Skip to content

refactor(commands): deprecate artifact-scan, merge into binary-scan (closes #98)#102

Merged
Wolfvin merged 1 commit into
mainfrom
refactor/issue-98-merge-artifact-binary-scan
Jun 30, 2026
Merged

refactor(commands): deprecate artifact-scan, merge into binary-scan (closes #98)#102
Wolfvin merged 1 commit into
mainfrom
refactor/issue-98-merge-artifact-binary-scan

Conversation

@Wolfvin

@Wolfvin Wolfvin commented Jun 30, 2026

Copy link
Copy Markdown
Owner

Summary

Closes #98.

artifact-scan and binary-scan overlapped — both scanned compiled/built artifacts with the same output shape, but binary-scan was already the superset (it adds MIME-signature detection and a Tauri/Electron analysis hook). This PR finishes the merge: binary-scan is now a strict superset of what artifact-scan used to do, and artifact-scan becomes a deprecated alias that delegates to binary-scan.

No capability is lost. No CLI invocation breaks.

What changed

scripts/commands/binary_scan.py (merged logic)

The former artifact-scan logic was ported into binary_scan.py so binary-scan now also performs:

  • Minified / bundled file detection (.min.js, .min.css, .bundle.js, .chunk.js, .vendor.js, .runtime.js) with has_source_map, source_file, line_count, avg_line_length, obfuscation_hint metadata.
  • Source map detection + (in --deep mode) JSON parsing that extracts sources, source_count, names_count, names_sample, version, source_root, ignored_sources (x_google_ignoreList).
  • Built output directory detection (dist/, build/, out/, .next/, .nuxt/, bin/, target/, output/, release/, pkg/, compiled/, bundle/).
  • WASM deep analysis (--deep): section scan + export/import name extraction, with bounds-checked seeking so a 100 MB module is handled in constant time. All safety guarantees (50-section cap, EOF bounds check, no-progress break) preserved.
  • --deep flag for enhanced reverse-engineering analysis (source-map JSON parsing, WASM export/import extraction, sourceMappingURL discovery in minified files).
  • Persists results to .codelens/artifacts.json (ported from artifact-scan).
  • reverse_engineering_mode: True and deep_scan markers in the output.

The pre-#98 binary-scan capabilities are all preserved:

  • MIME-signature detection for extensionless binaries (ELF, PE, Mach-O, ZIP, GZIP, WASM) — still in findings with detection_method: "signature".
  • findings, stats.files_scanned, stats.total_artifacts, stats.total_size_bytes, stats.by_category, recommendations keys unchanged.
  • Tauri/Electron analysis hook (scan_tauri_artifacts) unchanged.
  • Positional workspace arg unchanged.

The artifact-scan-style keys (binaries, minified_files, source_maps, wasm_modules, built_dirs, stats.binaries, stats.minified_files, stats.source_maps, stats.wasm_modules, stats.built_output_dirs) are added alongside, making the output a true superset.

scripts/commands/artifact_scan.py (deprecated alias)

Now a thin wrapper (~55 lines). When invoked:

  1. Prints DEPRECATED: Use binary-scan instead to stderr.
  2. Delegates to binary_scan.execute(args, workspace) — calls the handler directly with the same args namespace, so the output is identical to binary-scan.

The module still registers the artifact-scan command (so the command count stays 64 and existing scripts / MCP clients keep working). Its execute function remains defined in artifact_scan.py (satisfies test_every_command_module_registers).

scripts/commands/ask.py (consistency sweep)

The ask command's internal dispatcher previously called cmd_artifact_scan for artifact-scan queries. Updated to call cmd_binary_scan instead, so the natural-language path stays consistent with the CLI surface.

