uidex 0.3.0 → 0.5.0

package/dist/cli/cli.cjs

@@ -23,18 +23,18 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 
-// src/scan/cli.ts
+// src/scanner/scan/cli.ts
 var fs7 = __toESM(require("fs"), 1);
-var path8 = __toESM(require("path"), 1);
+var path9 = __toESM(require("path"), 1);
 
-// src/scan/ai/index.ts
+// src/scanner/scan/ai/index.ts
 var p = __toESM(require("@clack/prompts"), 1);
 
-// src/scan/ai/providers/claude.ts
+// src/scanner/scan/ai/providers/claude.ts
 var fs2 = __toESM(require("fs"), 1);
 var path2 = __toESM(require("path"), 1);
 
-// src/scan/ai/templates.ts
+// src/scanner/scan/ai/templates.ts
 var fs = __toESM(require("fs"), 1);
 var path = __toESM(require("path"), 1);
 function templatePath(rel) {
@@ -61,15 +61,16 @@ function readTemplate(rel) {
   return fs.readFileSync(templatePath(rel), "utf8");
 }
 
-// src/scan/ai/providers/claude.ts
+// src/scanner/scan/ai/providers/claude.ts
 var CLAUDE_FILES = [
   { dest: ".claude/rules/uidex.md", template: "claude/rules.md" },
-  { dest: ".claude/commands/uidex/audit.md", template: "claude/audit.md" }
+  { dest: ".claude/commands/uidex/audit.md", template: "claude/audit.md" },
+  { dest: ".claude/commands/uidex/api.md", template: "claude/api.md" }
 ];
 var claudeProvider = {
   id: "claude",
   label: "Claude Code",
-  description: "Adds .claude/rules/uidex.md and the /uidex:audit slash command.",
+  description: "Adds .claude/rules/uidex.md, /uidex:audit, and /uidex:api slash commands.",
   async install({ cwd, force }) {
     const changes = [];
     for (const file of CLAUDE_FILES) {
@@ -117,16 +118,16 @@ function cleanupEmpty(dir) {
   }
 }
 
-// src/scan/ai/providers/index.ts
+// src/scanner/scan/ai/providers/index.ts
 var PROVIDERS = [claudeProvider];
 function getProvider(id) {
   return PROVIDERS.find((p2) => p2.id === id);
 }
 
-// src/scan/ai/index.ts
+// src/scanner/scan/ai/index.ts
 async function runAiCommand(opts) {
-  const { cwd, argv } = opts;
-  const sub = argv[0];
+  const { cwd, argv: argv2 } = opts;
+  const sub = argv2[0];
   if (!sub || sub === "--help" || sub === "-h" || sub === "help") {
     return out(0, helpText());
   }
@@ -141,18 +142,18 @@ async function runAiCommand(opts) {
 
 ${helpText()}`);
   }
-  const flags = parseFlags(argv.slice(1));
+  const flags = parseFlags(argv2.slice(1));
   const provider = await selectProvider(opts, flags.provider);
   if (!provider) return out(0, "Cancelled.\n");
   if (sub === "install") {
-    const result2 = await provider.install({
+    const result3 = await provider.install({
       cwd,
       force: flags.force === true
     });
-    return out(0, formatChanges(provider, "Installed", result2));
+    return out(0, formatChanges(provider, "Installed", result3));
   }
-  const result = await provider.uninstall({ cwd });
-  return out(0, formatChanges(provider, "Uninstalled", result));
+  const result2 = await provider.uninstall({ cwd });
+  return out(0, formatChanges(provider, "Uninstalled", result2));
 }
 async function selectProvider(opts, explicit) {
   if (explicit) {
@@ -195,9 +196,9 @@ function parseFlags(args) {
   }
   return flags;
 }
-function formatChanges(provider, verb, result) {
+function formatChanges(provider, verb, result2) {
   const lines = [`${verb} ${provider.label}:`];
-  for (const c of result.changes) lines.push(`  ${describe(c)}`);
+  for (const c of result2.changes) lines.push(`  ${describe(c)}`);
   return lines.join("\n") + "\n";
 }
 function describe(c) {
@@ -234,12 +235,16 @@ function err(exitCode, stderr) {
   return { exitCode, stdout: "", stderr };
 }
 
-// src/scan/discover.ts
+// src/scanner/scan/discover.ts
 var fs3 = __toESM(require("fs"), 1);
 var path3 = __toESM(require("path"), 1);
 
-// src/scan/config.ts
+// src/scanner/scan/config.ts
 var DEFAULT_TYPE_MODE = "strict";
+var WELL_KNOWN_FILES = {
+  page: "uidex.page.ts",
+  feature: "uidex.feature.ts"
+};
 var ConfigError = class extends Error {
   constructor(message) {
     super(message);
@@ -277,14 +282,14 @@ var ALLOWED_AUDIT_KEYS = /* @__PURE__ */ new Set(["scopeLeak", "coverage", "acce
 function fail(msg) {
   throw new ConfigError(`Invalid .uidex.json: ${msg}`);
 }
-function assertObject(value, path9) {
+function assertObject(value, path10) {
   if (value === null || typeof value !== "object" || Array.isArray(value)) {
-    fail(`${path9} must be an object`);
+    fail(`${path10} must be an object`);
   }
 }
-function assertStringArray(value, path9) {
+function assertStringArray(value, path10) {
   if (!Array.isArray(value) || !value.every((v) => typeof v === "string")) {
-    fail(`${path9} must be a string[]`);
+    fail(`${path10} must be a string[]`);
   }
 }
 function validateConfig(raw) {
@@ -398,7 +403,7 @@ var DEFAULT_CONVENTIONS = {
   regions: "landmarks"
 };
 
-// src/scan/discover.ts
+// src/scanner/scan/discover.ts
 var CONFIG_FILENAME = ".uidex.json";
 var SKIP_DIRS = /* @__PURE__ */ new Set([
   "node_modules",
@@ -457,11 +462,14 @@ function discover(options = {}) {
   return results.sort((a, b) => a.configPath.localeCompare(b.configPath));
 }
 
-// src/scan/pipeline.ts
+// src/scanner/scan/pipeline.ts
 var fs5 = __toESM(require("fs"), 1);
-var path6 = __toESM(require("path"), 1);
+var path7 = __toESM(require("path"), 1);
+
+// src/scanner/scan/audit.ts
+var path4 = __toESM(require("path"), 1);
 
-// src/entities/types.ts
+// src/shared/entities/types.ts
 var ENTITY_KINDS = [
   "route",
   "page",
@@ -494,7 +502,7 @@ function assertEntityKind(kind) {
   if (!KIND_SET.has(kind)) throw new UnknownEntityKindError(kind);
 }
 
