Skip to content

rfc(scope): narrow core to call-graph + agent ergonomics; demote security/a11y/css to optional plugins #279

Description

@Wolfvin

Status: RFC — keputusan PRODUCT OWNER, JANGAN eksekusi tanpa approval Wolfvin. TANPA label ready.

Mengapa

Observasi berbasis sesi audit 2026-07-13 (kode dibaca + hasil dijalankan langsung):

  1. Fondasi retak berulang — rc/trace/dead-code salah lintas bahasa berbulan (fix(callgraph): reference_count severely undercounts cross-file calls #210/fix(callgraph): extract module-top-level calls to fix rc undercount (closes #210) #219/fix(callgraph): arrow functions as object-literal values not tracked, undercounts ref_count #222/fix(trace,impact): module-level callers invisible due to synthetic source_id, inconsistent with rc #223/fix(callgraph): calls inside asyncHandler-wrapped route handlers missing from graph_edges #231). Fitur inti paling sering ditambal.
  2. Permukaan meledak, rawat tertinggal — 12 umbrella × ~40 sub-check, 13 bahasa, taint/a11y/css/vuln-scan/dashboard. Engine yatim harus "di-restore" (a11y feat(audit): restore a11y as audit --check a11y (orphaned engine since #195, same as css-deep #251) #256, css feat(audit): restore css-deep as audit --check css (orphaned engine since #195) #251, export-snapshot chore(deps): import-snapshot permanently broken since export-snapshot was dropped #218). 13 hidden-command debt (chore(commands): evaluate and resolve 13 hidden-pending commands #200 masih open). _REGISTRY_COMMANDS menggigit 2× satu sesi (chore(cli): _REGISTRY_COMMANDS auto-setup gate still lists pre-#195 leaf command names #244, fix: sarif f-string SyntaxError + _auto_setup gate regression (unmasked by #266) #270). CI rusak sejak refactor(commands): consolidate 78 commands → 12 focused commands #195 tak ketahuan (segfault menutupi 16 failure).
  3. 10 analisis kompetitor di docs/research (vs Serena/Semgrep/Repomix/Opengrep/RepoAudit/Emerge/OpenTaint/UBS/CodeGraph/UnderstandAnything) — kejar paritas 10 tool sekaligus.

Konteks

Diferensiator terkuat & paling defensible: call-graph akurat + ergonomi query agent-native (deletion_safety #238, overview #254, --lite/compact, output berbentuk LLM). security/a11y/css bersaing dgn tool spesialis matang (Semgrep/axe/stylelint) yang sulit dikalahkan proyek kecil.

Tujuan (yang diusulkan RFC untuk didiskusikan)

Constraint

Definition of Done

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions