depwire-cli 1.1.1 → 1.1.4

package/dist/{chunk-Y2CGCAMZ.js → chunk-ZO3LWFDE.js}

@@ -38,8 +38,9 @@ function scanDirectory(rootDir, baseDir = rootDir) {
         const isKotlin = entry.endsWith(".kt") || entry.endsWith(".kts") || entry === "settings.gradle.kts" || entry === "settings.gradle";
         const isPhp = entry.endsWith(".php");
         const isSwift = entry.endsWith(".swift");
+        const isMojo = entry.endsWith(".mojo") || entry.endsWith(".\u{1F525}");
         const isCppBuild = entry === "CMakeLists.txt" || entry === "conanfile.txt" || entry === "vcpkg.json";
-        if (isTypeScript || isJavaScript || isPython || isGo || isRust || isC || isCpp || isCSharp || isJava || isKotlin || isPhp || isSwift || isCppBuild) {
+        if (isTypeScript || isJavaScript || isPython || isGo || isRust || isC || isCpp || isCSharp || isJava || isKotlin || isPhp || isSwift || isMojo || isCppBuild) {
           files.push(relative(rootDir, fullPath));
         }
       }
@@ -87,6 +88,8 @@ function findProjectRoot(startDir = process.cwd()) {
     // PHP
     "Package.swift",
     // Swift (SPM)
+    "mojoproject.toml",
+    // Mojo
     ".git"
     // Any git repo
   ];
@@ -121,10 +124,10 @@ function findProjectRoot(startDir = process.cwd()) {
 
 // src/parser/index.ts
 import { readFileSync as readFileSync11, statSync as statSync8 } from "fs";
-import { join as join14, resolve as resolve8 } from "path";
+import { join as join15, resolve as resolve9 } from "path";
 
 // src/parser/detect.ts
-import { extname as extname9, basename as basename7 } from "path";
+import { extname as extname10, basename as basename8 } from "path";
 
 // src/parser/wasm-init.ts
 import { Parser, Language } from "web-tree-sitter";
@@ -158,6 +161,7 @@ async function initParser() {
     "kotlin": "tree-sitter-kotlin.wasm",
     "php": "tree-sitter-php.wasm",
     "swift": "tree-sitter-swift.wasm"
+    // Note: Mojo uses a pattern-based parser (no tree-sitter-mojo WASM available)
   };
   for (const [name, file] of Object.entries(grammarFiles)) {
     const wasmPath = path.join(grammarsDir, file);
@@ -6805,6 +6809,351 @@ var swiftParser = {
   parseFile: parseSwiftFile
 };
 
