clusterByPath(endpointNodes);
+      }
+      clusterByPath(endpointNodes) {
+        const groups = /* @__PURE__ */ new Map();
+        for (const node of endpointNodes) {
+          const parts = node.label.split(" ");
+          const path = parts[1] || parts[0];
+          const segments = path.split("/").filter(Boolean);
+          let i = 0;
+          while (i < segments.length && COMMON_PATH_PREFIXES.has(segments[i])) {
+            i++;
           }
-        } catch (err) {
-          brakitWarn(`failed to load ${this.metricsPath}: ${getErrorMessage(err)}`);
+          const groupKey = segments[i] || segments[0] || "root";
+          if (!groups.has(groupKey)) groups.set(groupKey, []);
+          groups.get(groupKey).push(node.id);
         }
-        return { ...DEFAULT_METRICS };
+        const clusters = /* @__PURE__ */ new Map();
+        for (const [key, children] of groups) {
+          if (children.length > CLUSTER_SPLIT_THRESHOLD) {
+            const subGroups = /* @__PURE__ */ new Map();
+            for (const childId of children) {
+              const node = this.graph.nodes.get(childId);
+              const parts = node.label.split(" ");
+              const path = parts[1] || parts[0];
+              const segments = path.split("/").filter(Boolean);
+              let idx = segments.indexOf(key);
+              if (idx === -1) idx = 0;
+              const subKey = `${key}/${segments[idx + 1] || "root"}`;
+              if (!subGroups.has(subKey)) subGroups.set(subKey, []);
+              subGroups.get(subKey).push(childId);
+            }
+            for (const [subKey, subChildren] of subGroups) {
+              clusters.set(subKey, this.buildCluster(subKey, subChildren));
+            }
+          } else {
+            clusters.set(key, this.buildCluster(key, children));
+          }
+        }
+        return clusters;
+      }
+      clusterByAuthBoundary(endpointNodes) {
+        const authed = [];
+        const unauthed = [];
+        for (const node of endpointNodes) {
+          if (node.annotations?.hasAuth) {
+            authed.push(node.id);
+          } else {
+            unauthed.push(node.id);
+          }
+        }
+        const clusters = /* @__PURE__ */ new Map();
+        if (authed.length > 0)
+          clusters.set("authenticated", this.buildCluster("authenticated", authed));
+        if (unauthed.length > 0)
+          clusters.set(
+            "unauthenticated",
+            this.buildCluster("unauthenticated", unauthed)
+          );
+        return clusters;
+      }
+      clusterByDataDomain(endpointNodes) {
+        const endpointTables = /* @__PURE__ */ new Map();
+        for (const edge of this.graph.edges.values()) {
+          if (edge.type !== "reads" && edge.type !== "writes") continue;
+          const tableLabel = this.graph.nodes.get(edge.target)?.label;
+          if (!tableLabel) continue;
+          let tables = endpointTables.get(edge.source);
+          if (!tables) {
+            tables = /* @__PURE__ */ new Set();
+            endpointTables.set(edge.source, tables);
+          }
+          tables.add(tableLabel);
+        }
+        const groups = /* @__PURE__ */ new Map();
+        for (const node of endpointNodes) {
+          const tables = endpointTables.get(node.id);
+          const groupKey = tables && tables.size > 0 ? [...tables].sort().join("+") : "no-db";
+          if (!groups.has(groupKey)) groups.set(groupKey, []);
+          groups.get(groupKey).push(node.id);
+        }
+        const clusters = /* @__PURE__ */ new Map();
+        for (const [key, children] of groups) {
+          clusters.set(key, this.buildCluster(key, children));
+        }
+        return clusters;
+      }
+      buildCluster(key, children) {
+        let totalLatency = 0;
+        let totalRequests = 0;
+        let totalErrors = 0;
+        let totalQueries = 0;
+        let firstSeen = Infinity;
