pkg-scaffold 3.3.4 → 3.3.5

package/src/index.js

@@ -2,10 +2,10 @@ import { DeadCodeDetector } from "./ast/DeadCodeDetector.js";
 import { OxcAnalyzer } from "./ast/OxcAnalyzer.js";
 /**
  * ============================================================================
- * 📦 pkg-scaffold v3.3.2: Unified Architectural Refactoring Orchestrator
+ * 📦 pkg-scaffold v3.4.0: Unified Architectural Refactoring Orchestrator
  * ============================================================================
  * Main execution bridge managing multi-pass compilation cycles, semantic cross-linking,
- * supply-chain validation audits, and automated git self-healing rollbacks.
+ * supply-chain validation audits, and automated structural healing rollbacks.
  */
 
 import fs from 'fs/promises';
@@ -31,7 +31,6 @@ import { SelfHealer } from './healing/SelfHealer.js';
 import { IncrementalCacheManager } from './performance/GraphCache.js';
 import { WorkerPool } from './performance/WorkerPool.js';
 import { SupplyChainGuard } from './performance/SupplyChainGuard.js';
-import { SecretDetector } from './performance/SecretDetector.js';
 
 /**
  * Primary Refactoring Engine Core Coordination Controller
@@ -61,7 +60,6 @@ export class RefactoringEngine {
     
     // Stage 5: Bind security audit utilities and performance cache rings
     this.supplyChainGuard = new SupplyChainGuard(this.context);
-    this.secretDetector = new SecretDetector(this.context);
     this.cacheManager = new IncrementalCacheManager(this.context);
     this.workerPool = new WorkerPool(this.context);
     this.gitSandbox = new GitSandbox(this.context);
@@ -87,9 +85,12 @@ export class RefactoringEngine {
       await this.context.initialize();
       await this.pathMapper.loadMappings(this.context.tsconfigFilename);
       
+      // Always attempt workspace mesh initialization – it will auto-detect workspace
+      // configuration and flip `context.isWorkspaceEnabled` when found.
+      console.log(ansis.dim('🌐 Probing for monorepo workspace configuration...'));
+      await this.workspaceGraph.initializeWorkspaceMesh();
       if (this.context.isWorkspaceEnabled) {
-        console.log(ansis.dim('🌐 Mapping local monorepo workspaces and package mesh layers...'));
-        await this.workspaceGraph.initializeWorkspaceMesh();
+        console.log(ansis.dim('🌐 Monorepo workspace detected – mapping package mesh layers...'));
       }
 
       // Load asset fingerprints from disk cache to maximize cold-start performance
@@ -113,8 +114,6 @@ export class RefactoringEngine {
         }
       }
 
-
-
       // Pass 3: Process source file tokens using high-performance concurrent workers
       let parallelParseCompleted = false;
       if (sourceCodeFilesList.length > 10) {
@@ -145,6 +144,39 @@ export class RefactoringEngine {
         node.externalPackageUsage.forEach(pkg => this.context.usedExternalPackages.add(pkg));
       }
 
+      // Fix: Automatically mark active ecosystem packages as used.
+      // Maps internal plugin names to their canonical npm package names.
+      const pluginToPackageMap = {
+        'typescript': 'typescript',
+        'vitest': 'vitest',
+        'eslint': 'eslint',
+        'prettier': 'prettier',
+        'tailwindcss': 'tailwindcss',
+        'postcss': 'postcss',
+        'jest': 'jest',
+        'playwright': '@playwright/test',
+        'cypress': 'cypress',
+        'storybook': 'storybook',
+        'nextjs': 'next',
+        'nuxt': 'nuxt',
+        'remix': '@remix-run/dev',
+        'sveltekit': '@sveltejs/kit',
+        'astro': 'astro'
+      };
+
+      activeFrameworkEcosystems.forEach(ecosystem => {
+        if (ecosystem !== 'universal-tooling-vectors') {
+          const pkgName = pluginToPackageMap[ecosystem] || ecosystem;
+          this.context.usedExternalPackages.add(pkgName);
+        }
+      });
+
+      // Ensure all workspace package names are pre-marked as used so they are
+      // never reported as unused dependencies in the manifest audit.
+      if (this.context.isWorkspaceEnabled) {
+        this.workspaceGraph.markWorkspacePackagesAsUsed();
+      }
+
       // Pass 4: Evaluate graph edges and link connections across the codebase mesh
       console.log(ansis.dim('🔗 Linking graph edges and checking structural usage paths...'));
       await this.linkDependencyGraph();
@@ -157,44 +189,37 @@ export class RefactoringEngine {
         this.circularDetector.formatCycles().forEach(c => console.log(ansis.dim(`    • ${c}`)));
       }
 