How deprecation works

artifact_scan.execute(args, workspace):

  1. print("DEPRECATED: Use binary-scan instead", file=sys.stderr)
  2. from commands import binary_scan; return binary_scan.execute(args, workspace)

It calls binary-scan's handler function directly (not the CLI subprocess), passing the same args namespace. This means:

  • No subprocess overhead.
  • The output is byte-for-byte identical to binary-scan (verified by diffing — the only difference is the CLI-injected deep_analysis_hint field which embeds the invoked command name, which is expected).
  • --deep and positional workspace args work transparently.

Verification

Capability preservation (superset proof)

Ran both commands against a fixture containing a valid .wasm (with export section), .min.js (with sourceMappingURL), .min.js.map (source map JSON), .so (ELF), and .pyc in a dist/ directory:

Field artifact-scan (before) binary-scan (after) Match
reverse_engineering_mode true true
deep_scan true true
built_dirs ["dist"] ["dist"]
len(binaries) 3 3
len(minified_files) 1 1
len(source_maps) 1 1
len(wasm_modules) 1 1
WASM exports ["add (function)"] ["add (function)"]
Source map deep parse keys 8 keys 8 keys (identical)
Minified file metadata 7 keys 7 keys (identical)

All artifact-scan top-level keys are present in binary-scan. binary-scan adds findings (pre-#98 key). All artifact-scan stats keys are present; binary-scan adds by_category, files_scanned, total_size_bytes.

Deprecation warning

$ codelens artifact-scan /tmp/re_fixture --deep
DEPRECATED: Use binary-scan instead          ← stderr
{ ... identical to binary-scan output ... }  ← stdout

Test suite

  • Baseline (origin/main, before changes): 788 passed, 87 skipped
  • Post-fix (this branch): 788 passed, 87 skipped
  • No regressions. test_command_registry.py and test_command_count.py both pass (command count stays 64).

Command count

python scripts/codelens.py --command-count64 (unchanged — artifact-scan stays registered as an alias). sync_command_count.py --apply reports all docs in sync.

Files changed

  • scripts/commands/binary_scan.py — merged artifact-scan logic (WASM analysis, source-map parsing, minified-file detection, built-dir detection, --deep flag, .codelens/artifacts.json persistence, merged recommendations). +822 / -33 lines.
  • scripts/commands/artifact_scan.py — reduced to deprecated alias that delegates to binary_scan.execute. +35 / -565 lines.
  • scripts/commands/ask.py — updated artifact-scan dispatch to call cmd_binary_scan. +5 / -2 lines.

Backward compatibility

  • codelens binary-scan [workspace] — unchanged behavior (same keys, same args). The output is now a superset (more findings on repos with built dirs, plus the artifact-scan-style keys).
  • codelens binary-scan [workspace] --deep — new optional flag; existing invocations without --deep behave exactly as before.
  • codelens artifact-scan [workspace] [--deep] — still works, prints deprecation warning, delegates to binary-scan.

Findings

  • scripts/commands/ask.py:622 previously imported cmd_artifact_scan directly. Updated to import cmd_binary_scan — this was the only cross-module caller of the old function. No other references to cmd_artifact_scan remain.
  • The CLI post-processing block in codelens.py (lines 1140-1196) adds deep_analysis: false and deep_analysis_hint: "--deep not yet supported for <command>" when --deep is passed to a command not in {dead-code, query, impact, smell, complexity}. This affects both artifact-scan and binary-scan (pre- and post-merge). This is pre-existing behavior and out of scope for [REFACTOR] Merge artifact-scan into binary-scan — redundant commands with overlapping scope #98 — the --deep flag on these commands performs reverse-engineering deep analysis (source maps, WASM), not hybrid LSP analysis, which is a separate concept. Left unchanged.

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@sonarqubecloud

Copy link
Copy Markdown

@Wolfvin Wolfvin merged commit 7c2b68d into main Jun 30, 2026
2 of 8 checks passed
@Wolfvin Wolfvin deleted the refactor/issue-98-merge-artifact-binary-scan branch July 1, 2026 06:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[REFACTOR] Merge artifact-scan into binary-scan — redundant commands with overlapping scope

1 participant