-// src/entities/registry.ts
+// src/shared/entities/registry.ts
 function emptyStore() {
   return {
     route: /* @__PURE__ */ new Map(),
@@ -558,11 +566,11 @@ function createRegistry() {
   };
   const query = (predicate) => {
     const flows = getFlows();
-    const result = [];
+    const result2 = [];
     for (const entity of allEntities()) {
-      if (predicate(entity)) result.push(freezeEntity(entity, flows));
+      if (predicate(entity)) result2.push(freezeEntity(entity, flows));
     }
-    return result;
+    return result2;
   };
   const byScope = (scope) => query(
     (entity) => "scopes" in entity && Array.isArray(entity.scopes) && entity.scopes.includes(scope)
@@ -576,10 +584,33 @@ function createRegistry() {
       return ids.has(entity.id);
     });
   };
-  return { add, get, list, query, byScope, touchedBy };
+  const reports = /* @__PURE__ */ new Map();
+  const reportsCbs = /* @__PURE__ */ new Set();
+  const setReports = (kind, id, records) => {
+    reports.set(`${kind}:${id}`, records);
+    for (const cb of reportsCbs) cb();
+  };
+  const getReports = (kind, id) => reports.get(`${kind}:${id}`) ?? [];
+  const listReportKeys = () => Array.from(reports.keys());
+  const onReportsChange = (cb) => {
+    reportsCbs.add(cb);
+    return () => reportsCbs.delete(cb);
+  };
+  return {
+    add,
+    get,
+    list,
+    query,
+    byScope,
+    touchedBy,
+    setReports,
+    getReports,
+    listReportKeys,
+    onReportsChange
+  };
 }
 
-// src/scan/audit.ts
+// src/scanner/scan/audit.ts
 var MARKER_FILENAMES = ["UIDEX_PAGE.md", "UIDEX_FEATURE.md"];
 function audit(opts) {
   const diagnostics = [];
@@ -681,6 +712,32 @@ function audit(opts) {
       }
     }
   }
+  if (lint) {
+    const scannedPaths = new Set(files.map((f) => f.displayPath));
+    for (const ef of extracted) {
+      if (!ef.metadata) continue;
+      for (const m of ef.metadata) {
+        if (m.kind !== "page" && m.kind !== "feature") continue;
+        if (typeof m.id !== "string") continue;
+        const filePath = ef.file.displayPath;
+        const wellKnownName = WELL_KNOWN_FILES[m.kind];
+        if (path4.posix.basename(filePath) === wellKnownName) continue;
+        const dir = path4.posix.dirname(filePath);
+        const wellKnownPath = dir === "." ? wellKnownName : `${dir}/${wellKnownName}`;
+        if (scannedPaths.has(wellKnownPath)) continue;
+        const kindLabel = m.kind === "page" ? "Page" : "Feature";
+        diagnostics.push({
+          code: "prefer-well-known-file",
+          severity: "info",
+          message: `${kindLabel} "${m.id}" metadata lives on ${filePath}; prefer ${wellKnownPath}`,
+          file: filePath,
+          line: m.loc.line,
+          entity: { kind: m.kind, id: m.id },
+          hint: `Move the \`export const uidex\` block to ${wellKnownPath} and remove it from ${filePath}.`
+        });
+      }
+    }
+  }
   if (lint) {
     for (const f of files) {
       const lines = f.content.split("\n");
@@ -707,6 +764,15 @@ function audit(opts) {
     const primitives = registry.list("primitive");
     const byName = /* @__PURE__ */ new Map();
     for (const p2 of primitives) byName.set(p2.id, p2);
+    const declaredFeatures = /* @__PURE__ */ new Map();
+    for (const ef of extracted) {
+      if (!ef.metadata) continue;
+      for (const m of ef.metadata) {
+        if (m.features && m.features.length > 0) {
+          declaredFeatures.set(ef.file.displayPath, new Set(m.features));
+        }
+      }
+    }
     for (const f of files) {
       const importRe = /import\s+(?:[^'"]+)\s+from\s+['"]([^'"]+)['"]/g;
       let m;
@@ -717,18 +783,23 @@ function audit(opts) {
           baseName2.replace(/\.(tsx|ts|jsx|js|mjs|cjs)$/, "").replace(/([a-z0-9])([A-Z])/g, "$1-$2").toLowerCase()
         );
         if (!primitive) continue;
-        const scope = primitive.scopes?.[0] ?? "global";
-        if (scope === "global") continue;
+        const scope = primitive.scopes?.[0];
+        if (!scope) continue;
         const [kind, id] = scope.split(":");
         const importerSegments = f.displayPath.split("/");
-        if (!importerSegments.includes(id) || !importerSegments.includes(kind + "s")) {
-          diagnostics.push({
-            code: "scope-leak",
-            severity: "warning",
-            message: `Primitive "${primitive.id}" is scoped to ${scope} but is imported from ${f.displayPath}`,
-            file: f.displayPath
-          });
+        if (importerSegments.includes(id) && importerSegments.includes(kind + "s")) {
+          continue;
+        }
+        if (kind === "feature" && importerSegments.includes(id)) continue;
+        if (kind === "feature" && declaredFeatures.get(f.displayPath)?.has(id)) {
+          continue;
         }
+        diagnostics.push({
+          code: "scope-leak",
+          severity: "warning",
+          message: `Primitive "${primitive.id}" is scoped to ${scope} but is imported from ${f.displayPath}`,
+          file: f.displayPath
+        });
       }
     }
   }
@@ -902,7 +973,7 @@ function stableReplacer(_key, value) {
   return value;
 }
 
-// src/scan/emit.ts
+// src/scanner/scan/emit.ts
 function sortById(arr) {
   return [...arr].sort((a, b) => a.id.localeCompare(b.id));
 }
@@ -1026,6 +1097,7 @@ function emit(opts) {
   lines.push("  export interface Feature {");
   lines.push("    feature: FeatureId | false");
   lines.push("    name?: string");
+  lines.push("    features?: readonly FeatureId[]");
   lines.push("    acceptance?: readonly string[]");
   lines.push("    description?: string");
   lines.push("  }");
@@ -1082,7 +1154,7 @@ function emit(opts) {
   return lines.join("\n");
 }
 
-// src/scan/extract-uidex-export.ts
+// src/scanner/scan/extract-uidex-export.ts
 var KIND_DISCRIMINATORS = [
   "page",
   "feature",
@@ -1100,7 +1172,13 @@ var ALLOWED_FIELDS = {
     "acceptance",
     "description"
   ]),
-  feature: /* @__PURE__ */ new Set(["feature", "name", "acceptance", "description"]),
+  feature: /* @__PURE__ */ new Set([
+    "feature",
+    "name",
+    "features",
+    "acceptance",
+    "description"
+  ]),
   primitive: /* @__PURE__ */ new Set(["primitive", "name", "description"]),
   widget: /* @__PURE__ */ new Set(["widget", "name", "acceptance", "description"]),
   flow: /* @__PURE__ */ new Set(["flow", "notFlow", "name", "description"])
@@ -1836,7 +1914,7 @@ function buildMetadata(value, file, headerPos, diagnostics) {
       line: pos.line
     });
   }
-  const features = kind === "page" ? readStringArrayField(byKey, "features") : void 0;
+  const features = kind === "page" || kind === "feature" ? readStringArrayField(byKey, "features") : void 0;
   const widgets = kind === "page" ? readStringArrayField(byKey, "widgets") : void 0;
   const notFlow = kind === "flow" && discriminator === "notFlow" ? true : void 0;
   const metadata = {
@@ -1931,7 +2009,7 @@ function posAt(content, offset) {
   return { offset, line, column: offset - lineStart + 1 };
 }
 