-      // NEW: Secret Detection
-      console.log(ansis.dim('🔍 Scanning for hardcoded secrets...'));
-      const detectedSecrets = await this.secretDetector.scanCodebaseForSecrets(this.context);
-      const secretStats = this.secretDetector.getSecretStats();
-
       // Pass 5: Compile metrics summary and print diagnostics report
-      const analysisSummary = this.context.generateSummaryReport();
-      analysisSummary.detectedSecrets = detectedSecrets;
-      analysisSummary.secretStats = secretStats;
+      const analysisSummary = await this.context.generateSummaryReport();
       this.displayConsoleDiagnostics(analysisSummary);
 
-      // Pass 6: Run self-healing automated transformations if --fix is set
-      if (this.context.allowAutoFix) {
-        const structuralModificationsStaged = 
-          analysisSummary.structuralIssuesDetected.deadFiles.length > 0 || 
-          analysisSummary.structuralIssuesDetected.deadExports.length > 0 ||
-          analysisSummary.structuralIssuesDetected.unusedDependencies.length > 0;
-
-        if (structuralModificationsStaged) {
-          console.log(ansis.bold.yellow('\n📋 Proposed Optimization Plan:'));
-          console.log(ansis.dim('------------------------------------------------------------'));
-          
-          if (analysisSummary.structuralIssuesDetected.deadFiles.length > 0) {
-            console.log(ansis.bold(`  🗑️  Delete ${analysisSummary.structuralIssuesDetected.deadFiles.length} orphaned files:`));
-            analysisSummary.structuralIssuesDetected.deadFiles.forEach(f => console.log(ansis.dim(`    • ${f}`)));
-          }
-          
-          if (analysisSummary.structuralIssuesDetected.deadExports.length > 0) {
-            console.log(ansis.bold(`  ✂️  Prune ${analysisSummary.structuralIssuesDetected.deadExports.length} unused named exports:`));
-            analysisSummary.structuralIssuesDetected.deadExports.forEach(e => console.log(ansis.dim(`    • ${e.symbol} in ${e.file}:${e.line}`)));
-          }
+      // Pass 6: Display Optimization Plan and Run Automated Structural Healing
+      const structuralModificationsStaged = 
+        analysisSummary.structuralIssuesDetected.deadFiles.length > 0 || 
+        analysisSummary.structuralIssuesDetected.deadExports.length > 0 ||
+        analysisSummary.structuralIssuesDetected.unusedDependencies.length > 0;
+
+      if (structuralModificationsStaged) {
+        console.log(ansis.bold.yellow('\n📋 Proposed Optimization Plan:'));
+        console.log(ansis.dim('------------------------------------------------------------'));
+        
+        if (analysisSummary.structuralIssuesDetected.deadFiles.length > 0) {
+          console.log(ansis.bold(`  🗑️  Delete ${analysisSummary.structuralIssuesDetected.deadFiles.length} orphaned files:`));
+          analysisSummary.structuralIssuesDetected.deadFiles.forEach(f => console.log(ansis.dim(`    • ${f}`)));
+        }
+        
+        if (analysisSummary.structuralIssuesDetected.deadExports.length > 0) {
+          console.log(ansis.bold(`  ✂️  Prune ${analysisSummary.structuralIssuesDetected.deadExports.length} unused named exports:`));
+          analysisSummary.structuralIssuesDetected.deadExports.forEach(e => console.log(ansis.dim(`    • ${e.symbol} in ${e.file}:${e.line}`)));
+        }
 