+// src/parser/mojo.ts
+import { dirname as dirname13, join as join14, basename as basename7 } from "path";
+function parseMojoFile(filePath, sourceCode, projectRoot) {
+  if (filePath.endsWith("mojoproject.toml")) {
+    return parseMojoProject(filePath, sourceCode, projectRoot);
+  }
+  const context = {
+    filePath,
+    projectRoot,
+    sourceCode,
+    symbols: [],
+    edges: [],
+    currentScope: [],
+    currentClass: null,
+    imports: /* @__PURE__ */ new Map()
+  };
+  const lines = sourceCode.split("\n");
+  parseLines(lines, context);
+  return {
+    filePath,
+    symbols: context.symbols,
+    edges: context.edges
+  };
+}
+function parseLines(lines, context) {
+  let i = 0;
+  while (i < lines.length) {
+    const line = lines[i];
+    const trimmed = line.trimStart();
+    const indent = line.length - trimmed.length;
+    const lineNum = i + 1;
+    if (!trimmed || trimmed.startsWith("#")) {
+      i++;
+      continue;
+    }
+    if (trimmed.startsWith("@")) {
+      i++;
+      continue;
+    }
+    if (trimmed.startsWith("import ") || trimmed.startsWith("from ")) {
+      processImport(trimmed, lineNum, context);
+      i++;
+      continue;
+    }
+    const fnMatch = trimmed.match(/^fn\s+(\w+)\s*[\[(]/);
+    if (fnMatch) {
+      const name = fnMatch[1];
+      const endLine = findBlockEnd(lines, i, indent);
+      addFunction(name, lineNum, endLine, context);
+      i = endLine;
+      continue;
+    }
+    const defMatch = trimmed.match(/^def\s+(\w+)\s*[\[(]/);
+    if (defMatch) {
+      const name = defMatch[1];
+      const endLine = findBlockEnd(lines, i, indent);
+      addFunction(name, lineNum, endLine, context);
+      i = endLine;
+      continue;
+    }
+    const structMatch = trimmed.match(/^struct\s+(\w+)/);
+    if (structMatch) {
+      const name = structMatch[1];
+      const endLine = findBlockEnd(lines, i, indent);
+      addType(name, "class", lineNum, endLine, context);
+      parseStructBody(lines, i + 1, endLine, indent, name, context);
+      i = endLine;
+      continue;
+    }
+    const classMatch = trimmed.match(/^class\s+(\w+)/);
+    if (classMatch) {
+      const name = classMatch[1];
+      const endLine = findBlockEnd(lines, i, indent);
+      addType(name, "class", lineNum, endLine, context);
+      parseStructBody(lines, i + 1, endLine, indent, name, context);
+      i = endLine;
+      continue;
+    }
+    const traitMatch = trimmed.match(/^trait\s+(\w+)/);
+    if (traitMatch) {
+      const name = traitMatch[1];
+      const endLine = findBlockEnd(lines, i, indent);
+      addType(name, "interface", lineNum, endLine, context);
+      parseStructBody(lines, i + 1, endLine, indent, name, context);
+      i = endLine;
+      continue;
+    }
+    const aliasMatch = trimmed.match(/^alias\s+(\w+)\s*[=:]/);
+    if (aliasMatch) {
+      const name = aliasMatch[1];
+      context.symbols.push({
+        id: `${context.filePath}::${name}`,
+        name,
+        kind: "type_alias",
+        filePath: context.filePath,
+        startLine: lineNum,
+        endLine: lineNum,
+        exported: true
+      });
+      i++;
+      continue;
+    }
+    const varMatch = trimmed.match(/^(var|let)\s+(\w+)/);
+    if (varMatch && indent === 0) {
+      const name = varMatch[2];
+      const kind = varMatch[1] === "let" ? "constant" : "var";
+      context.symbols.push({
+        id: `${context.filePath}::${name}`,
+        name,
+        kind,
+        filePath: context.filePath,
+        startLine: lineNum,
+        endLine: lineNum,
+        exported: true
+      });
+      i++;
+      continue;
+    }
+    processCallsInLine(trimmed, lineNum, context);
+    i++;
+  }
+}
+function processImport(line, lineNum, context) {
+  let importName = null;
+  const fromMatch = line.match(/^from\s+([\w.]+)\s+import\s+(.+)/);
+  if (fromMatch) {
+    const module = fromMatch[1];
+    const symbols = fromMatch[2].split(",").map((s) => s.trim());
+    importName = module;
+    for (const sym of symbols) {
+      const cleanSym = sym.split(" as ")[0].trim();
+      if (cleanSym && cleanSym !== "*") {
+        context.imports.set(cleanSym, `${module}::${cleanSym}`);
+      }
+    }
+  } else {
+    const importMatch = line.match(/^import\s+([\w.]+)(?:\s+as\s+(\w+))?/);
+    if (importMatch) {
+      importName = importMatch[1];
+      const alias = importMatch[2] || importMatch[1].split(".").pop();
+      context.imports.set(alias, `${importMatch[1]}::__module__`);
+    }
+  }
+  if (importName) {
+    context.symbols.push({
+      id: `${context.filePath}::import:${importName}`,
+      name: importName,
+      kind: "import",
+      filePath: context.filePath,
+      startLine: lineNum,
+      endLine: lineNum,
+      exported: false
+    });
+  }
+}
+function addFunction(name, startLine, endLine, context) {
+  const scope = context.currentClass || void 0;
+  const symbolId = scope ? `${context.filePath}::${scope}.${name}` : `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: context.currentClass ? "method" : "function",
+    filePath: context.filePath,
+    startLine,
+    endLine,
+    exported: true,
+    scope
+  });
+}
+function addType(name, kind, startLine, endLine, context) {
+  context.symbols.push({
+    id: `${context.filePath}::${name}`,
+    name,
+    kind,
+    filePath: context.filePath,
+    startLine,
+    endLine,
+    exported: true
+  });
+}
+function parseStructBody(lines, start, end, baseIndent, className, context) {
+  const oldClass = context.currentClass;
+  context.currentClass = className;
+  let i = start;
+  while (i < end && i < lines.length) {
+    const line = lines[i];
+    const trimmed = line.trimStart();
+    const indent = line.length - trimmed.length;
+    const lineNum = i + 1;
+    if (!trimmed || trimmed.startsWith("#") || trimmed.startsWith("@")) {
+      i++;
+      continue;
+    }
+    if (indent <= baseIndent) break;
+    const fnMatch = trimmed.match(/^(fn|def)\s+(\w+)\s*[\[(]/);
+    if (fnMatch) {
+      const name = fnMatch[2];
+      const fnEnd = findBlockEnd(lines, i, indent);
+      addFunction(name, lineNum, fnEnd, context);
+      i = fnEnd;
+      continue;
+    }
+    const varMatch = trimmed.match(/^(var|let)\s+(\w+)/);
+    if (varMatch) {
+      const name = varMatch[2];
+      context.symbols.push({
+        id: `${context.filePath}::${className}.${name}`,
+        name,
+        kind: "property",
+        filePath: context.filePath,
+        startLine: lineNum,
+        endLine: lineNum,
+        exported: true,
+        scope: className
+      });
+      i++;
+      continue;
+    }
+    const aliasMatch = trimmed.match(/^alias\s+(\w+)\s*[=:]/);
+    if (aliasMatch) {
+      const name = aliasMatch[1];
+      context.symbols.push({
+        id: `${context.filePath}::${className}.${name}`,
+        name,
+        kind: "type_alias",
+        filePath: context.filePath,
+        startLine: lineNum,
+        endLine: lineNum,
+        exported: true,
+        scope: className
+      });
+      i++;
+      continue;
+    }
+    i++;
+  }
+  context.currentClass = oldClass;
+}
+function processCallsInLine(line, lineNum, context) {
+  const callRegex = /\b(\w+)\s*(?:\[[^\]]*\]\s*)?\(/g;
+  let match;
+  const builtins = /* @__PURE__ */ new Set([
+    "print",
+    "len",
+    "range",
+    "int",
+    "str",
+    "float",
+    "bool",
+    "type",
+    "if",
+    "elif",
+    "while",
+    "for",
+    "return",
+    "raise",
+    "assert",
+    "fn",
+    "def",
+    "struct",
+    "class",
+    "trait",
+    "alias",
+    "var",
+    "let",
+    "from",
+    "import",
+    "inout",
+    "owned",
+    "borrowed"
+  ]);
+  while ((match = callRegex.exec(line)) !== null) {
+    const name = match[1];
+    if (builtins.has(name)) continue;
+    if (name.startsWith("_") && name !== "__init__") continue;
+    if (context.currentScope.length > 0 || context.currentClass) {
+      const callerId = context.currentClass ? `${context.filePath}::${context.currentClass}` : `${context.filePath}::__file__`;
+      const targetId = context.imports.get(name) || `${context.filePath}::${name}`;
+      context.edges.push({
+        source: callerId,
+        target: targetId,
+        kind: "calls",
+        filePath: context.filePath,
+        line: lineNum
+      });
+    }
+  }
+}
+function findBlockEnd(lines, startIdx, baseIndent) {
+  let i = startIdx + 1;
+  while (i < lines.length) {
+    const line = lines[i];
+    if (line.trim() === "") {
+      i++;
+      continue;
+    }
+    const indent = line.length - line.trimStart().length;
+    if (indent <= baseIndent) {
+      return i;
+    }
+    i++;
+  }
+  return i;
+}
+function parseMojoProject(filePath, sourceCode, projectRoot) {
+  const symbols = [];
+  const edges = [];
+  const lines = sourceCode.split("\n");
+  let projectName = basename7(dirname13(join14(projectRoot, filePath)));
+  const nameMatch = sourceCode.match(/name\s*=\s*["']([^"']+)["']/);
+  if (nameMatch) {
+    projectName = nameMatch[1];
+  }
+  symbols.push({
+    id: `${filePath}::${projectName}`,
+    name: projectName,
+    kind: "module",
+    filePath,
+    startLine: 1,
+    endLine: lines.length,
+    exported: true
+  });
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i].trim();
+    const depMatch = line.match(/^(\w[\w-]*)\s*=\s*["']([^"']+)["']/);
+    if (depMatch) {
+      symbols.push({
+        id: `${filePath}::dep:${depMatch[1]}`,
+        name: depMatch[1],
+        kind: "import",
+        filePath,
+        startLine: i + 1,
+        endLine: i + 1,
+        exported: false
+      });
+    }
+  }
+  return { filePath, symbols, edges };
+}
+var mojoParser = {
+  name: "mojo",
+  extensions: [".mojo", ".\u{1F525}", "mojoproject.toml"],
+  parseFile: parseMojoFile
+};
+
 // src/parser/detect.ts
 var parsers = [
   typescriptParser,
@@ -6818,12 +7167,13 @@ var parsers = [
   cppParser,
   kotlinParser,
   phpParser,
-  swiftParser
+  swiftParser,
+  mojoParser
 ];
 var CPP_KEYWORDS = /\b(?:class|namespace|template|public:|private:|protected:|virtual|nullptr|constexpr|auto\s+\w+\s*=|using\s+\w+\s*=|static_cast|dynamic_cast|reinterpret_cast|const_cast|noexcept|override|final|decltype|concept|requires|co_await|co_yield|co_return|std::)\b/;
 function getParserForFile(filePath, content) {
-  const ext = extname9(filePath).toLowerCase();
-  const fileName = basename7(filePath);
+  const ext = extname10(filePath).toLowerCase();
+  const fileName = basename8(filePath);
   if (ext === ".h" && content) {
     if (CPP_KEYWORDS.test(content)) {
       return cppParser;
@@ -6859,8 +7209,8 @@ async function parseProject(projectRoot, options) {
   let errorFiles = 0;
   for (const file of files) {
     try {
-      const fullPath = join14(projectRoot, file);
-      if (!resolve8(fullPath).startsWith(resolve8(projectRoot))) {
+      const fullPath = join15(projectRoot, file);
+      if (!resolve9(fullPath).startsWith(resolve9(projectRoot))) {
         skippedFiles++;
         continue;
       }
@@ -6913,7 +7263,7 @@ async function parseProject(projectRoot, options) {
 
