typescript-decompiler/docs/phase-docs/phase-2-overview.md

Phase 2 — dependency identification and externalization

Goal

Shrink the app-authored surface by identifying vendored third-party code, recording package-match decisions, and externalizing only high-confidence matches while preserving safe fallbacks.

Scripts

• scripts/identify-dependencies.js
• scripts/externalize-dependencies.js

Inputs

• --manifest <runs/<id>/manifest.json>
• --segments <runs/<id>/segments.jsonl>
• --bundle <bundle.js> optional
• optional npm metadata, tarballs, or CDN mirrors
• optional runtime traces

Responsibilities

1. score vendored candidates using static evidence first
2. use runtime evidence only as a tie-breaker
3. record accepted, rejected, and unresolved decisions in machine-readable manifests
4. externalize accepted dependencies only
5. preserve bundled fallback code so execution remains safe

Release-oriented requirements

• dependency decisions should be reusable across nearby upstream snapshots when hashes and evidence remain compatible
• dependency reports should feed the compact upstream summary for published releases
• do not block later phases on perfect package-version recovery

Verification

• verify accepted matches externalize cleanly
• verify unresolved matches stay in the bundled fallback path
• confirm dependency decisions are deterministic for the same ingest output