-          if (analysisSummary.structuralIssuesDetected.unusedDependencies.length > 0) {
-            console.log(ansis.bold(`  📦 Remove ${analysisSummary.structuralIssuesDetected.unusedDependencies.length} unused dependencies:`));
-            analysisSummary.structuralIssuesDetected.unusedDependencies.forEach(d => console.log(ansis.dim(`    • ${d.package} (${d.type} in ${d.manifest})`)));
-          }
-          console.log(ansis.dim('------------------------------------------------------------'));
+        if (analysisSummary.structuralIssuesDetected.unusedDependencies.length > 0) {
+          console.log(ansis.bold(`  📦 Remove ${analysisSummary.structuralIssuesDetected.unusedDependencies.length} unused dependencies:`));
+          analysisSummary.structuralIssuesDetected.unusedDependencies.forEach(d => console.log(ansis.dim(`    • ${d.package} (${d.type} in ${d.manifest})`)));
+        }
+        console.log(ansis.dim('------------------------------------------------------------'));
 
+        if (this.context.allowAutoFix) {
           let proceed = this.context.skipConfirm;
           if (!proceed) {
             const answer = await rl.question(ansis.bold.cyan('\n❓ Apply these structural modifications? (y/N): '));
@@ -202,6 +227,7 @@ export class RefactoringEngine {
           }
 
           if (proceed) {
+            // Execute healing lifecycle (git-state-capture -> apply -> verify -> commit/rollback)
             await this.selfHealer.runSelfHealingLifecycle(async () => {
               for (const relPath of analysisSummary.structuralIssuesDetected.deadFiles) {
                 const absPath = path.resolve(this.context.cwd, relPath);
@@ -261,21 +287,41 @@ export class RefactoringEngine {
 
   async linkDependencyGraph() {
     for (const [filePath, node] of this.context.graph.entries()) {
+      // Pass A: Link all explicit imports (static + dynamic + re-export sources)
       for (const specifier of node.explicitImports) {
         const resolvedPath = this.resolver.resolveModulePath(filePath, specifier);
         if (resolvedPath && this.context.graph.has(resolvedPath)) {
           this.context.graph.get(resolvedPath).incomingEdges.add(filePath);
           node.outgoingEdges.add(resolvedPath);
+          
+          // Fix: Ensure all internal exports from a re-exported source are marked as used
+          // so the source file itself is never considered orphaned.
+          const targetNode = this.context.graph.get(resolvedPath);
+          const isReExport = Array.from(node.internalExports.values()).some(exp => exp.source === specifier);
+          if (isReExport) {
+            targetNode.isLibraryEntry = true; // Protect re-exported internal files
+          }
         }
       }
 
+      // Pass B: Link named-symbol imports through barrel/re-export chains
       for (const specToken of node.importedSymbols) {
         const delimiterIndex = specToken.indexOf(':');
         if (delimiterIndex === -1) continue;
         const specifier = specToken.slice(0, delimiterIndex);
         const symbol = specToken.slice(delimiterIndex + 1);
         const resolvedPath = this.resolver.resolveModulePath(filePath, specifier);
-        if (resolvedPath && symbol !== '*') {
+
+        if (!resolvedPath) continue;
+
+        if (symbol === '*') {
+          // Wildcard import / re-export-all: add a direct edge to the resolved file.
+          if (this.context.graph.has(resolvedPath)) {
+            this.context.graph.get(resolvedPath).incomingEdges.add(filePath);
+            node.outgoingEdges.add(resolvedPath);
+          }
+        } else {
+          // Named import: trace through barrel files to the actual declaration origin.
           const traceResolution = await this.barrelParser.determineSymbolDeclarationOrigin(resolvedPath, symbol, this.context.graph);
           if (traceResolution && this.context.graph.has(traceResolution.originFile)) {
             this.context.graph.get(traceResolution.originFile).incomingEdges.add(filePath);
@@ -292,7 +338,6 @@ export class RefactoringEngine {
       const data = JSON.parse(text);
       const prodDeps = Object.keys(data.dependencies || {});
       const devDeps = Object.keys(data.devDependencies || {});
-      const totalDependencies = [...prodDeps, ...devDeps];
 