 // src/cross-language/detectors/rest-api.ts
 import { readFileSync as readFileSync12 } from "fs";
-import { join as join15, resolve as resolve9 } from "path";
+import { join as join16, resolve as resolve10 } from "path";
 function getLanguage(filePath) {
   if (filePath.endsWith(".ts") || filePath.endsWith(".tsx")) return "typescript";
   if (filePath.endsWith(".js") || filePath.endsWith(".jsx") || filePath.endsWith(".mjs") || filePath.endsWith(".cjs")) return "javascript";
@@ -6924,6 +7274,7 @@ function getLanguage(filePath) {
   if (filePath.endsWith(".kt") || filePath.endsWith(".kts")) return "kotlin";
   if (filePath.endsWith(".php")) return "php";
   if (filePath.endsWith(".swift")) return "swift";
+  if (filePath.endsWith(".mojo") || filePath.endsWith(".\u{1F525}")) return "mojo";
   if (filePath.endsWith(".cpp") || filePath.endsWith(".cc") || filePath.endsWith(".cxx") || filePath.endsWith(".c++") || filePath.endsWith(".hpp") || filePath.endsWith(".hh") || filePath.endsWith(".hxx") || filePath.endsWith(".h++") || filePath.endsWith(".h") || filePath.endsWith(".inl") || filePath.endsWith(".ipp")) return "cpp";
   return "unknown";
 }
@@ -7382,6 +7733,34 @@ function extractRouteDefinitions(source, filePath) {
         });
       }
     }
+    if (lang === "mojo") {
+      const pythonMatch = line.match(/@(?:app|router)\s*\.\s*(get|post|put|delete|patch)\s*\(\s*(['"])([^'"]+)\2/i);
+      if (pythonMatch) {
+        const path6 = pythonMatch[3];
+        if (path6.startsWith("/")) {
+          routes.push({
+            method: pythonMatch[1].toUpperCase(),
+            path: path6,
+            normalizedPath: normalizePath(path6),
+            file: filePath,
+            line: i + 1
+          });
+        }
+      }
+      const mojoHttpMatch = line.match(/(?:server|app)\s*\.\s*(?:route|handle)\s*\(\s*['"]([^'"]+)['"]\s*,\s*['"]?(GET|POST|PUT|DELETE|PATCH)['"]?/i);
+      if (mojoHttpMatch) {
+        const path6 = mojoHttpMatch[1];
+        if (path6.startsWith("/")) {
+          routes.push({
+            method: mojoHttpMatch[2].toUpperCase(),
+            path: path6,
+            normalizedPath: normalizePath(path6),
+            file: filePath,
+            line: i + 1
+          });
+        }
+      }
+    }
     if (lang === "cpp") {
       const crowMatch = line.match(/CROW_ROUTE\s*\(\s*\w+\s*,\s*"([^"]+)"/);
       if (crowMatch) {
@@ -7496,8 +7875,8 @@ function detectRestApiEdges(files, projectRoot) {
   const allCalls = [];
   const allRoutes = [];
   for (const file of files) {
-    const fullPath = join15(projectRoot, file.filePath);
-    if (!resolve9(fullPath).startsWith(resolve9(projectRoot))) continue;
+    const fullPath = join16(projectRoot, file.filePath);
+    if (!resolve10(fullPath).startsWith(resolve10(projectRoot))) continue;
     let source;
     try {
       source = readFileSync12(fullPath, "utf-8");
@@ -7601,7 +7980,7 @@ function detectRestApiEdges(files, projectRoot) {
 
 // src/cross-language/detectors/subprocess.ts
 import { readFileSync as readFileSync13 } from "fs";
-import { join as join16, resolve as resolve10, basename as basename8 } from "path";
+import { join as join17, resolve as resolve11, basename as basename9 } from "path";
 var SCRIPT_EXTENSIONS = [".py", ".js", ".ts", ".go", ".rs"];
 function getLanguage2(filePath) {
   if (filePath.endsWith(".ts") || filePath.endsWith(".tsx")) return "typescript";
@@ -7700,13 +8079,13 @@ function detectSubprocessEdges(files, projectRoot) {
   const knownFiles = new Set(files.map((f) => f.filePath));
   const basenameMap = /* @__PURE__ */ new Map();
   for (const f of files) {
-    const base = basename8(f.filePath);
+    const base = basename9(f.filePath);
     if (!basenameMap.has(base)) basenameMap.set(base, []);
     basenameMap.get(base).push(f.filePath);
   }
   for (const file of files) {
-    const fullPath = join16(projectRoot, file.filePath);
-    if (!resolve10(fullPath).startsWith(resolve10(projectRoot))) continue;
+    const fullPath = join17(projectRoot, file.filePath);
+    if (!resolve11(fullPath).startsWith(resolve11(projectRoot))) continue;
     let source;
     try {
       source = readFileSync13(fullPath, "utf-8");
@@ -7721,7 +8100,7 @@ function detectSubprocessEdges(files, projectRoot) {
         targetFile = call.calledFile;
         confidence = "high";
       } else {
-        const base = basename8(call.calledFile);
+        const base = basename9(call.calledFile);
         const candidates = basenameMap.get(base);
         if (candidates && candidates.length > 0) {
           const exactCandidate = candidates.find((c) => c.endsWith(call.calledFile));
@@ -8100,7 +8479,7 @@ function getArchitectureSummary(graph) {
 }
 
 // src/health/metrics.ts
-import { dirname as dirname13 } from "path";
+import { dirname as dirname14 } from "path";
 function scoreToGrade(score) {
   if (score >= 90) return "A";
   if (score >= 80) return "B";
@@ -8133,8 +8512,8 @@ function calculateCouplingScore(graph) {
       totalEdges++;
       fileConnections.set(sourceAttrs.filePath, (fileConnections.get(sourceAttrs.filePath) || 0) + 1);
       fileConnections.set(targetAttrs.filePath, (fileConnections.get(targetAttrs.filePath) || 0) + 1);
-      const sourceDir = dirname13(sourceAttrs.filePath).split("/")[0];
-      const targetDir = dirname13(targetAttrs.filePath).split("/")[0];
+      const sourceDir = dirname14(sourceAttrs.filePath).split("/")[0];
+      const targetDir = dirname14(targetAttrs.filePath).split("/")[0];
       if (sourceDir !== targetDir) {
         crossDirEdges++;
       }
@@ -8181,8 +8560,8 @@ function calculateCohesionScore(graph) {
     const sourceAttrs = graph.getNodeAttributes(source);
     const targetAttrs = graph.getNodeAttributes(target);
     if (sourceAttrs.filePath !== targetAttrs.filePath) {
-      const sourceDir = dirname13(sourceAttrs.filePath);
-      const targetDir = dirname13(targetAttrs.filePath);
+      const sourceDir = dirname14(sourceAttrs.filePath);
+      const targetDir = dirname14(targetAttrs.filePath);
       if (!dirEdges.has(sourceDir)) {
         dirEdges.set(sourceDir, { internal: 0, total: 0 });
       }
@@ -8465,7 +8844,7 @@ function calculateDepthScore(graph) {
 