-// src/scan/jsx-ancestry.ts
+// src/scanner/scan/jsx-ancestry.ts
 var DATA_ATTR_RE = /\bdata-uidex(?:-(region|widget|primitive))?\s*=\s*(?:"([^"]*)"|'([^']*)')/g;
 function parseDataAttrs(tagSource) {
   if (!tagSource.includes("data-uidex")) return [];
@@ -2120,7 +2198,7 @@ function findTagEnd(content, start) {
   return -1;
 }
 
-// src/scan/extract.ts
+// src/scanner/scan/extract.ts
 var JSDOC_BLOCK = /\/\*\*([\s\S]*?)\*\//g;
 function lineAt(content, index) {
   let line = 1;
@@ -2223,7 +2301,7 @@ function extractOne(file) {
   return annotations;
 }
 
-// src/scan/git.ts
+// src/scanner/scan/git.ts
 var import_node_child_process = require("child_process");
 function runGit(args, cwd) {
   try {
@@ -2255,10 +2333,10 @@ function parseGitHubRef(ref) {
   return m ? m[1] : null;
 }
 
-// src/scan/resolve.ts
-var path5 = __toESM(require("path"), 1);
+// src/scanner/scan/resolve.ts
+var path6 = __toESM(require("path"), 1);
 
-// src/scan/routes.ts
+// src/scanner/scan/routes.ts
 var PAGE_BASENAME = /^page\.(tsx|ts|jsx|js|mjs|cjs)$/;
 var PAGES_ROUTER_BASENAME = /\.(tsx|ts|jsx|js|mjs|cjs)$/;
 var ROUTE_BASENAME = /^route\.(tsx|ts|jsx|js|mjs|cjs)$/;
@@ -2324,9 +2402,9 @@ function pathToId(routePath) {
   return routePath.replace(/^\/+/, "").replace(/\[\.{3}([^\]]+)\]/g, "$1").replace(/\[([^\]]+)\]/g, "$1").replace(/\//g, "-").replace(/[^a-zA-Z0-9-]/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "");
 }
 
-// src/scan/walk.ts
+// src/scanner/scan/walk.ts
 var fs4 = __toESM(require("fs"), 1);
-var path4 = __toESM(require("path"), 1);
+var path5 = __toESM(require("path"), 1);
 var DEFAULT_INCLUDES = ["**/*.{ts,tsx,js,jsx,mjs,cjs}"];
 var BASE_EXCLUDES = [
   "**/node_modules/**",
@@ -2390,7 +2468,7 @@ function globToRegExp(glob) {
   return new RegExp(`^${out2}$`);
 }
 function toPosix(p2) {
-  return p2.split(path4.sep).join("/");
+  return p2.split(path5.sep).join("/");
 }
 function matchesAny(rel, patterns) {
   return patterns.some((g) => globToRegExp(g).test(rel));
@@ -2406,9 +2484,9 @@ function walk(sources, options) {
       ...globalExcludes,
       ...source.exclude ?? []
     ];
-    const absRoot = path4.resolve(cwd, source.rootDir);
+    const absRoot = path5.resolve(cwd, source.rootDir);
     for (const filePath of walkDir(absRoot, absRoot)) {
-      const rel = toPosix(path4.relative(absRoot, filePath));
+      const rel = toPosix(path5.relative(absRoot, filePath));
       if (matchesAny(rel, excludes)) continue;
       if (!matchesAny(rel, includes)) continue;
       let content;
@@ -2417,7 +2495,7 @@ function walk(sources, options) {
       } catch {
         continue;
       }
-      const relFromCwd = toPosix(path4.relative(cwd, filePath));
+      const relFromCwd = toPosix(path5.relative(cwd, filePath));
       const displayPath = source.prefix ? `${source.prefix.replace(/\/$/, "")}/${rel}` : relFromCwd;
       out2.push({
         sourcePath: filePath,
@@ -2437,7 +2515,7 @@ function* walkDir(root, dir) {
     return;
   }
   for (const entry of entries) {
-    const full = path4.join(dir, entry.name);
+    const full = path5.join(dir, entry.name);
     if (entry.isDirectory()) {
       if (entry.name === "node_modules" || entry.name === "dist" || entry.name === ".git" || entry.name === "build" || entry.name === ".next") {
         continue;
@@ -2449,7 +2527,7 @@ function* walkDir(root, dir) {
   }
 }
 