       this.context.manifestDependencies.set(packageJsonPath, {
         dependencies: prodDeps,
@@ -300,66 +345,30 @@ export class RefactoringEngine {
         peerDependencies: Object.keys(data.peerDependencies || {}),
         optionalDependencies: Object.keys(data.optionalDependencies || {})
       });
-
-      const supplyChainThreats = this.supplyChainGuard.detectTyposquattingAnomalies(totalDependencies);
-      for (const anomaly of supplyChainThreats) {
-        console.warn(ansis.bold.red(`🚨 Supply Chain Alert: Malicious package masking candidate discovered [${anomaly.maliciousCandidate}]. Mimics trusted library [${anomaly.targetMimicked}].`));
-      }
-      await this.supplyChainGuard.verifyIntegrityLockfileHashes(packageJsonPath);
-    } catch {}
+    } catch (e) {}
   }
 
   displayConsoleDiagnostics(summary) {
-    console.log(ansis.bold.cyan('\n📊 Operational Diagnostics Summary:'));
-    console.log(ansis.dim('------------------------------------------------------------'));
-    console.log(`⏱️  Duration             : ${summary.executionDuration}`);
-    console.log(`📁 Files Processed      : ${summary.totalFilesProcessed}`);
-    console.log(`🧠 Cache Hit Ratio      : ${summary.graphCacheOptimization.ratio}`);
+    console.log(ansis.bold.cyan('\n📊 Codebase Optimization Summary Report'));
     console.log(ansis.dim('------------------------------------------------------------'));
-
-    if (summary.structuralIssuesDetected.deadFiles.length > 0) {
-      console.log(ansis.bold.red(`\n💀 Dead Files Detected (${summary.structuralIssuesDetected.deadFiles.length}):`));
-      summary.structuralIssuesDetected.deadFiles.forEach(f => console.log(ansis.dim(`   • ${f}`)));
-    }
-
-    if (summary.structuralIssuesDetected.deadExports.length > 0) {
-      console.log(ansis.bold.red(`\n✂️  Dead Exports Detected (${summary.structuralIssuesDetected.deadExports.length}):`));
-      summary.structuralIssuesDetected.deadExports.forEach(e => console.log(ansis.dim(`   • ${e.symbol} in ${e.file}:${e.line}`)));
-    }
-
-    if (summary.structuralIssuesDetected.unusedDependencies.length > 0) {
-      console.log(ansis.bold.red(`\n📦 Unused Dependencies (${summary.structuralIssuesDetected.unusedDependencies.length}):`));
-      summary.structuralIssuesDetected.unusedDependencies.forEach(d => console.log(ansis.dim(`   • ${d.package} (${d.type} in ${d.manifest})`)));
-    }
-
-    if (summary.structuralIssuesDetected.securityThreats.length > 0) {
-      console.log(ansis.bold.red(`
-🛡️  Security Threats (${summary.structuralIssuesDetected.securityThreats.length}):`));
-      summary.structuralIssuesDetected.securityThreats.forEach(t => console.log(ansis.dim(`   • ${t.identifier} in ${t.file}:${t.line} (Risk: ${t.riskCode})`)));
-    }
-
-    // Display detected secrets
-    if (summary.detectedSecrets && summary.detectedSecrets.length > 0) {
-      const criticalSecrets = summary.detectedSecrets.filter(s => s.severity === 'CRITICAL');
-      const highSecrets = summary.detectedSecrets.filter(s => s.severity === 'HIGH');
-      
-      console.log(ansis.bold.red(`
-🔐 Hardcoded Secrets Detected (${summary.detectedSecrets.length}):`));
-      
-      if (criticalSecrets.length > 0) {
-        console.log(ansis.bold.red(`   CRITICAL (${criticalSecrets.length}):`));
-        criticalSecrets.forEach(s => {