 // src/health/index.ts
 import { readFileSync as readFileSync14, writeFileSync, existsSync as existsSync14, mkdirSync } from "fs";
-import { dirname as dirname14, resolve as resolve11 } from "path";
+import { dirname as dirname15, resolve as resolve12 } from "path";
 function calculateHealthScore(graph, projectRoot) {
   const coupling = calculateCouplingScore(graph);
   const cohesion = calculateCohesionScore(graph);
@@ -8564,8 +8943,8 @@ function getHealthTrend(projectRoot, currentScore) {
   }
 }
 function saveHealthHistory(projectRoot, report) {
-  const resolvedRoot = resolve11(projectRoot);
-  const historyFile = resolve11(resolvedRoot, ".depwire", "health-history.json");
+  const resolvedRoot = resolve12(projectRoot);
+  const historyFile = resolve12(resolvedRoot, ".depwire", "health-history.json");
   if (!historyFile.startsWith(resolvedRoot)) {
     return;
   }
@@ -8592,13 +8971,13 @@ function saveHealthHistory(projectRoot, report) {
   if (history.length > 50) {
     history = history.slice(-50);
   }
-  mkdirSync(dirname14(historyFile), { recursive: true });
+  mkdirSync(dirname15(historyFile), { recursive: true });
   if (!historyFile.startsWith(resolvedRoot)) return;
   writeFileSync(historyFile, JSON.stringify(history, null, 2), "utf-8");
 }
 function loadHealthHistory(projectRoot) {
-  const resolvedRoot = resolve11(projectRoot);
-  const historyFile = resolve11(resolvedRoot, ".depwire", "health-history.json");
+  const resolvedRoot = resolve12(projectRoot);
+  const historyFile = resolve12(resolvedRoot, ".depwire", "health-history.json");
   if (!historyFile.startsWith(resolvedRoot) || !existsSync14(historyFile)) {
     return [];
   }
@@ -8813,6 +9192,9 @@ function shouldExclude(attrs, context, includeTests, packageEntryPoints) {
   if (isSwiftExcluded(attrs)) {
     return "framework";
   }
+  if (isMojoExcluded(attrs)) {
+    return "framework";
+  }
   return null;
 }
 function isRealPackageEntryPoint(filePath, packageEntryPoints) {
@@ -8982,6 +9364,49 @@ function isSwiftExcluded(attrs) {
   if (name.startsWith("test") || name === "setUp" || name === "tearDown" || name === "setUpWithError" || name === "tearDownWithError") return true;
   return false;
 }
+function isMojoExcluded(attrs) {
+  const filePath = attrs.file || attrs.filePath || "";
+  const name = attrs.name || "";
+  if (!filePath.endsWith(".mojo") && !filePath.endsWith(".\u{1F525}")) return false;
+  const lifecycleMethods = [
+    "__init__",
+    "__copyinit__",
+    "__moveinit__",
+    "__del__",
+    "__enter__",
+    "__exit__"
+  ];
+  if (lifecycleMethods.includes(name)) return true;
+  const traitMethods = [
+    "__str__",
+    "__repr__",
+    "__len__",
+    "__getitem__",
+    "__setitem__",
+    "__eq__",
+    "__ne__",
+    "__lt__",
+    "__le__",
+    "__gt__",
+    "__ge__",
+    "__add__",
+    "__sub__",
+    "__mul__",
+    "__truediv__",
+    "__floordiv__",
+    "__hash__",
+    "__bool__",
+    "__int__",
+    "__float__",
+    "__iter__",
+    "__next__",
+    "__contains__"
+  ];
+  if (traitMethods.includes(name)) return true;
+  if (name.startsWith("__mlir_") || name.startsWith("_mlir_")) return true;
+  if (name === "main") return true;
+  return false;
+}
 
 // src/dead-code/classifier.ts
 import path3 from "path";
@@ -9048,8 +9473,8 @@ function generateReason(symbol, confidence) {
   return "Potentially unused";
 }
 function isBarrelFile(filePath) {
-  const basename12 = path3.basename(filePath);
-  return basename12 === "index.ts" || basename12 === "index.js";
+  const basename13 = path3.basename(filePath);
+  return basename13 === "index.ts" || basename13 === "index.js";
 }
 function isTestFile2(filePath) {
   return filePath.includes("__tests__/") || filePath.includes(".test.") || filePath.includes(".spec.") || filePath.includes("/test/") || filePath.includes("/tests/");
@@ -9229,10 +9654,10 @@ function filterByConfidence(symbols, minConfidence) {
 
 // src/docs/generator.ts
 import { writeFileSync as writeFileSync3, mkdirSync as mkdirSync2, existsSync as existsSync18 } from "fs";
-import { join as join20 } from "path";
+import { join as join21 } from "path";
 
 // src/docs/architecture.ts
-import { dirname as dirname15 } from "path";
+import { dirname as dirname16 } from "path";
 
 // src/docs/templates.ts
 function header(text, level = 1) {
@@ -9383,7 +9808,7 @@ function generateModuleStructure(graph) {
 function getDirectoryStats(graph) {
   const dirMap = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname15(attrs.filePath);
+    const dir = dirname16(attrs.filePath);
     if (dir === ".") return;
     if (!dirMap.has(dir)) {
       dirMap.set(dir, {
@@ -9408,7 +9833,7 @@ function getDirectoryStats(graph) {
   });
   const filesPerDir = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname15(attrs.filePath);
+    const dir = dirname16(attrs.filePath);
     if (!filesPerDir.has(dir)) {
       filesPerDir.set(dir, /* @__PURE__ */ new Set());
     }
@@ -9423,8 +9848,8 @@ function getDirectoryStats(graph) {
   graph.forEachEdge((edge, attrs, source, target) => {
     const sourceAttrs = graph.getNodeAttributes(source);
     const targetAttrs = graph.getNodeAttributes(target);
-    const sourceDir = dirname15(sourceAttrs.filePath);
-    const targetDir = dirname15(targetAttrs.filePath);
+    const sourceDir = dirname16(sourceAttrs.filePath);
+    const targetDir = dirname16(targetAttrs.filePath);
     if (sourceDir !== targetDir) {
       if (!dirEdges.has(sourceDir)) {
         dirEdges.set(sourceDir, { in: 0, out: 0 });
@@ -9631,7 +10056,7 @@ function detectCycles(graph) {
 }
 
 // src/docs/conventions.ts
-import { basename as basename9, extname as extname10 } from "path";
+import { basename as basename10, extname as extname11 } from "path";
 function generateConventions(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -9669,7 +10094,7 @@ function generateFileOrganization(graph) {
   graph.forEachNode((node, attrs) => {
     if (!files.has(attrs.filePath)) {
       files.add(attrs.filePath);
-      const fileName = basename9(attrs.filePath);
+      const fileName = basename10(attrs.filePath);
       if (fileName === "index.ts" || fileName === "index.js" || fileName === "index.tsx" || fileName === "index.jsx") {
         barrelFileCount++;
       }
@@ -9728,7 +10153,7 @@ function generateNamingPatterns(graph) {
   graph.forEachNode((node, attrs) => {
     if (!files.has(attrs.filePath)) {
       files.add(attrs.filePath);
-      const fileName = basename9(attrs.filePath, extname10(attrs.filePath));
+      const fileName = basename10(attrs.filePath, extname11(attrs.filePath));
       if (isCamelCase(fileName)) patterns.files.camelCase++;
       else if (isPascalCase(fileName)) patterns.files.PascalCase++;
       else if (isKebabCase(fileName)) patterns.files.kebabCase++;
@@ -10405,7 +10830,7 @@ function detectCyclesDetailed(graph) {
 }
 