-// src/scan/resolve.ts
+// src/scanner/scan/resolve.ts
 var DOM_ATTR_KINDS = /* @__PURE__ */ new Set([
   "element",
   "region",
@@ -2469,7 +2547,7 @@ function kebab(str) {
   return str.replace(/([a-z0-9])([A-Z])/g, "$1-$2").replace(/[_\s]+/g, "-").replace(/[^a-zA-Z0-9-]/g, "").toLowerCase();
 }
 function baseName(file) {
-  const b = path5.posix.basename(file);
+  const b = path6.posix.basename(file);
   return b.replace(/\.(tsx|ts|jsx|js|mjs|cjs)$/, "");
 }
 var LANDMARK_RE = /<(header|nav|main|aside|footer)(\s[^>]*)?>|role=["']region["']/gi;
@@ -2544,7 +2622,24 @@ function resolve3(ctx) {
   const routes = conventions.pages === "auto" ? detectRoutes(ctx.extracted.map((e) => e.file)) : [];
   const handledPageFiles = /* @__PURE__ */ new Set();
   for (const route of routes) {
-    const exp = exportFor(route.file, "page");
+    const routeDir = path6.posix.dirname(route.file);
+    const wellKnownPath = `${routeDir}/${WELL_KNOWN_FILES.page}`;
+    const wellKnownExp = exportFor(wellKnownPath, "page");
+    const routeExp = exportFor(route.file, "page");
+    const exp = wellKnownExp ?? routeExp;
+    const locFile = wellKnownExp ? wellKnownPath : route.file;
+    if (wellKnownExp) handledPageFiles.add(wellKnownPath);
+    handledPageFiles.add(route.file);
+    if (wellKnownExp && routeExp) {
+      diagnostics.push({
+        code: "competing-uidex-export",
+        severity: "warning",
+        message: `Page metadata declared in both ${wellKnownPath} and ${route.file}; ${wellKnownPath} takes precedence.`,
+        file: route.file,
+        line: routeExp.loc.line,
+        hint: `Remove the export from ${route.file} or delete ${wellKnownPath}.`
+      });
+    }
     if (exp && exp.id === false) continue;
     const effectiveId = exp && typeof exp.id === "string" ? exp.id : route.id;
     const meta = exp ? buildMetaFromExport(exp) : void 0;
@@ -2552,11 +2647,10 @@ function resolve3(ctx) {
     const page = {
       kind: "page",
       id: effectiveId,
-      loc: { file: route.file, line: exp?.loc.line },
+      loc: { file: locFile, line: exp?.loc.line },
       ...meta ? { meta } : {}
     };
     registry.add(page);
-    handledPageFiles.add(route.file);
   }
   for (const ef of ctx.extracted) {
     const exp = exportFor(ef.file.displayPath, "page");
@@ -2572,7 +2666,8 @@ function resolve3(ctx) {
   }
   const featureGlob = typeof conventions.features === "string" ? conventions.features : null;
   const conventionalFeatureDirs = /* @__PURE__ */ new Set();
-  const featureExportsByDir = /* @__PURE__ */ new Map();
+  const featureExportFilesByDir = /* @__PURE__ */ new Map();
+  const wellKnownFeatureFileByDir = /* @__PURE__ */ new Map();
   const suppressedFeatureDirs = /* @__PURE__ */ new Set();
   if (featureGlob) {
     const re = globToRegExp(featureGlob + "/**");
@@ -2581,17 +2676,44 @@ function resolve3(ctx) {
       const dir = extractFeatureDir(ef.file.displayPath, featureGlob);
       if (!dir) continue;
       conventionalFeatureDirs.add(dir);
+      const isWellKnown = path6.posix.basename(ef.file.displayPath) === WELL_KNOWN_FILES.feature;
+      if (isWellKnown) wellKnownFeatureFileByDir.set(dir, ef.file.displayPath);
       const exp = exportFor(ef.file.displayPath, "feature");
       if (exp) {
         if (exp.id === false) suppressedFeatureDirs.add(dir);
-        else if (!featureExportsByDir.has(dir))
-          featureExportsByDir.set(dir, exp);
+        else {
+          let arr = featureExportFilesByDir.get(dir);
+          if (!arr) {
+            arr = [];
+            featureExportFilesByDir.set(dir, arr);
+          }
+          arr.push({ file: ef.file.displayPath, exp });
+        }
       }
     }
     for (const dir of conventionalFeatureDirs) {
       if (suppressedFeatureDirs.has(dir)) continue;
-      const exp = featureExportsByDir.get(dir);
-      const id = exp && typeof exp.id === "string" ? exp.id : path5.posix.basename(dir);
+      const allExports = featureExportFilesByDir.get(dir) ?? [];
+      const wellKnownPath = wellKnownFeatureFileByDir.get(dir);
+      const wellKnownEntry = wellKnownPath ? allExports.find((e) => e.file === wellKnownPath) : void 0;
+      let exp;
+      if (wellKnownEntry) {
+        exp = wellKnownEntry.exp;
+        for (const other of allExports) {
+          if (other.file === wellKnownEntry.file) continue;
+          diagnostics.push({
+            code: "competing-uidex-export",
+            severity: "warning",
+            message: `Feature metadata declared in both ${wellKnownEntry.file} and ${other.file}; ${wellKnownEntry.file} takes precedence.`,
+            file: other.file,
+            line: other.exp.loc.line,
+            hint: `Remove the export from ${other.file} or delete ${wellKnownEntry.file}.`
+          });
+        }
+      } else if (allExports.length > 0) {
+        exp = allExports[0].exp;
+      }
+      const id = exp && typeof exp.id === "string" ? exp.id : path6.posix.basename(dir);
       const meta = exp ? buildMetaFromExport(exp) : void 0;
       const feature = {
         kind: "feature",
@@ -2723,11 +2845,12 @@ function resolve3(ctx) {
         exp.id,
         buildMetaFromExport(exp)
       );
+      const scope = computeScope(file);
       const primitive = {
         kind: "primitive",
         id: exp.id,
         loc: { file, line: exp.loc.line },
-        scopes: [computeScope(file)],
+        ...scope ? { scopes: [scope] } : {},
         ...meta ? { meta } : {}
       };
       registry.add(primitive);
@@ -2739,11 +2862,12 @@ function resolve3(ctx) {
     if (domPrimitives.length > 0) {
       for (const p2 of domPrimitives) {
         const meta = metaWithComposes("primitive", p2.id);
+        const domScope = computeScope(p2.file);
         const primitive = {
           kind: "primitive",
           id: p2.id,
           loc: { file: p2.file, line: p2.line },
-          scopes: [computeScope(p2.file)],
+          ...domScope ? { scopes: [domScope] } : {},
           ...meta ? { meta } : {}
         };
         registry.add(primitive);
@@ -2753,13 +2877,13 @@ function resolve3(ctx) {
     if (primitiveConventions && fileMatchesAny(file, primitiveConventions)) {
       const name = kebab(baseName(file));
       if (!name) continue;
-      const scope = computeScope(file);
+      const convScope = computeScope(file);
       const meta = metaWithComposes("primitive", name);
       const primitive = {
         kind: "primitive",
         id: name,
         loc: { file },
-        scopes: [scope],
+        ...convScope ? { scopes: [convScope] } : {},
         ...meta ? { meta } : {}
       };
       registry.add(primitive);
@@ -2789,7 +2913,8 @@ function resolve3(ctx) {
           kind: "flow",
           id: flowExport.id,
           loc: base.loc,
-          touches: base.touches
+          touches: base.touches,
+          steps: base.steps
         };
         registry.add(flow);
       } else {
@@ -2834,7 +2959,7 @@ function computeScope(displayPath) {
   if (pagesIdx !== -1 && parts[pagesIdx + 1]) {
     return `page:${parts[pagesIdx + 1]}`;
   }
-  return "global";
+  return null;
 }
 function extractFlowsFromSource(file) {
   const flows = [];
@@ -2868,17 +2993,18 @@ function extractFlowsFromSource(file) {
       kind: "flow",
       id,
       loc: { file: file.displayPath, line },
-      touches: dedupe(touches.map((t) => t.id))
+      touches: dedupe(touches.map((t) => t.id)),
+      steps: touches.filter((t) => t.action).map((t) => ({ entityId: t.id, action: t.action }))
     });
   }
   return flows;
 }
 function captureUidexIds(body) {
   const out2 = [];
-  const re = /uidex\(\s*(?:'([^']+)'|"([^"]+)"|`([^`$]+)`)\s*\)/g;
+  const re = /uidex\(\s*(?:'([^']+)'|"([^"]+)"|`([^`$]+)`)\s*\)(?:\.(\w+)\s*\()?/g;
   let m;
   while ((m = re.exec(body)) !== null) {
-    out2.push({ id: m[1] || m[2] || m[3] });
+    out2.push({ id: m[1] || m[2] || m[3], action: m[4] });
   }
   return out2;
 }
@@ -2886,7 +3012,7 @@ function dedupe(arr) {
   return Array.from(new Set(arr));
 }
 
-// src/scan/pipeline.ts
+// src/scanner/scan/pipeline.ts
 function runScan(opts = {}) {
   const cwd = opts.cwd ?? process.cwd();
   const configs = opts.configs ?? discover({ cwd });
@@ -2918,7 +3044,7 @@ function runOne(dc, opts) {
     gitContext,
     typeMode: config.typeMode
   });
-  const outputPath = path6.resolve(configDir, config.output);
+  const outputPath = path7.resolve(configDir, config.output);
   const outputRel = config.output;
   let existingOnDisk = null;
   if (opts.check) {
@@ -2953,14 +3079,14 @@ function runOne(dc, opts) {
     outputPath
   };
 }
-function writeScanResult(result) {
-  fs5.mkdirSync(path6.dirname(result.outputPath), { recursive: true });
-  fs5.writeFileSync(result.outputPath, result.generated, "utf8");
+function writeScanResult(result2) {
+  fs5.mkdirSync(path7.dirname(result2.outputPath), { recursive: true });
+  fs5.writeFileSync(result2.outputPath, result2.generated, "utf8");
 }
 
