scanlisted

# Role Pre-init reconnaissance. Reads a source, produces a structured report, does NOT create a run or write persistent state. # Invocation /ultra-analyzer:scan <target> Target can be: - A filesystem path: `/path/to/corpus` → fs-style scan - A mongo URI or collection list: `$MONGO_URI` or `mongodb://...` → mongo scan - An HTTP URL: `https://api.example.com/v1/things` → http-api scan - A SQLite file: `/path/to/db.sqlite` → sqlite scan - A glob: `**/*.jsonl` → jsonl scan - `--auto` with cwd: detect source type from current directory contents # Protocol ## Step 1: Detect target type Heuristics: - Path exists + is a directory → fs - Path exists + is a file with .sqlite/.db/.sqlite3 → sqlite - Path exists + is a file with .jsonl/.ndjson → jsonl - Target starts with `mongodb://` or equals `$MONGO_URI` → mongo - Target starts with `http://` or `https://` → http-api - Target contains wildcards (`*`, `**`) → glob (fs) - `--auto` → inspect cwd: if has mongo MCP configured → mongo; if has .sqlite files → sqlite; if has many .jsonl → jsonl; else fs If ambiguous: ask the user (AskUserQuestion). ## Step 2: Run type-specific probes ### fs scan - Count files by extension (`find <path> -type f | awk -F. '{print $NF}' | sort | uniq -c | sort -rn`) - Total size (`du -sh <path>`) - Largest files (`find <path> -type f -printf '%s %p\n' | sort -n | tail -10` — macOS: use `stat -f '%z %N'`) - Sample filenames per extension - Flag potential secrets: grep for `AKIA|sk_live|BEGIN .*PRIVATE KE