 // src/docs/onboarding.ts
-import { dirname as dirname16 } from "path";
+import { dirname as dirname17 } from "path";
 function generateOnboarding(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -10464,7 +10889,7 @@ function generateQuickOrientation(graph) {
   const primaryLang = Object.entries(languages2).sort((a, b) => b[1] - a[1])[0];
   const dirs = /* @__PURE__ */ new Set();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname16(attrs.filePath);
+    const dir = dirname17(attrs.filePath);
     if (dir !== ".") {
       const topLevel = dir.split("/")[0];
       dirs.add(topLevel);
@@ -10568,7 +10993,7 @@ function generateModuleMap(graph) {
 function getDirectoryStats2(graph) {
   const dirMap = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname16(attrs.filePath);
+    const dir = dirname17(attrs.filePath);
     if (dir === ".") return;
     if (!dirMap.has(dir)) {
       dirMap.set(dir, {
@@ -10583,7 +11008,7 @@ function getDirectoryStats2(graph) {
   });
   const filesPerDir = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname16(attrs.filePath);
+    const dir = dirname17(attrs.filePath);
     if (!filesPerDir.has(dir)) {
       filesPerDir.set(dir, /* @__PURE__ */ new Set());
     }
@@ -10598,8 +11023,8 @@ function getDirectoryStats2(graph) {
   graph.forEachEdge((edge, attrs, source, target) => {
     const sourceAttrs = graph.getNodeAttributes(source);
     const targetAttrs = graph.getNodeAttributes(target);
-    const sourceDir = dirname16(sourceAttrs.filePath);
-    const targetDir = dirname16(targetAttrs.filePath);
+    const sourceDir = dirname17(sourceAttrs.filePath);
+    const targetDir = dirname17(targetAttrs.filePath);
     if (sourceDir !== targetDir) {
       if (!dirEdges.has(sourceDir)) {
         dirEdges.set(sourceDir, { in: 0, out: 0 });
@@ -10680,7 +11105,7 @@ function detectClusters(graph) {
   const dirFiles = /* @__PURE__ */ new Map();
   const fileEdges = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname16(attrs.filePath);
+    const dir = dirname17(attrs.filePath);
     if (!dirFiles.has(dir)) {
       dirFiles.set(dir, /* @__PURE__ */ new Set());
     }
@@ -10734,8 +11159,8 @@ function inferClusterName(files) {
   if (sortedWords.length > 0 && sortedWords[0][1] > 1) {
     return capitalizeFirst2(sortedWords[0][0]);
   }
-  const commonDir = dirname16(files[0]);
-  if (files.every((f) => dirname16(f) === commonDir)) {
+  const commonDir = dirname17(files[0]);
+  if (files.every((f) => dirname17(f) === commonDir)) {
     return capitalizeFirst2(commonDir.split("/").pop() || "Core");
   }
   return "Core";
@@ -10793,7 +11218,7 @@ function generateDepwireUsage(projectRoot) {
 }
 
 // src/docs/files.ts
-import { dirname as dirname17, basename as basename10 } from "path";
+import { dirname as dirname18, basename as basename11 } from "path";
 function generateFiles(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -10897,7 +11322,7 @@ function generateDirectoryBreakdown(graph) {
   const fileStats = getFileStats2(graph);
   const dirMap = /* @__PURE__ */ new Map();
   for (const file of fileStats) {
-    const dir = dirname17(file.filePath);
+    const dir = dirname18(file.filePath);
     const topDir = dir === "." ? "." : dir.split("/")[0];
     if (!dirMap.has(topDir)) {
       dirMap.set(topDir, {
@@ -10912,7 +11337,7 @@ function generateDirectoryBreakdown(graph) {
     dirStats.symbolCount += file.symbolCount;
     if (file.totalConnections > dirStats.maxConnections) {
       dirStats.maxConnections = file.totalConnections;
-      dirStats.mostConnectedFile = basename10(file.filePath);
+      dirStats.mostConnectedFile = basename11(file.filePath);
     }
   }
   if (dirMap.size === 0) {
@@ -11540,7 +11965,7 @@ function generateRecommendations(graph) {
 }
 
 // src/docs/tests.ts
-import { basename as basename11, dirname as dirname18 } from "path";
+import { basename as basename12, dirname as dirname19 } from "path";
 function generateTests(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -11568,8 +11993,8 @@ function getFileCount8(graph) {
   return files.size;
 }
 function isTestFile3(filePath) {
-  const fileName = basename11(filePath).toLowerCase();
-  const dirPath = dirname18(filePath).toLowerCase();
+  const fileName = basename12(filePath).toLowerCase();
+  const dirPath = dirname19(filePath).toLowerCase();
   if (dirPath.includes("test") || dirPath.includes("spec") || dirPath.includes("__tests__")) {
     return true;
   }
@@ -11627,13 +12052,13 @@ function generateTestFileInventory(graph) {
   return output;
 }
 function matchTestToSource(testFile) {
-  const testFileName = basename11(testFile);
-  const testDir = dirname18(testFile);
+  const testFileName = basename12(testFile);
+  const testDir = dirname19(testFile);
   let sourceFileName = testFileName.replace(/\.test\./g, ".").replace(/\.spec\./g, ".").replace(/_test\./g, ".").replace(/_spec\./g, ".");
   const possiblePaths = [];
   possiblePaths.push(testDir + "/" + sourceFileName);
   if (testDir.endsWith("/test") || testDir.endsWith("/tests") || testDir.endsWith("/__tests__")) {
-    const parentDir = dirname18(testDir);
+    const parentDir = dirname19(testDir);
     possiblePaths.push(parentDir + "/" + sourceFileName);
   }
   if (testDir.includes("test")) {
@@ -11789,7 +12214,7 @@ function generateTestCoverageMap(graph) {
   const rows = mappings.slice(0, 30).map((m) => [
     `\`${m.sourceFile}\``,
     m.hasTest ? "\u2705" : "\u274C",
-    m.testFile ? `\`${basename11(m.testFile)}\`` : "-",
+    m.testFile ? `\`${basename12(m.testFile)}\`` : "-",
     formatNumber(m.symbolCount)
   ]);
   let output = table(headers, rows);
@@ -11830,7 +12255,7 @@ function generateTestStatistics(graph) {
 `;
   const dirTestCoverage = /* @__PURE__ */ new Map();
   for (const sourceFile of sourceFiles) {
-    const dir = dirname18(sourceFile).split("/")[0];
+    const dir = dirname19(sourceFile).split("/")[0];
     if (!dirTestCoverage.has(dir)) {
       dirTestCoverage.set(dir, { total: 0, tested: 0 });
     }
@@ -11853,7 +12278,7 @@ function generateTestStatistics(graph) {
 }
 
 // src/docs/history.ts
-import { dirname as dirname19 } from "path";
+import { dirname as dirname20 } from "path";
 import { execSync } from "child_process";
 function generateHistory(graph, projectRoot, version) {
   let output = "";
@@ -12134,7 +12559,7 @@ function generateFeatureClusters(graph) {
   const dirFiles = /* @__PURE__ */ new Map();
   const fileEdges = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname19(attrs.filePath);
+    const dir = dirname20(attrs.filePath);
     if (!dirFiles.has(dir)) {
       dirFiles.set(dir, /* @__PURE__ */ new Set());
     }
@@ -12216,7 +12641,7 @@ function capitalizeFirst3(str) {
 }
 
 // src/docs/current.ts
-import { dirname as dirname20 } from "path";
+import { dirname as dirname21 } from "path";
 function generateCurrent(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -12354,7 +12779,7 @@ function generateCompleteFileIndex(graph) {
   fileInfos.sort((a, b) => a.filePath.localeCompare(b.filePath));
   const dirGroups = /* @__PURE__ */ new Map();
   for (const info of fileInfos) {
-    const dir = dirname20(info.filePath);
+    const dir = dirname21(info.filePath);
     const topDir = dir === "." ? "root" : dir.split("/")[0];
     if (!dirGroups.has(topDir)) {
       dirGroups.set(topDir, []);
@@ -12566,7 +12991,7 @@ function getTopLevelDir2(filePath) {
 