+        let lastSeen = 0;
+        for (const childId of children) {
+          const node = this.graph.nodes.get(childId);
+          if (!node) continue;
+          totalRequests += node.stats.requestCount;
+          totalLatency += node.stats.avgLatencyMs * node.stats.requestCount;
+          totalErrors += node.stats.errorRate * node.stats.requestCount;
+          totalQueries += node.stats.avgQueryCount * node.stats.requestCount;
+          firstSeen = Math.min(firstSeen, node.stats.firstSeenAt);
+          lastSeen = Math.max(lastSeen, node.stats.lastSeenAt);
+        }
+        return {
+          id: `cluster:${key}`,
+          label: key,
+          children,
+          stats: {
+            requestCount: totalRequests,
+            avgLatencyMs: totalRequests > 0 ? Math.round(totalLatency / totalRequests) : 0,
+            errorRate: totalRequests > 0 ? totalErrors / totalRequests : 0,
+            avgQueryCount: totalRequests > 0 ? Math.round(totalQueries / totalRequests * 10) / 10 : 0,
+            lastSeenAt: lastSeen || Date.now(),
+            firstSeenAt: firstSeen === Infinity ? Date.now() : firstSeen
+          }
+        };
       }
-      /** Parse and validate metrics JSON, returning default empty data on invalid input. */
-      parseMetrics(raw) {
-        return validateMetricsData(JSON.parse(raw)) ?? { ...DEFAULT_METRICS };
+      // ── API response builders ──
+      getEndpointView() {
+        const allNodes = [...this.graph.nodes.values()];
+        const allEdges = [...this.graph.edges.values()];
+        return {
+          nodes: allNodes,
+          edges: allEdges,
+          clusters: [],
+          metadata: this.graph.metadata
+        };
       }
-      save(data) {
-        this.writer.writeAsync(JSON.stringify(data));
+      getClusterView(clusters) {
+        const clusterArr = [...clusters.values()];
+        const otherNodes = [...this.graph.nodes.values()].filter(
+          (n) => n.type !== "endpoint"
+        );
+        const endpointToCluster = /* @__PURE__ */ new Map();
+        for (const c of clusterArr) {
+          for (const childId of c.children) {
+            endpointToCluster.set(childId, c.id);
+          }
+        }
+        const edgeAgg = /* @__PURE__ */ new Map();
+        for (const edge of this.graph.edges.values()) {
+          const sourceCluster = endpointToCluster.get(edge.source) ?? edge.source;
+          const target = edge.target;
+          const aggId = makeEdgeId(sourceCluster, target);
+          let agg = edgeAgg.get(aggId);
+          if (!agg) {
+            agg = {
+              id: aggId,
+              source: sourceCluster,
+              target,
+              type: edge.type,
+              stats: { ...edge.stats },
+              patterns: edge.patterns ? [...edge.patterns] : void 0
+            };
+            edgeAgg.set(aggId, agg);
+          } else {
+            agg.stats.frequency += edge.stats.frequency;
+            agg.stats.avgLatencyMs = Math.round(
+              (agg.stats.avgLatencyMs + edge.stats.avgLatencyMs) / 2
+            );
+            agg.stats.lastSeenAt = Math.max(
+              agg.stats.lastSeenAt,
+              edge.stats.lastSeenAt
+            );
+            agg.stats.firstSeenAt = Math.min(
+              agg.stats.firstSeenAt,
+              edge.stats.firstSeenAt
+            );
+          }
+        }
+        return {
+          nodes: otherNodes,
+          edges: [...edgeAgg.values()],
+          clusters: clusterArr,
+          metadata: this.graph.metadata
+        };
       }
-      saveSync(data) {
-        this.writer.writeSync(JSON.stringify(data));
+      getClusterExpanded(clusterId, clusters) {
+        const clusterKey = clusterId.startsWith("cluster:") ? clusterId.slice(8) : clusterId;
+        const cluster = clusters.get(clusterKey);
+        if (!cluster) return this.getClusterView(clusters);