-// src/scan/scaffold.ts
+// src/scanner/scan/scaffold.ts
 var fs6 = __toESM(require("fs"), 1);
-var path7 = __toESM(require("path"), 1);
+var path8 = __toESM(require("path"), 1);
 function scaffoldWidgetSpec(opts) {
   const {
     registry,
@@ -2975,7 +3101,7 @@ function scaffoldWidgetSpec(opts) {
   }
   const criteria = widget.meta?.acceptance ?? [];
   const filename = `widget-${widgetId}.spec.ts`;
-  const outputPath = path7.resolve(outDir, filename);
+  const outputPath = path8.resolve(outDir, filename);
   if (fs6.existsSync(outputPath) && !force) {
     return {
       outputPath,
@@ -2989,7 +3115,7 @@ function scaffoldWidgetSpec(opts) {
     criteria,
     fixtureImport
   });
-  fs6.mkdirSync(path7.dirname(outputPath), { recursive: true });
+  fs6.mkdirSync(path8.dirname(outputPath), { recursive: true });
   fs6.writeFileSync(outputPath, content, "utf8");
   return { outputPath, written: true, skipped: false };
 }
@@ -3021,8 +3147,8 @@ function renderSpec(args) {
   return lines.join("\n");
 }
 
-// src/scan/cli.ts
-function parseFlags2(args) {
+// src/scanner/cli/parse-args.ts
+function parseArgs(args) {
   const positional = [];
   const flags = {};
   for (let i = 0; i < args.length; i++) {
@@ -3046,13 +3172,15 @@ function parseFlags2(args) {
   }
   return { positional, flags };
 }
+
+// src/scanner/scan/cli.ts
 async function run(opts) {
   const cwd = opts.cwd ?? process.cwd();
-  const { positional, flags } = parseFlags2(opts.argv);
-  const command = positional[0] ?? "help";
+  const { positional, flags } = parseArgs(opts.argv);
+  const command2 = positional[0] ?? "help";
   const writer = createWriter();
   try {
-    switch (command) {
+    switch (command2) {
       case "help":
       case "--help":
       case "-h":
@@ -3065,16 +3193,16 @@ async function run(opts) {
       case "scaffold":
         return runScaffold(cwd, positional.slice(1), flags, writer);
       case "ai": {
-        const result = await runAiCommand({
+        const result2 = await runAiCommand({
           cwd,
           argv: opts.argv.slice(1)
         });
-        if (result.stdout) writer.out(result.stdout.replace(/\n$/, ""));
-        if (result.stderr) writer.err(result.stderr.replace(/\n$/, ""));
-        return writer.result(result.exitCode);
+        if (result2.stdout) writer.out(result2.stdout.replace(/\n$/, ""));
+        if (result2.stderr) writer.err(result2.stderr.replace(/\n$/, ""));
+        return writer.result(result2.exitCode);
       }
       default:
-        writer.err(`Unknown command: ${command}`);
+        writer.err(`Unknown command: ${command2}`);
         writer.err(helpText2());
         return writer.result(1);
     }
@@ -3092,6 +3220,10 @@ function helpText2() {
     "  scan [flags]          Run the scanner pipeline",
     "  scaffold widget <id>  Emit a Playwright spec from a widget's acceptance",
     "  ai <install|uninstall|providers>  Manage AI assistant integrations",
+    "  api <METHOD> <PATH>              Call the uidex API",
+    "  api --list                       Show available API routes",
+    "  api login                        Authenticate via browser",
+    "  api login --token <tok>          Store an auth token directly",
     "",
     "Flags:",
     "  --check               Verify the on-disk gen file matches a fresh scan; exit non-zero on drift (read-only)",
@@ -3103,7 +3235,7 @@ function helpText2() {
   ].join("\n");
 }
 function runInit(cwd, w) {
-  const configPath = path8.join(cwd, CONFIG_FILENAME);
+  const configPath = path9.join(cwd, CONFIG_FILENAME);
   if (fs7.existsSync(configPath)) {
     w.err(`.uidex.json already exists at ${configPath}`);
     return w.result(1);
@@ -3115,7 +3247,7 @@ function runInit(cwd, w) {
   };
   fs7.writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n", "utf8");
   w.out(`Created ${configPath}`);
-  const gitignorePath = path8.join(cwd, ".gitignore");
+  const gitignorePath = path9.join(cwd, ".gitignore");
   const entry = "*.gen.ts";
   if (fs7.existsSync(gitignorePath)) {
     const existing = fs7.readFileSync(gitignorePath, "utf8");
@@ -3193,18 +3325,18 @@ function runScaffold(cwd, args, flags, w) {
   for (const r of results) {
     const widget = r.registry.get("widget", id);
     if (!widget) continue;
-    const outDir = path8.resolve(r.configDir, "e2e");
-    const result = scaffoldWidgetSpec({
+    const outDir = path9.resolve(r.configDir, "e2e");
+    const result2 = scaffoldWidgetSpec({
       registry: r.registry,
       widgetId: id,
       outDir,
       force: Boolean(flags.force)
     });
-    if (result.skipped) {
-      w.err(result.reason ?? "skipped");
+    if (result2.skipped) {
+      w.err(result2.reason ?? "skipped");
       return w.result(1);
     }
-    w.out(`Wrote ${result.outputPath}`);
+    w.out(`Wrote ${result2.outputPath}`);
     return w.result(0);
   }
   w.err(`Widget "${id}" not found in registry`);
@@ -3226,12 +3358,884 @@ function createWriter() {
   };
 }
 