 // src/docs/status.ts
 import { readFileSync as readFileSync16, existsSync as existsSync16 } from "fs";
-import { resolve as resolve12 } from "path";
+import { resolve as resolve13 } from "path";
 function generateStatus(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -12599,8 +13024,8 @@ function getFileCount11(graph) {
 }
 function extractComments(projectRoot, filePath) {
   const comments = [];
-  const resolvedRoot = resolve12(projectRoot);
-  const fullPath = resolve12(resolvedRoot, filePath);
+  const resolvedRoot = resolve13(projectRoot);
+  const fullPath = resolve13(resolvedRoot, filePath);
   if (!fullPath.startsWith(resolvedRoot)) {
     return comments;
   }
@@ -13188,10 +13613,10 @@ function generateConfidenceSection(title, description, symbols, projectRoot) {
 
 // src/docs/metadata.ts
 import { existsSync as existsSync17, readFileSync as readFileSync17, writeFileSync as writeFileSync2 } from "fs";
-import { resolve as resolve13 } from "path";
+import { resolve as resolve14 } from "path";
 function loadMetadata(outputDir) {
-  const resolvedDir = resolve13(outputDir);
-  const metadataPath = resolve13(resolvedDir, "metadata.json");
+  const resolvedDir = resolve14(outputDir);
+  const metadataPath = resolve14(resolvedDir, "metadata.json");
   if (!metadataPath.startsWith(resolvedDir) || !existsSync17(metadataPath)) {
     return null;
   }
@@ -13204,8 +13629,8 @@ function loadMetadata(outputDir) {
   }
 }
 function saveMetadata(outputDir, metadata) {
-  const resolvedDir = resolve13(outputDir);
-  const metadataPath = resolve13(resolvedDir, "metadata.json");
+  const resolvedDir = resolve14(outputDir);
+  const metadataPath = resolve14(resolvedDir, "metadata.json");
   if (!metadataPath.startsWith(resolvedDir)) {
     throw new Error(`Path traversal attempt blocked: ${metadataPath}`);
   }
@@ -13290,7 +13715,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating ARCHITECTURE.md...");
           const content = generateArchitecture(graph, projectRoot, version, parseTime);
-          const filePath = join20(options.outputDir, "ARCHITECTURE.md");
+          const filePath = join21(options.outputDir, "ARCHITECTURE.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("ARCHITECTURE.md");
         } catch (err) {
@@ -13301,7 +13726,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating CONVENTIONS.md...");
           const content = generateConventions(graph, projectRoot, version);
-          const filePath = join20(options.outputDir, "CONVENTIONS.md");
+          const filePath = join21(options.outputDir, "CONVENTIONS.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("CONVENTIONS.md");
         } catch (err) {
@@ -13312,7 +13737,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating DEPENDENCIES.md...");
           const content = generateDependencies(graph, projectRoot, version);
-          const filePath = join20(options.outputDir, "DEPENDENCIES.md");
+          const filePath = join21(options.outputDir, "DEPENDENCIES.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("DEPENDENCIES.md");
         } catch (err) {
@@ -13323,7 +13748,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating ONBOARDING.md...");
           const content = generateOnboarding(graph, projectRoot, version);
-          const filePath = join20(options.outputDir, "ONBOARDING.md");
+          const filePath = join21(options.outputDir, "ONBOARDING.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("ONBOARDING.md");
         } catch (err) {
@@ -13334,7 +13759,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating FILES.md...");
           const content = generateFiles(graph, projectRoot, version);
-          const filePath = join20(options.outputDir, "FILES.md");
+          const filePath = join21(options.outputDir, "FILES.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("FILES.md");
         } catch (err) {
@@ -13345,7 +13770,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating API_SURFACE.md...");
           const content = generateApiSurface(graph, projectRoot, version);
-          const filePath = join20(options.outputDir, "API_SURFACE.md");
+          const filePath = join21(options.outputDir, "API_SURFACE.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("API_SURFACE.md");
         } catch (err) {
@@ -13356,7 +13781,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating ERRORS.md...");
           const content = generateErrors(graph, projectRoot, version);
-          const filePath = join20(options.outputDir, "ERRORS.md");
+          const filePath = join21(options.outputDir, "ERRORS.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("ERRORS.md");
         } catch (err) {
@@ -13367,7 +13792,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating TESTS.md...");
           const content = generateTests(graph, projectRoot, version);
-          const filePath = join20(options.outputDir, "TESTS.md");
+          const filePath = join21(options.outputDir, "TESTS.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("TESTS.md");
         } catch (err) {
@@ -13378,7 +13803,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating HISTORY.md...");
           const content = generateHistory(graph, projectRoot, version);
-          const filePath = join20(options.outputDir, "HISTORY.md");
+          const filePath = join21(options.outputDir, "HISTORY.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("HISTORY.md");
         } catch (err) {
@@ -13389,7 +13814,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating CURRENT.md...");
           const content = generateCurrent(graph, projectRoot, version);
-          const filePath = join20(options.outputDir, "CURRENT.md");
+          const filePath = join21(options.outputDir, "CURRENT.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("CURRENT.md");
         } catch (err) {
@@ -13400,7 +13825,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating STATUS.md...");
           const content = generateStatus(graph, projectRoot, version);
-          const filePath = join20(options.outputDir, "STATUS.md");
+          const filePath = join21(options.outputDir, "STATUS.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("STATUS.md");
         } catch (err) {
@@ -13411,7 +13836,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating HEALTH.md...");
           const content = generateHealth(graph, projectRoot, version);
-          const filePath = join20(options.outputDir, "HEALTH.md");
+          const filePath = join21(options.outputDir, "HEALTH.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("HEALTH.md");
         } catch (err) {
@@ -13422,7 +13847,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating DEAD_CODE.md...");
           const content = generateDeadCode(graph, projectRoot, version);
-          const filePath = join20(options.outputDir, "DEAD_CODE.md");
+          const filePath = join21(options.outputDir, "DEAD_CODE.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("DEAD_CODE.md");
         } catch (err) {
@@ -13466,7 +13891,7 @@ function getFileCount13(graph) {
 }
 
 // src/simulation/engine.ts
-import { dirname as dirname21, join as join21 } from "path";
+import { dirname as dirname22, join as join22 } from "path";
 function normalizePath2(p) {
   return p.replace(/^\.\//, "").replace(/\/+$/, "");
 }
@@ -13598,7 +14023,7 @@ var SimulationEngine = class {
     }
   }
   applyRename(clone, target, newName, brokenImports) {
-    const destination = join21(dirname21(target), newName);
+    const destination = join22(dirname22(target), newName);
     this.applyMove(clone, target, destination, brokenImports);
   }
   applySplit(clone, target, newFile, symbols, brokenImports) {
@@ -13799,12 +14224,12 @@ var SimulationEngine = class {
 
 // src/security/scanner.ts
 import { existsSync as existsSync20 } from "fs";
-import { join as join31 } from "path";
+import { join as join32 } from "path";
 