+        const childNodes = [];
+        const connectedNodeIds = /* @__PURE__ */ new Set();
+        const relevantEdges = [];
+        for (const childId of cluster.children) {
+          const node = this.graph.nodes.get(childId);
+          if (node) childNodes.push(node);
+          for (const edge of this.graph.edges.values()) {
+            if (edge.source === childId || edge.target === childId) {
+              relevantEdges.push(edge);
+              if (edge.source !== childId) connectedNodeIds.add(edge.source);
+              if (edge.target !== childId) connectedNodeIds.add(edge.target);
+            }
+          }
+        }
+        for (const nodeId of connectedNodeIds) {
+          if (!cluster.children.includes(nodeId)) {
+            const node = this.graph.nodes.get(nodeId);
+            if (node) childNodes.push(node);
+          }
+        }
+        return {
+          nodes: childNodes,
+          edges: relevantEdges,
+          clusters: [cluster],
+          metadata: this.graph.metadata
+        };
       }
-      remove() {
-        try {
-          if (existsSync6(this.metricsPath)) {
-            unlinkSync2(this.metricsPath);
+      getNodeNeighborhood(nodeId, clusters) {
+        const centerNode = this.graph.nodes.get(nodeId);
+        if (!centerNode) return this.getClusterView(clusters);
+        const nodes = [centerNode];
+        const edges = [];
+        for (const edge of this.graph.edges.values()) {
+          if (edge.source === nodeId || edge.target === nodeId) {
+            edges.push(edge);
+            const otherId = edge.source === nodeId ? edge.target : edge.source;
+            const otherNode = this.graph.nodes.get(otherId);
+            if (otherNode) nodes.push(otherNode);
           }
-        } catch (err) {
-          brakitDebug(`failed to remove metrics file: ${getErrorMessage(err)}`);
         }
+        return {
+          nodes,
+          edges,
+          clusters: [],
+          metadata: this.graph.metadata
+        };
       }
     };
   }
 });
-// src/store/index.ts
-var init_store = __esm({
-  "src/store/index.ts"() {
-    "use strict";
-    init_request_store();
-    init_telemetry_store();
-    init_metrics_store();
-    init_persistence();
-  }
-});
 // src/output/terminal.ts
 import pc from "picocolors";
 function print(line) {
@@ -5704,6 +6937,7 @@ function startTerminalInsights(services, proxyPort) {
     const resolvedLines = [];
     const regressedLines = [];
     for (const si of issues) {
+      if (si.aiStatus === "wont_fix") continue;
       if (si.state === "resolved") {
         if (resolvedKeys.has(si.issueId)) continue;
         resolvedKeys.add(si.issueId);
@@ -5848,125 +7082,6 @@ var init_guard = __esm({
   }
 });
-// src/runtime/capture.ts
-import { gunzip, brotliDecompress, inflate } from "zlib";
-function outgoingToIncoming(headers2) {
-  const result = {};
-  for (const [key, value] of Object.entries(headers2)) {
-    if (value === void 0) continue;
-    if (Array.isArray(value)) {
-      result[key] = value.map(String);
-    } else {
-      result[key] = String(value);
-    }
-  }
-  return result;
-}
-function getDecompressor(encoding) {
-  if (encoding === CONTENT_ENCODING_GZIP) return gunzip;
-  if (encoding === CONTENT_ENCODING_BR) return brotliDecompress;
-  if (encoding === CONTENT_ENCODING_DEFLATE) return inflate;
-  return null;
-}
-function decompressAsync(body, encoding) {
-  const decompressor = getDecompressor(encoding);
-  if (!decompressor) return Promise.resolve(body);
-  return new Promise((resolve6) => {
-    decompressor(body, (err, result) => {
-      resolve6(err ? body : result);
-    });
-  });
-}
-function toBuffer(chunk) {
-  if (Buffer.isBuffer(chunk)) return chunk;
-  if (chunk instanceof Uint8Array) return Buffer.from(chunk.buffer, chunk.byteOffset, chunk.byteLength);
-  if (typeof chunk === "string") return Buffer.from(chunk);