-// src/cli/cli.ts
-run({ argv: process.argv.slice(2) }).then(
-  (result) => {
-    if (result.stdout) process.stdout.write(result.stdout);
-    if (result.stderr) process.stderr.write(result.stderr);
-    process.exit(result.exitCode);
+// src/scanner/cli/auth.ts
+function createMemoryTokenStorage(initial) {
+  let token = initial ?? null;
+  return {
+    get: () => token,
+    set: (t) => {
+      token = t;
+    },
+    clear: () => {
+      token = null;
+    }
+  };
+}
+function createFileTokenStorage(options) {
+  const nodeFs = require("fs");
+  const nodePath = require("path");
+  const file = options.path;
+  function read() {
+    if (!nodeFs.existsSync(file)) return null;
+    try {
+      const raw = nodeFs.readFileSync(file, "utf8");
+      const parsed = JSON.parse(raw);
+      if (parsed && typeof parsed === "object") {
+        return parsed;
+      }
+    } catch {
+      return null;
+    }
+    return null;
+  }
+  return {
+    get: () => read()?.token ?? null,
+    set: (token) => {
+      nodeFs.mkdirSync(nodePath.dirname(file), { recursive: true });
+      nodeFs.writeFileSync(file, JSON.stringify({ token }, null, 2));
+    },
+    clear: () => {
+      if (nodeFs.existsSync(file)) nodeFs.unlinkSync(file);
+    }
+  };
+}
+function defaultTokenPath() {
+  const os = require("os");
+  const path10 = require("path");
+  return path10.join(os.homedir(), ".uidex", "cloud-token.json");
+}
+
+// src/scanner/cli/http.ts
+function createHttpClient(options) {
+  const baseUrl = options.baseUrl.replace(/\/$/, "");
+  async function request(path10, opts = {}) {
+    let url = `${baseUrl}${path10.startsWith("/") ? path10 : `/${path10}`}`;
+    if (opts.query) {
+      url += (url.includes("?") ? "&" : "?") + opts.query;
+    }
+    const headers = {
+      Accept: "application/json",
+      ...opts.headers
+    };
+    const token = options.token();
+    if (token) headers.Authorization = `Bearer ${token}`;
+    if (opts.body !== void 0) {
+      headers["Content-Type"] ??= "application/json";
+    }
+    const res = await fetch(url, {
+      method: opts.method ?? (opts.body ? "POST" : "GET"),
+      headers,
+      body: opts.body
+    });
+    const raw = await res.text();
+    let body = raw;
+    try {
+      body = JSON.parse(raw);
+    } catch {
+    }
+    return { status: res.status, body, raw };
+  }
+  return { request };
+}
+
+// src/scanner/cli/json-highlight.ts
+var RESET = "\x1B[0m";
+var BOLD = "\x1B[1m";
+var DIM = "\x1B[2m";
+var RED = "\x1B[31m";
+var CYAN = "\x1B[36m";
+var GREEN = "\x1B[32m";
+var YELLOW = "\x1B[33m";
+var MAGENTA = "\x1B[35m";
+function highlightJson(value, color) {
+  const json = JSON.stringify(value, null, 2);
+  if (!color) return json;
+  return json.replace(
+    /("(?:\\.|[^"\\])*")\s*:|("(?:\\.|[^"\\])*")|(\b(?:true|false|null)\b)|(-?\d+(?:\.\d+)?(?:[eE][+-]?\d+)?)/g,
+    (match, key, str, literal, num) => {
+      if (key) return `${CYAN}${key}${RESET}:`;
+      if (str) return `${GREEN}${str}${RESET}`;
+      if (literal) return `${MAGENTA}${literal}${RESET}`;
+      if (num) return `${YELLOW}${num}${RESET}`;
+      return match;
+    }
+  );
+}
+function formatStatus(status, color) {
+  if (!color) return `HTTP ${status}`;
+  const code = status >= 400 ? RED : status >= 300 ? YELLOW : GREEN;
+  return `${code}HTTP ${status}${RESET}`;
+}
+function boldText(text, color) {
+  if (!color) return text;
+  return `${BOLD}${text}${RESET}`;
+}
+function dimText(text, color) {
+  if (!color) return text;
+  return `${DIM}${text}${RESET}`;
+}
+
+// src/scanner/cli/api-routes.gen.ts
+var API_ROUTES = [
+  {
+    "method": "POST",
+    "path": "/api/ingest",
+    "operationId": "submitReport",
+    "summary": "Submit feedback from the SDK.",
+    "tag": "Ingest",
+    "params": []
+  },
+  {
+    "method": "GET",
+    "path": "/api/ingest/config",
+    "operationId": "getIngestConfig",
+    "summary": "Get integration configuration for the project.",
+    "tag": "Ingest",
+    "params": []
+  },
+  {
+    "method": "GET",
+    "path": "/api/ingest/reports",
+    "operationId": "listIngestReports",
+    "summary": "List feedback for the project (SDK view).",
+    "tag": "Ingest",
+    "params": []
+  },
+  {
+    "method": "GET",
+    "path": "/api/ingest/pins",
+    "operationId": "listPins",
+    "summary": "List pins by route and/or entity.",
+    "tag": "Ingest",
+    "params": []
+  },
+  {
+    "method": "POST",
+    "path": "/api/ingest/pins/archive",
+    "operationId": "archivePin",
+    "summary": "Archive a pin.",
+    "tag": "Ingest",
+    "params": []
+  },
+  {
+    "method": "POST",
+    "path": "/api/cli-auth/authorize",
+    "operationId": "authorizeCli",
+    "summary": "Authorize a CLI session by delivering a token.",
+    "tag": "CLI Auth",
+    "params": []
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations",
+    "operationId": "listOrganizations",
+    "summary": "List organizations for the current user.",
+    "tag": "Organizations",
+    "params": []
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations",
+    "operationId": "createOrganization",
+    "summary": "Create an organization.",
+    "tag": "Organizations",
+    "params": []
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/switch",
+    "operationId": "switchOrganization",
+    "summary": "Switch the active organization.",
+    "tag": "Organizations",
+    "params": []
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}",
+    "operationId": "getOrganization",
+    "summary": "Get organization details.",
+    "tag": "Organizations",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "PATCH",
+    "path": "/api/organizations/{orgId}",
+    "operationId": "updateOrganization",
+    "summary": "Update an organization.",
+    "tag": "Organizations",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}",
+    "operationId": "deleteOrganization",
+    "summary": "Delete an organization.",
+    "tag": "Organizations",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/members",
+    "operationId": "listMembers",
+    "summary": "List organization members.",
+    "tag": "Members",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}/members",
+    "operationId": "removeMember",
+    "summary": "Remove a member from the organization.",
+    "tag": "Members",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "PATCH",
+    "path": "/api/organizations/{orgId}/members/{memberId}",
+    "operationId": "updateMember",
+    "summary": "Update a member's role.",
+    "tag": "Members",
+    "params": [
+      "orgId",
+      "memberId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/invitations",
+    "operationId": "listInvitations",
+    "summary": "List organization invitations.",
+    "tag": "Invitations",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/invitations",
+    "operationId": "createInvitation",
+    "summary": "Create an invitation link.",
+    "tag": "Invitations",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}/invitations/{inviteId}",
+    "operationId": "deleteInvitation",
+    "summary": "Revoke an invitation.",
+    "tag": "Invitations",
+    "params": [
+      "orgId",
+      "inviteId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/projects",
+    "operationId": "listProjects",
+    "summary": "List projects in an organization.",
+    "tag": "Projects",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/projects",
+    "operationId": "createProject",
+    "summary": "Create a project.",
+    "tag": "Projects",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/projects/{projectId}",
+    "operationId": "getProject",
+    "summary": "Get project details.",
+    "tag": "Projects",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "PATCH",