 // src/security/checks/dependencies.ts
 import { execSync as execSync2 } from "child_process";
 import { existsSync as existsSync19, readFileSync as readFileSync18, readdirSync as readdirSync11 } from "fs";
-import { join as join22 } from "path";
+import { join as join23 } from "path";
 function cvssToSeverity(score) {
   if (score >= 9) return "critical";
   if (score >= 7) return "high";
@@ -13814,18 +14239,18 @@ function cvssToSeverity(score) {
 async function checkDependencies(_files, projectRoot) {
   const findings = [];
   try {
-    if (existsSync19(join22(projectRoot, "package.json"))) {
+    if (existsSync19(join23(projectRoot, "package.json"))) {
       findings.push(...checkNpmAudit(projectRoot));
       findings.push(...checkPackageJsonPatterns(projectRoot));
       findings.push(...checkPostinstallScripts(projectRoot));
     }
-    if (existsSync19(join22(projectRoot, "requirements.txt")) || existsSync19(join22(projectRoot, "pyproject.toml"))) {
+    if (existsSync19(join23(projectRoot, "requirements.txt")) || existsSync19(join23(projectRoot, "pyproject.toml"))) {
       findings.push(...checkPipAudit(projectRoot));
     }
-    if (existsSync19(join22(projectRoot, "Cargo.toml"))) {
+    if (existsSync19(join23(projectRoot, "Cargo.toml"))) {
       findings.push(...checkCargoAudit(projectRoot));
     }
-    if (existsSync19(join22(projectRoot, "go.mod"))) {
+    if (existsSync19(join23(projectRoot, "go.mod"))) {
       findings.push(...checkGoVerify(projectRoot));
     }
   } catch (err) {
@@ -13914,7 +14339,7 @@ function checkNpmAudit(projectRoot) {
 function checkPackageJsonPatterns(projectRoot) {
   const findings = [];
   try {
-    const pkgPath = join22(projectRoot, "package.json");
+    const pkgPath = join23(projectRoot, "package.json");
     const pkg = JSON.parse(readFileSync18(pkgPath, "utf-8"));
     const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
     for (const [name, version] of Object.entries(allDeps)) {
@@ -13937,12 +14362,12 @@ function checkPackageJsonPatterns(projectRoot) {
 }
 function checkPostinstallScripts(projectRoot) {
   const findings = [];
-  const nodeModules = join22(projectRoot, "node_modules");
+  const nodeModules = join23(projectRoot, "node_modules");
   if (!existsSync19(nodeModules)) return findings;
   try {
     const topLevelDeps = readdirSync11(nodeModules).filter((d) => !d.startsWith("."));
     for (const dep of topLevelDeps) {
-      const depPkgPath = join22(nodeModules, dep, "package.json");
+      const depPkgPath = join23(nodeModules, dep, "package.json");
       if (!existsSync19(depPkgPath)) continue;
       try {
         const depPkg = JSON.parse(readFileSync18(depPkgPath, "utf-8"));
@@ -13983,7 +14408,7 @@ function checkPipAudit(projectRoot) {
         id: "",
         severity: cvssToSeverity(vuln.cvss?.score || 5),
         vulnerabilityClass: "dependency-cve",
-        file: existsSync19(join22(projectRoot, "requirements.txt")) ? "requirements.txt" : "pyproject.toml",
+        file: existsSync19(join23(projectRoot, "requirements.txt")) ? "requirements.txt" : "pyproject.toml",
         title: `Vulnerable Python dependency: ${vuln.name}`,
         description: `${vuln.name}@${vuln.version} \u2014 ${vuln.id}: ${vuln.description || "Known vulnerability"}`,
         attackScenario: `An attacker could exploit the vulnerability in ${vuln.name}.`,
@@ -14081,7 +14506,7 @@ function checkGoVerify(projectRoot) {
 
 // src/security/checks/injection.ts
 import { readFileSync as readFileSync19 } from "fs";
-import { join as join23 } from "path";
+import { join as join24 } from "path";
 var SKIP_DIRS = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 var TEST_PATTERNS = ["test", "spec", "fixture", "mock", "__tests__", "__mocks__"];
 var USER_INPUT_NAMES = /(?:input|user|name|path|query|branch|hash|cmd|command|req\.|params|body|args|url|dir|file|subdirectory)/i;
@@ -14405,6 +14830,52 @@ var PATTERNS = [
     description: "Sensitive data stored in UserDefaults without encryption \u2014 easily accessible on jailbroken devices.",
     attackScenario: "An attacker with device access could read UserDefaults plist to extract credentials.",
     suggestedFix: "Use Keychain Services for storing sensitive data. Never store passwords or tokens in UserDefaults."
+  },
+  // Mojo injection patterns
+  {
+    regex: /\bPointer\s*\[\s*\w+\s*\]/,
+    title: "Mojo unsafe Pointer[T] usage",
+    vulnClass: "code-injection",
+    baseSeverity: "medium",
+    description: "Mojo Pointer[T] bypasses memory safety \u2014 potential for memory corruption or buffer overflow.",
+    attackScenario: "An attacker could exploit unsafe pointer operations to corrupt memory or execute arbitrary code.",
+    suggestedFix: "Use safe Mojo abstractions (SIMD, Tensor) instead of raw pointers where possible. Validate bounds."
+  },
+  {
+    regex: /\bDTypePointer\b/,
+    title: "Mojo unsafe DTypePointer usage",
+    vulnClass: "code-injection",
+    baseSeverity: "medium",
+    description: "DTypePointer provides raw memory access without bounds checking.",
+    attackScenario: "An attacker could exploit unvalidated pointer operations for buffer overflow or memory corruption.",
+    suggestedFix: "Use Tensor or SIMD types with bounds checking instead of raw DTypePointer."
+  },
+  {
+    regex: /from\s+python\s+import.*\beval\b/,
+    title: "Mojo Python interop: eval() imported",
+    vulnClass: "code-injection",
+    baseSeverity: "high",
+    description: "Python eval() imported via Mojo Python interop \u2014 can execute arbitrary code.",
+    attackScenario: "An attacker could inject malicious code strings executed through the Python bridge.",
+    suggestedFix: "Avoid importing eval. Use safe parsing alternatives or validate all input strictly."
+  },
+  {
+    regex: /\b__get_address_as_lvalue\b/,
+    title: "Mojo uninitialized memory access pattern",
+    vulnClass: "code-injection",
+    baseSeverity: "medium",
+    description: "Low-level memory access without initialization \u2014 potential for use of uninitialized data.",
+    attackScenario: "An attacker could exploit uninitialized memory to leak data or corrupt program state.",
+    suggestedFix: "Always initialize memory before use. Use safe constructors and value semantics."
+  },
+  {
+    regex: /SIMD\s*\[[^\]]*\]\s*\.\s*(?:store|load)\s*\(/,
+    title: "Mojo SIMD store/load without bounds check",
+    vulnClass: "code-injection",
+    baseSeverity: "medium",
+    description: "SIMD store/load operations without explicit bounds checking \u2014 buffer overflow risk.",
+    attackScenario: "An attacker could trigger out-of-bounds SIMD operations to corrupt memory.",
+    suggestedFix: "Validate buffer size against SIMD width before store/load operations."
   }
 ];
 function shouldSkip(filePath) {
@@ -14421,7 +14892,7 @@ async function checkInjection(files, projectRoot) {
       if (shouldSkip(file.filePath) || isTestFile4(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync19(join23(projectRoot, file.filePath), "utf-8");
+        content = readFileSync19(join24(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -14460,7 +14931,7 @@ async function checkInjection(files, projectRoot) {
 
 // src/security/checks/secrets.ts
 import { readFileSync as readFileSync20 } from "fs";
-import { join as join24 } from "path";
+import { join as join25 } from "path";
 var SKIP_DIRS2 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 var TEST_PATTERNS2 = ["test", "spec", "fixture", "mock", "__tests__", "__mocks__", ".example", ".sample"];
 var SECRET_PATTERNS = [
@@ -14493,7 +14964,7 @@ async function checkSecrets(files, projectRoot) {
       if (shouldSkip2(file.filePath) || isTestFile5(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync20(join24(projectRoot, file.filePath), "utf-8");
+        content = readFileSync20(join25(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -14527,7 +14998,7 @@ async function checkSecrets(files, projectRoot) {
 
