refactor(debug-files): scan paths via shared walkFiles walker

[BYK]

What

Replace the bespoke recursive directory walker in src/lib/dif/scan.ts
(collectFiles) with the project's shared, well-tested walkFiles walker
(src/lib/scan/) — the same traversal foundation the DSN code-scanner uses.

This is a preliminary, self-contained refactor that the upcoming
debug-files upload WASM-consumption features (embedded PPDB extraction,
--il2cpp-mapping) will build on. It has no behavior change for users.

Why

walkFiles gives parallel readdir, dev:ino-based symlink-cycle detection
(sturdier than the previous visited-realpath set), AbortSignal support, and
far more test coverage than the hand-rolled walker.

Behavior preservation

walkFiles is policy-free, so its DSN-tuned defaults are explicitly overridden
to match the existing debug-file scanning contract — debug files are large
binaries that routinely live in gitignored build output (build/,
target/, Xcode DerivedData):

Option	Value	Why
respectGitignore	false	debug files live in gitignored dirs
alwaysSkipDirs	[]	default skip-dirs are build-output dirs — exactly where DIFs are
maxFileSize	Infinity	default is 256 KB; DIFs are MBs. Size gating stays in prepareDifs (format-before-size, drives oversizedCount)
followSymlinks	true	matches previous cycle-safe behavior
classifyBinary	false	see below

The deliberate format-before-size ordering that drives
PrepareDifsResult.oversizedCount is untouched and remains in prepareDifs.

New shared-walker option: classifyBinary

Adds classifyBinary?: boolean (default true, preserving current behavior) to
WalkOptions. When false, the walker skips the per-file ~8 KB NUL sniff used
to populate WalkEntry.isBinary and reports isBinary: false without reading
file contents. The DIF scanner ignores isBinary, so it opts out to avoid an
extra head-read per file on large binary trees. Also benefits other binary-tree
consumers (e.g. sourcemap discovery).

Tests

• test/lib/scan/walker.test.ts: classifyBinary: false yields a NUL blob with
  isBinary: false while the default still reports true (proves the sniff is
  skipped).
• test/lib/dif/scan.test.ts: new scanPaths traversal coverage — recursive
  discovery, explicit-file passthrough, files under .gitignore'd /
  node_modules dirs are still found (regression guard for the swap),
  overlapping-arg dedupe, symlink-cycle safety, and ENOENT → ValidationError.

Verification

pnpm run typecheck, pnpm run lint, pnpm run check:deps clean;
test/lib/scan + test/lib/dif suites pass (99 tests).

[github-actions]

PR Preview Action v1.8.1
🚀 View preview at https://cli.sentry.dev/_preview/pr-1150/
Built to branch gh-pages at 2026-06-26 20:44 UTC. Preview will be ready when the GitHub Pages deployment is complete.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit ba2848f. Configure here.}

[github-actions]

Codecov Results 📊

✅ Patch coverage is 90.00%. Project has 5123 uncovered lines.
✅ Project coverage is 81.49%. Comparing base (base) to head (head).

Files with missing lines (2)

File	Patch %	Lines
src/lib/dif/scan.ts	87.50%	⚠️ 3 Missing and 2 partials
src/lib/scan/walker.ts	100.00%	⚠️ 1 partials

Coverage diff

@@            Coverage Diff             @@
##          main       #PR       +/-##
==========================================
+ Coverage    81.46%    81.49%    +0.03%
==========================================
  Files          397       397         —
  Lines        27686     27682        -4
  Branches     17972     17980        +8
==========================================
+ Hits         22555     22559        +4
- Misses        5131      5123        -8
- Partials      1861      1862        +1

---

Generated by Codecov Action