-  return null;
-}
-function captureInProcess(req, res, requestId, requestStore, isChild = false) {
-  const startTime = performance.now();
-  const method = req.method ?? "GET";
-  const resChunks = [];
-  let resSize = 0;
-  const originalWrite = res.write;
-  const originalEnd = res.end;
-  let truncated = false;
-  res.write = function(...args) {
-    try {
-      const chunk = args[0];
-      if (chunk != null && typeof chunk !== "function") {
-        if (resSize < DEFAULT_MAX_BODY_CAPTURE) {
-          const buf = toBuffer(chunk);
-          if (buf) {
-            resChunks.push(buf);
-            resSize += buf.length;
-          }
-        } else {
-          truncated = true;
-        }
-      }
-    } catch (e) {
-      brakitDebug(`capture write: ${getErrorMessage(e)}`);
-    }
-    return originalWrite.apply(this, args);
-  };
-  res.end = function(...args) {
-    try {
-      const chunk = typeof args[0] !== "function" ? args[0] : void 0;
-      if (chunk != null && resSize < DEFAULT_MAX_BODY_CAPTURE) {
-        const buf = toBuffer(chunk);
-        if (buf) {
-          resChunks.push(buf);
-        }
-      }
-    } catch (e) {
-      brakitDebug(`capture end: ${getErrorMessage(e)}`);
-    }
-    const result = originalEnd.apply(this, args);
-    const endTime = performance.now();
-    const encoding = String(res.getHeader("content-encoding") ?? "").toLowerCase();
-    const statusCode = res.statusCode;
-    const responseHeaders = outgoingToIncoming(res.getHeaders());
-    const responseContentType = String(res.getHeader("content-type") ?? "");
-    const capturedChunks = resChunks.slice();
-    if (!isChild) {
-      void (async () => {
-        try {
-          let body = capturedChunks.length > 0 ? Buffer.concat(capturedChunks) : null;
-          if (body && encoding && !truncated) {
-            body = await decompressAsync(body, encoding);
-          }
-          requestStore.capture({
-            requestId,
-            method,
-            url: req.url ?? "/",
-            requestHeaders: req.headers,
-            requestBody: null,
-            statusCode,
-            responseHeaders,
-            responseBody: body,
-            responseContentType,
-            startTime,
-            endTime,
-            config: { maxBodyCapture: DEFAULT_MAX_BODY_CAPTURE }
-          });
-        } catch (e) {
-          brakitDebug(`capture store: ${getErrorMessage(e)}`);
-        }
-      })();
-    }
-    return result;
-  };
-}
-var init_capture = __esm({
-  "src/runtime/capture.ts"() {
-    "use strict";
-    init_constants();
-    init_log();
-    init_type_guards();
-  }
-});
 // src/runtime/interceptor.ts
 import http from "http";
 import { randomUUID as randomUUID8 } from "crypto";
@@ -6152,7 +7267,8 @@ function registerLifecycle(allServices, stores, services, cwd) {
   process.on("SIGTERM", () => {
     recordExitReason(EXIT_REASON_SIGTERM);
   });
-  process.on("beforeExit", () => {
+  process.on("beforeExit", async () => {
+    await drainPendingCaptures();
     recordExitReason(EXIT_REASON_CLEAN);
     sendTelemetry();
   });
@@ -6182,6 +7298,9 @@ async function doSetup() {
     hooks_installed: ["fetch", "console", "error"],
     setup_duration_ms: setupDurationMs
   });
+  const graphBuilder = new GraphBuilder(bus, stores.requestStore);
+  graphBuilder.start();
+  services.graphBuilder = graphBuilder;
   const dataDir = getProjectDataDir(cwd);
   const analysisServices = startAnalysis(bus, stores, dataDir, services);
   const config = {
@@ -6242,6 +7361,7 @@ var init_setup = __esm({
   "src/runtime/setup.ts"() {
     "use strict";
     init_fetch();
+    init_capture();
     init_console();
     init_errors();
     init_adapters();
@@ -6252,6 +7372,7 @@ var init_setup = __esm({
     init_store();
     init_issue_store();
     init_engine();
+    init_graph_builder();
     init_terminal();
     init_src();
     init_constants();