+    "path": "/api/organizations/{orgId}/projects/{projectId}",
+    "operationId": "updateProject",
+    "summary": "Update a project.",
+    "tag": "Projects",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}/projects/{projectId}",
+    "operationId": "deleteProject",
+    "summary": "Delete a project.",
+    "tag": "Projects",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/projects/resolve",
+    "operationId": "resolveProject",
+    "summary": "Resolve an API key to its project and organization.",
+    "tag": "Projects",
+    "params": []
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/api-keys",
+    "operationId": "listApiKeys",
+    "summary": "List API keys for a project.",
+    "tag": "API Keys",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/api-keys",
+    "operationId": "createApiKey",
+    "summary": "Create an API key.",
+    "tag": "API Keys",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "PATCH",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/api-keys/{keyId}",
+    "operationId": "revokeApiKey",
+    "summary": "Revoke an API key.",
+    "tag": "API Keys",
+    "params": [
+      "orgId",
+      "projectId",
+      "keyId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/api-keys/{keyId}",
+    "operationId": "deleteApiKey",
+    "summary": "Permanently delete an API key.",
+    "tag": "API Keys",
+    "params": [
+      "orgId",
+      "projectId",
+      "keyId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/reports",
+    "operationId": "listProjectReports",
+    "summary": "List feedback for a project.",
+    "tag": "Reports",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/feedback/{reportId}",
+    "operationId": "getReport",
+    "summary": "Get feedback details.",
+    "tag": "Reports",
+    "params": [
+      "orgId",
+      "projectId",
+      "reportId"
+    ]
+  },
+  {
+    "method": "PATCH",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/feedback/{reportId}",
+    "operationId": "updateReport",
+    "summary": "Update feedback status, priority, or assignment.",
+    "tag": "Reports",
+    "params": [
+      "orgId",
+      "projectId",
+      "reportId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/feedback/{reportId}",
+    "operationId": "deleteReport",
+    "summary": "Delete a feedback record.",
+    "tag": "Reports",
+    "params": [
+      "orgId",
+      "projectId",
+      "reportId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/reports/archive",
+    "operationId": "bulkArchiveReport",
+    "summary": "Archive multiple feedback records.",
+    "tag": "Reports",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/integrations",
+    "operationId": "listIntegrations",
+    "summary": "List integrations for an organization.",
+    "tag": "Integrations",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/integrations",
+    "operationId": "createIntegration",
+    "summary": "Create an integration.",
+    "tag": "Integrations",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/integrations/{integrationId}",
+    "operationId": "getIntegration",
+    "summary": "Get integration details.",
+    "tag": "Integrations",
+    "params": [
+      "orgId",
+      "integrationId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}/integrations/{integrationId}",
+    "operationId": "deleteIntegration",
+    "summary": "Delete an integration.",
+    "tag": "Integrations",
+    "params": [
+      "orgId",
+      "integrationId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/integrations/{integrationId}/targets",
+    "operationId": "listIntegrationTargets",
+    "summary": "List available targets (e.g. Jira projects/boards).",
+    "tag": "Integrations",
+    "params": [
+      "orgId",
+      "integrationId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/integrations/{integrationId}/test",
+    "operationId": "testIntegration",
+    "summary": "Test integration connectivity.",
+    "tag": "Integrations",
+    "params": [
+      "orgId",
+      "integrationId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/external-issues",
+    "operationId": "listExternalIssues",
+    "summary": "List external issues, optionally filtered by feedback.",
+    "tag": "External Issues",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/issue-drafts",
+    "operationId": "listIssueDrafts",
+    "summary": "List issue drafts for a project.",
+    "tag": "Issue Drafts",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/issue-drafts",
+    "operationId": "createIssueDraft",
+    "summary": "Manually create an issue draft.",
+    "tag": "Issue Drafts",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "PATCH",
+    "path": "/api/organizations/{orgId}/issue-drafts/{draftId}",
+    "operationId": "updateIssueDraft",
+    "summary": "Update an issue draft.",
+    "tag": "Issue Drafts",
+    "params": [
+      "orgId",
+      "draftId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}/issue-drafts/{draftId}",
+    "operationId": "deleteIssueDraft",
+    "summary": "Delete an issue draft.",
+    "tag": "Issue Drafts",
+    "params": [
+      "orgId",
+      "draftId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/issue-drafts/{draftId}/submit",
+    "operationId": "submitIssueDraft",
+    "summary": "Submit a draft to the configured integration.",
+    "tag": "Issue Drafts",
+    "params": [
+      "orgId",
+      "draftId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/triage",
+    "operationId": "runTriage",
+    "summary": "Run LLM-powered triage on untriaged feedback.",
+    "tag": "Triage",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/user/tokens",
+    "operationId": "listUserTokens",
+    "summary": "List personal access tokens.",
+    "tag": "User Tokens",
+    "params": []
+  },
+  {
+    "method": "POST",
+    "path": "/api/user/tokens",
+    "operationId": "createUserToken",
+    "summary": "Create a personal access token.",
+    "tag": "User Tokens",
+    "params": []
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/user/tokens/{tokenId}",
+    "operationId": "deleteUserToken",
+    "summary": "Revoke and delete a personal access token.",
+    "tag": "User Tokens",
+    "params": [
+      "tokenId"
+    ]
+  }
+];
+
+// src/scanner/cli/api.ts
+var METHODS = /* @__PURE__ */ new Set([
+  "GET",
+  "POST",
+  "PUT",
+  "PATCH",
+  "DELETE",
+  "HEAD",
+  "OPTIONS"
+]);
+var HELP = `uidex api \u2014 call the uidex API
+
+Usage:
+  uidex api <METHOD> <PATH> [flags]    Make an API request
+  uidex api --list [--tag <tag>]       List available routes
+  uidex api login                      Authenticate via browser
+  uidex api login --token <tok>        Store an auth token directly
+  uidex api status                     Check auth state
+
+Flags:
+  --body <json>       Request body (JSON string)
+  --query <params>    Query string (key=val&key2=val2)
+  --base-url <url>    Override the API base URL
+  --token <tok>       Use a specific token (instead of stored)
+  --raw               Disable JSON pretty-printing
+  --no-color          Disable colored output
+  --list              List available API routes
+  --tag <tag>         Filter --list by tag
+  --json              Emit --list as JSON
+`;
+async function runApiCommand(opts) {
+  const { positional, flags } = parseArgs(opts.argv);
+  const stdout = [];
+  const stderr = [];
+  const color = opts.color ?? (flags["no-color"] ? false : process.stdout.isTTY ?? false);
+  const ctx = { flags, opts, color, stdout, stderr };
+  const sub = positional[0];
+  if (!sub && !flags.list) {
+    stdout.push(HELP);
+    return result(0, stdout, stderr);
+  }
+  if (flags.list) return listRoutes(ctx);
+  if (sub === "help" || sub === "--help" || sub === "-h") {
+    stdout.push(HELP);
+    return result(0, stdout, stderr);
