Project Overview

Legacy CRM & Auth System — Last analysis run 3/22/2026, 2:30:00 PM

Detected Languages

PHP, SQL, JS

Risk Score

78/100

Dead Code Count

4,850 lines

Issue Count

84 findings

Modules Discovered

5 modules

AI Confidence Level

82%

Pipeline Status

Live

scan Step

14:00

completed

[scan]Indexing symbols...

[scan]Scan complete.

analyze Step

14:03

completed

[analyze]Found 45 dead code candidates

[analyze]Analysis complete.

pseudo Step

14:11

completed

[pseudo]Mapping source traceability...

[pseudo]Pseudo build complete.

diagram Step

14:28

running

[diagram]Generating entity relationship diagram...

[diagram]Processing Request Flow: Auth...

generate Step

14:28

pending

Terminal Output

[2026-03-22 14:00:01] INFO bidi scan initiated...

[2026-03-22 14:02:15] SUCCESS Scan complete. 147 files indexed.

[2026-03-22 14:03:00] INFO Analyzing modules...

[2026-03-22 14:04:12] WARN Potential SQLi detected in src/auth/login.php

[2026-03-22 14:05:45] WARN Unused function format_date_old found.

$ bidi diagrams build --from pseudo

[2026-03-22 14:28:10] RUN Generating module graph...

[2026-03-22 14:28:35] RUN Generating entity relationship diagram...

[2026-03-22 14:28:55] RUN Processing Request Flow: Auth...

➜_

Module Risk Hotspots

Authentication85%

Billing & Invoicing70%

Reporting Engine40%

Admin Dashboard55%

Background Jobs65%

AI CopilotBeta

Hello! I'm your AI modernization copilot. I have context on your legacy CRM codebase. How can I help you today?

Explain the billing flow and identify the 3 riskiest assumptions.

The billing flow in your legacy PHP app is primarily centered around `src/billing/invoice_gen.php`. **Flow Overview:** 1. A cron job triggers the billing run. 2. It fetches all active subscriptions using a large raw SQL join. 3. For each customer, it calculates the usage and generates a PDF using a legacy library. 4. It calls the Stripe API (v2015-04-07) to process payments. **Riskiest Assumptions:** - **Database Consistency:** The SQL query assumes that all records in `subscriptions` have a matching `customer_id` in the `users` table, but there are no foreign keys in the legacy schema. - **API Availability:** The Stripe API call is synchronous and lacks a retry mechanism. If Stripe is down, the billing run fails mid-way without recording progress. - **Concurrency:** The billing run is not idempotent. Running it twice on the same day will double-charge customers.

#repo#analysis#pseudo