 // src/security/checks/path-traversal.ts
 import { readFileSync as readFileSync21 } from "fs";
-import { join as join25 } from "path";
+import { join as join26 } from "path";
 var SKIP_DIRS3 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 var USER_INPUT_VARS = /(?:req\.|params|query|body|input|path|dir|subdirectory|file|userInput|fileName|filePath)/i;
 var PATTERNS2 = [
@@ -14574,7 +15045,7 @@ async function checkPathTraversal(files, projectRoot) {
       if (shouldSkip3(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync21(join25(projectRoot, file.filePath), "utf-8");
+        content = readFileSync21(join26(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -14617,7 +15088,7 @@ async function checkPathTraversal(files, projectRoot) {
 
 // src/security/checks/auth.ts
 import { readFileSync as readFileSync22 } from "fs";
-import { join as join26 } from "path";
+import { join as join27 } from "path";
 var SKIP_DIRS4 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 function shouldSkip4(filePath) {
   return SKIP_DIRS4.some((d) => filePath.includes(d));
@@ -14633,7 +15104,7 @@ async function checkAuth(files, projectRoot) {
       if (shouldSkip4(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync22(join26(projectRoot, file.filePath), "utf-8");
+        content = readFileSync22(join27(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -14725,7 +15196,7 @@ async function checkAuth(files, projectRoot) {
 
 // src/security/checks/input-validation.ts
 import { readFileSync as readFileSync23 } from "fs";
-import { join as join27 } from "path";
+import { join as join28 } from "path";
 var SKIP_DIRS5 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 function shouldSkip5(filePath) {
   return SKIP_DIRS5.some((d) => filePath.includes(d));
@@ -14737,7 +15208,7 @@ async function checkInputValidation(files, projectRoot) {
       if (shouldSkip5(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync23(join27(projectRoot, file.filePath), "utf-8");
+        content = readFileSync23(join28(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -14815,7 +15286,7 @@ async function checkInputValidation(files, projectRoot) {
 
 // src/security/checks/information-disclosure.ts
 import { readFileSync as readFileSync24 } from "fs";
-import { join as join28 } from "path";
+import { join as join29 } from "path";
 var SKIP_DIRS6 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 function shouldSkip6(filePath) {
   return SKIP_DIRS6.some((d) => filePath.includes(d));
@@ -14827,7 +15298,7 @@ async function checkInformationDisclosure(files, projectRoot) {
       if (shouldSkip6(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync24(join28(projectRoot, file.filePath), "utf-8");
+        content = readFileSync24(join29(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -14898,7 +15369,7 @@ async function checkInformationDisclosure(files, projectRoot) {
 
 // src/security/checks/cryptography.ts
 import { readFileSync as readFileSync25 } from "fs";
-import { join as join29 } from "path";
+import { join as join30 } from "path";
 var SKIP_DIRS7 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 var USER_INPUT_NAMES2 = /(?:input|user|name|path|query|param|request|body|args|url)/i;
 function shouldSkip7(filePath) {
@@ -14915,7 +15386,7 @@ async function checkCryptography(files, projectRoot) {
       if (shouldSkip7(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync25(join29(projectRoot, file.filePath), "utf-8");
+        content = readFileSync25(join30(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -15251,6 +15722,47 @@ async function checkCryptography(files, projectRoot) {
             suggestedFix: "Use HTTPS for all external URLs to ensure data confidentiality and integrity."
           });
         }
+        if (/from\s+python\s+import\s+random/.test(line)) {
+          findings.push({
+            id: "",
+            severity: "medium",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "Mojo weak random via Python random module",
+            description: "Python random module imported via Mojo interop \u2014 not cryptographically secure.",
+            attackScenario: "An attacker could predict random values to forge tokens or bypass security checks.",
+            suggestedFix: "Use Python secrets module through interop, or implement CSPRNG natively in Mojo."
+          });
+        }
+        if (/\balias\s+(?:key|secret|password|token|api_key)\s*[=:]\s*["'][^"']{4,}["']/i.test(line)) {
+          findings.push({
+            id: "",
+            severity: "high",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "Hardcoded credentials in Mojo alias declaration",
+            description: "A secret, key, or password is hardcoded in a compile-time alias \u2014 visible in source.",
+            attackScenario: "An attacker with access to source or compiled binary could extract the credential.",
+            suggestedFix: "Load credentials from environment variables at runtime instead of alias declarations."
+          });
+        }
+        if (/from\s+python\s+import\s+hashlib/.test(line)) {
+          if (isCryptoFile) {
+            findings.push({
+              id: "",
+              severity: "medium",
+              vulnerabilityClass: "cryptography",
+              file: file.filePath,
+              line: i + 1,
+              title: "Mojo Python hashlib imported in security context",
+              description: "Python hashlib imported via interop \u2014 ensure only strong algorithms (SHA-256+) are used.",
+              attackScenario: "If MD5 or SHA-1 from hashlib is used, an attacker could exploit weak hash collisions.",
+              suggestedFix: "Only use hashlib.sha256() or stronger. Avoid md5() and sha1() for security purposes."
+            });
+          }
+        }
       }
     }
   } catch {
@@ -15260,7 +15772,7 @@ async function checkCryptography(files, projectRoot) {
 
 // src/security/checks/frontend.ts
 import { readFileSync as readFileSync26 } from "fs";
-import { join as join30 } from "path";
+import { join as join31 } from "path";
 var SKIP_DIRS8 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 function shouldSkip8(filePath) {
   return SKIP_DIRS8.some((d) => filePath.includes(d));
@@ -15276,7 +15788,7 @@ async function checkFrontend(files, projectRoot) {
       if (!isFrontendFile(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync26(join30(projectRoot, file.filePath), "utf-8");
+        content = readFileSync26(join31(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -15736,13 +16248,13 @@ async function scanSecurity(projectRoot, graph, options = {}) {
   };
 }
 function detectPackageManager(projectRoot) {
-  if (existsSync20(join31(projectRoot, "package.json"))) return "npm";
-  if (existsSync20(join31(projectRoot, "requirements.txt"))) return "pip";
-  if (existsSync20(join31(projectRoot, "pyproject.toml"))) return "pip";
-  if (existsSync20(join31(projectRoot, "Cargo.toml"))) return "cargo";
-  if (existsSync20(join31(projectRoot, "go.mod"))) return "go";
-  if (existsSync20(join31(projectRoot, "pom.xml"))) return "maven";
-  if (existsSync20(join31(projectRoot, "build.gradle")) || existsSync20(join31(projectRoot, "build.gradle.kts"))) return "gradle";
+  if (existsSync20(join32(projectRoot, "package.json"))) return "npm";
+  if (existsSync20(join32(projectRoot, "requirements.txt"))) return "pip";
+  if (existsSync20(join32(projectRoot, "pyproject.toml"))) return "pip";
+  if (existsSync20(join32(projectRoot, "Cargo.toml"))) return "cargo";
+  if (existsSync20(join32(projectRoot, "go.mod"))) return "go";
+  if (existsSync20(join32(projectRoot, "pom.xml"))) return "maven";
+  if (existsSync20(join32(projectRoot, "build.gradle")) || existsSync20(join32(projectRoot, "build.gradle.kts"))) return "gradle";
   return "unknown";
 }