+  }
+  if (sub === "login") return runLogin(ctx);
+  if (sub === "status") return runStatus(ctx);
+  const method = sub?.toUpperCase();
+  const path10 = positional[1];
+  if (!method || !METHODS.has(method)) {
+    stderr.push(`Unknown command or method: ${sub}`);
+    stderr.push(HELP);
+    return result(1, stdout, stderr);
+  }
+  if (!path10) {
+    stderr.push("Missing path. Usage: uidex api GET /api/organizations");
+    return result(1, stdout, stderr);
+  }
+  return runRequest(ctx, method, path10);
+}
+function listRoutes(ctx) {
+  const { flags, color, stdout, stderr } = ctx;
+  let routes = API_ROUTES;
+  const tagFilter = flags.tag;
+  if (typeof tagFilter === "string") {
+    routes = routes.filter(
+      (r) => r.tag.toLowerCase() === tagFilter.toLowerCase()
+    );
+  }
+  if (flags.json) {
+    stdout.push(JSON.stringify(routes, null, 2));
+    return result(0, stdout, stderr);
+  }
+  const grouped = /* @__PURE__ */ new Map();
+  for (const r of routes) {
+    const tag = r.tag || "Other";
+    let list = grouped.get(tag);
+    if (!list) {
+      list = [];
+      grouped.set(tag, list);
+    }
+    list.push(r);
+  }
+  const methodPad = 7;
+  for (const [tag, tagRoutes] of grouped) {
+    stdout.push("");
+    stdout.push(boldText(tag, color));
+    for (const r of tagRoutes) {
+      const m = r.method.padEnd(methodPad);
+      const desc = r.summary ? dimText(` ${r.operationId} \u2014 ${r.summary}`, color) : dimText(` ${r.operationId}`, color);
+      stdout.push(`  ${m} ${r.path}${desc}`);
+    }
+  }
+  stdout.push("");
+  return result(0, stdout, stderr);
+}
+async function runLogin(ctx) {
+  const { flags, opts, color, stdout, stderr } = ctx;
+  const token = flags.token;
+  if (typeof token === "string" && token.length > 0) {
+    const storage = resolveTokenStorage(opts);
+    storage.set(token);
+    stdout.push("Token stored.");
+    return result(0, stdout, stderr);
+  }
+  return runBrowserLogin(ctx);
+}
+async function runBrowserLogin(ctx) {
+  const { flags, opts, color, stdout, stderr } = ctx;
+  const http = await import("http");
+  const crypto = await import("crypto");
+  const { exec } = await import("child_process");
+  const baseUrl = resolveBaseUrl(flags, opts);
+  const code = crypto.randomBytes(3).toString("hex").toUpperCase();
+  return new Promise((resolve7) => {
+    let settled = false;
+    const settle = (exitCode) => {
+      if (settled) return;
+      settled = true;
+      server.close();
+      clearTimeout(timeout);
+      resolve7(result(exitCode, stdout, stderr));
+    };
+    const timeout = setTimeout(() => {
+      stderr.push("Timed out waiting for browser authorization.");
+      settle(1);
+    }, 12e4);
+    const server = http.createServer((req, res) => {
+      if (!req.url?.startsWith("/callback")) {
+        res.writeHead(404);
+        res.end();
+        return;
+      }
+      const url = new URL(req.url, `http://127.0.0.1`);
+      const receivedToken = url.searchParams.get("token");
+      const receivedCode = url.searchParams.get("code");
+      if (receivedCode !== code) {
+        res.writeHead(400, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Code mismatch" }));
+        stderr.push("Received callback with mismatched code. Aborting.");
+        settle(1);
+        return;
+      }
+      if (!receivedToken) {
+        res.writeHead(400, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Missing token" }));
+        stderr.push("Received callback without token. Aborting.");
+        settle(1);
+        return;
+      }
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ ok: true }));
+      const storage = resolveTokenStorage(opts);
+      storage.set(receivedToken);
+      stdout.push(dimText("Authenticated successfully.", color));
+      settle(0);
+    });
+    server.listen(0, "127.0.0.1", () => {
+      const addr = server.address();
+      if (!addr || typeof addr === "string") {
+        stderr.push("Failed to start local server.");
+        settle(1);
+        return;
+      }
+      const port = addr.port;
+      const authUrl = `${baseUrl}/cli-auth?code=${encodeURIComponent(code)}&port=${port}`;
+      stdout.push(dimText("Opening browser to authorize...", color));
+      stdout.push("");
+      stdout.push(`  Confirmation code: ${boldText(code, color)}`);
+      stdout.push("");
+      stdout.push(
+        dimText("If the browser doesn't open, visit this URL manually:", color)
+      );
+      stdout.push(`  ${authUrl}`);
+      stdout.push("");
+      process.stdout.write(result(0, stdout, stderr).stdout);
+      stdout.length = 0;
+      openBrowser(authUrl);
+    });
+    server.on("error", (err2) => {
+      stderr.push(`Failed to start local server: ${err2.message}`);
+      settle(1);
+    });
+  });
+}
+function openBrowser(url) {
+  const { exec } = require("child_process");
+  const platform = process.platform;
+  const cmd = platform === "darwin" ? "open" : platform === "win32" ? "start" : "xdg-open";
+  exec(`${cmd} ${JSON.stringify(url)}`);
+}
+function runStatus(ctx) {
+  const { flags, opts, stdout, stderr } = ctx;
+  const storage = resolveTokenStorage(opts);
+  const baseUrl = resolveBaseUrl(flags, opts);
+  const token = storage.get();
+  stdout.push(`baseUrl: ${baseUrl}`);
+  stdout.push(`auth:    ${token ? "authenticated" : "not authenticated"}`);
+  return result(token ? 0 : 1, stdout, stderr);
+}
+async function runRequest(ctx, method, path10) {
+  const { flags, opts, color, stdout, stderr } = ctx;
+  const tokenFromFlag = flags.token;
+  const token = typeof tokenFromFlag === "string" ? tokenFromFlag : resolveTokenStorage(opts).get();
+  if (!token) {
+    stderr.push("Not authenticated. Run: uidex api login --token <value>");
+    return result(1, stdout, stderr);
+  }
+  const baseUrl = resolveBaseUrl(flags, opts);
+  const http = opts.http ?? createHttpClient({ baseUrl, token: () => token });
+  const bodyStr = typeof flags.body === "string" ? flags.body : void 0;
+  if (bodyStr !== void 0) {
+    try {
+      JSON.parse(bodyStr);
+    } catch {
+      stderr.push("Invalid JSON in --body");
+      return result(1, stdout, stderr);
+    }
+  }
+  const res = await http.request(path10, {
+    method,
+    body: bodyStr,
+    query: typeof flags.query === "string" ? flags.query : void 0
+  });
+  const isSuccess = res.status >= 200 && res.status < 300;
+  if (!isSuccess) {
+    stderr.push(formatStatus(res.status, color));
+  }
+  if (res.body !== void 0 && res.body !== null && res.body !== "") {
+    if (flags.raw) {
+      stdout.push(res.raw);
+    } else {
+      stdout.push(highlightJson(res.body, color));
+    }
+  }
+  return result(isSuccess ? 0 : 1, stdout, stderr);
+}
+function resolveTokenStorage(opts) {
+  if (opts.tokenStorage) return opts.tokenStorage;
+  const envToken = opts.env?.UIDEX_TOKEN;
+  if (envToken) return createMemoryTokenStorage(envToken);
+  return createFileTokenStorage({ path: defaultTokenPath() });
+}
+function resolveBaseUrl(flags, opts) {
+  return (typeof flags["base-url"] === "string" ? flags["base-url"] : void 0) ?? opts.baseUrl ?? opts.env?.UIDEX_API_URL ?? "https://app.uidex.dev";
+}
+function result(exitCode, stdout, stderr) {
+  return {
+    exitCode,
+    stdout: stdout.join("\n") + (stdout.length ? "\n" : ""),
+    stderr: stderr.join("\n") + (stderr.length ? "\n" : "")
+  };
+}
+
+// src/scanner/cli/cli.ts
+var argv = process.argv.slice(2);
+var command = argv[0];
+var resultP = command === "api" ? runApiCommand({ argv: argv.slice(1) }) : run({ argv });
+resultP.then(
+  (result2) => {
+    if (result2.stdout) process.stdout.write(result2.stdout);
+    if (result2.stderr) process.stderr.write(result2.stderr);
+    process.exit(result2.exitCode);
   },
   (error) => {
     process.stderr.write(