-          const relPath = s.file.split(/[\\/]/).slice(-2).join('/');
-          console.log(ansis.dim(`     • ${s.type} in ${relPath}:${s.line} [${s.variable}]`));
-        });
+    console.log(`⏱️  Analysis Duration: ${summary.executionDuration}`);
+    console.log(`📂 Total Files Scanned: ${summary.totalFilesProcessed}`);
+    console.log(`💾 Cache Optimization: ${summary.graphCacheOptimization.ratio} hits`);
+    
+    console.log(ansis.bold('\n🔍 Structural Integrity:'));
+    if (summary.structuralIssuesDetected.deadFiles.length === 0 && 
+        summary.structuralIssuesDetected.deadExports.length === 0 &&
+        summary.structuralIssuesDetected.unusedDependencies.length === 0) {
+      console.log(ansis.green('  ✅ No major structural debt detected.'));
+    } else {
+      if (summary.structuralIssuesDetected.deadFiles.length > 0) {
+        console.log(ansis.red(`  ❌ Found ${summary.structuralIssuesDetected.deadFiles.length} orphaned/dead files.`));
       }
-      
-      if (highSecrets.length > 0) {
-        console.log(ansis.bold.yellow(`   HIGH (${highSecrets.length}):`));
-        highSecrets.forEach(s => {
-          const relPath = s.file.split(/[\\/]/).slice(-2).join('/');
-          console.log(ansis.dim(`     • ${s.type} in ${relPath}:${s.line} [${s.variable}]`));
-        });
+      if (summary.structuralIssuesDetected.deadExports.length > 0) {
+        console.log(ansis.yellow(`  ⚠️  Found ${summary.structuralIssuesDetected.deadExports.length} unused named exports.`));
+      }
+      if (summary.structuralIssuesDetected.unusedDependencies.length > 0) {
+        console.log(ansis.yellow(`  📦 Found ${summary.structuralIssuesDetected.unusedDependencies.length} unused dependencies.`));
       }
     }
 
@@ -376,5 +385,13 @@ export class RefactoringEngine {
     if (cachedRecord.symbolSourceLocations) {
       Object.entries(cachedRecord.symbolSourceLocations).forEach(([k, v]) => node.symbolSourceLocations.set(k, v));
     }
+    // Restore fields that were previously missing from cache hydration
+    if (cachedRecord.externalPackageUsage) cachedRecord.externalPackageUsage.forEach(p => node.externalPackageUsage.add(p));
+    if (cachedRecord.rawStringReferences) cachedRecord.rawStringReferences.forEach(r => node.rawStringReferences.add(r));
+    if (cachedRecord.instantiatedIdentifiers) cachedRecord.instantiatedIdentifiers.forEach(id => node.instantiatedIdentifiers.add(id));
+    if (cachedRecord.propertyAccessChains) cachedRecord.propertyAccessChains.forEach(c => node.propertyAccessChains.add(c));
+    if (cachedRecord.localSuppressedRules) cachedRecord.localSuppressedRules.forEach(r => node.localSuppressedRules.add(r));
+    if (cachedRecord.calculatedDynamicImports) node.calculatedDynamicImports = cachedRecord.calculatedDynamicImports;
+    if (cachedRecord.isLibraryEntry !== undefined) node.isLibraryEntry = cachedRecord.isLibraryEntry;
   }
 }

package/src/performance/WorkerTaskRunner.js

@@ -31,18 +31,26 @@ async function processThreadChunks() {
         securityThreats: [],
         localSuppressedRules: new Set(),
         externalPackageUsage: new Set(),
-        symbolSourceLocations: new Map()
+        symbolSourceLocations: new Map(),
+        calculatedDynamicImports: [],
+        jsxComponents: new Set(),
+        jsxProps: new Set(),
+        decorators: new Set()
       };
 
+      // Use the public getScriptKind() method added to ASTAnalyzer
+      const scriptKind = standaloneAnalyzer.getScriptKind(file);
+
       const sourceFile = ts.createSourceFile(
         file,
         text,
         ts.ScriptTarget.Latest,
         true,
-        standaloneAnalyzer.getScriptKind(file)
+        scriptKind
       );
 
       standaloneAnalyzer.extractTopLevelJSDocSuppreessions(sourceFile, mockNode);
+      // Use the walkNode() alias that maps to walkAST() with the correct argument order
       standaloneAnalyzer.walkNode(sourceFile, sourceFile, mockNode);
 
       partialGraphPayloadResults.push({
@@ -57,10 +65,14 @@ async function processThreadChunks() {
         securityThreats: mockNode.securityThreats,
         localSuppressedRules: Array.from(mockNode.localSuppressedRules),
         externalPackageUsage: Array.from(mockNode.externalPackageUsage),
-        symbolSourceLocations: Object.fromEntries(mockNode.symbolSourceLocations)
+        symbolSourceLocations: Object.fromEntries(mockNode.symbolSourceLocations),
+        calculatedDynamicImports: mockNode.calculatedDynamicImports
       });
-    } catch {
-      // Ignore unparseable or locked syntax nodes in thread loops
+    } catch (err) {
+      // Log parse errors in verbose mode so they are not silently swallowed
+      if (contextOptions.verbose) {
+        console.warn(`[Worker] Failed to parse ${file}: ${err.message}`);
+      }
     }
   }
 

package/src/plugins/PluginRegistry.js

@@ -54,6 +54,15 @@ export class PluginRegistry {
         // Backend Services (New in v4.0)
         const { GraphQLPlugin, DatabasePlugin } = await import('./ecosystems/BackendServices.js');
 
+        // Extended tooling plugins (New in v4.1)
+        const {
+            TailwindPlugin, PostcssPlugin, JestPlugin, VitestPlugin,
+            PlaywrightPlugin, CypressPlugin, StorybookPlugin,
+            EslintPlugin, PrettierPlugin, HuskyPlugin, LintStagedPlugin,
+            CommitlintPlugin, BabelPlugin, RollupPlugin, WebpackPlugin,
+            GithubActionsPlugin
+        } = await import('./ecosystems/MorePlugins.js');
+
         const builtins = [
             new NextJsPlugin(this.context),
             new NuxtPlugin(this.context),
@@ -66,7 +75,24 @@ export class PluginRegistry {
             new SveltePlugin(this.context),
             new AngularPlugin(this.context),
             new GraphQLPlugin(this.context),
-            new DatabasePlugin(this.context)
+            new DatabasePlugin(this.context),
+            // Extended tooling plugins
+            new TailwindPlugin(this.context),
+            new PostcssPlugin(this.context),
+            new JestPlugin(this.context),
+            new VitestPlugin(this.context),
+            new PlaywrightPlugin(this.context),
+            new CypressPlugin(this.context),
+            new StorybookPlugin(this.context),
+            new EslintPlugin(this.context),
+            new PrettierPlugin(this.context),
+            new HuskyPlugin(this.context),
+            new LintStagedPlugin(this.context),
+            new CommitlintPlugin(this.context),
+            new BabelPlugin(this.context),
+            new RollupPlugin(this.context),
+            new WebpackPlugin(this.context),
+            new GithubActionsPlugin(this.context)
         ];
 
         builtins.forEach(p => {