refactor: Remove all type aliases and wrapper functions from callgraph package (#379)

* refactor: Remove all type aliases and wrapper functions from callgraph package

Complete cleanup of backward compatibility layer in callgraph package.
All external consumers now use proper sub-package imports.

**Deleted (26 files):**
- Type aliases: types.go, statement.go, taint_summary.go
- Wrapper functions: builder.go, patterns.go, registry.go
- All other alias/wrapper files (imports.go, callsites.go, cfg.go, etc.)
- 10 test files testing private functions

**Updated external consumers:**
- cmd package (6 files): Use registry.BuildModuleRegistry(), builder.BuildCallGraph()
- dsl package (8 files): Use core.CallGraph, core.CallSite
- diagnostic package: Use extraction.ParsePythonFile(), cfg.BuildCFG(), taint.AnalyzeIntraProceduralTaint()

**Created:**
- graph/callgraph/doc.go: Comprehensive package documentation
- graph/callgraph/integration.go: Public API (InitializeCallGraph, AnalyzePatterns)

**Test updates:**
- Updated 10+ test files with correct package imports
- Removed test files for internal/private functions

All tests passing, build successful, linting clean.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* fix: Add source and sink code snippets to analyze command output

The analyze command was not displaying source and sink code snippets.
Updated AnalyzePatterns() to look up call site locations and read code
snippets from the source files.

Changes:
- Look up source/sink locations from CallSites in the call graph
- Read code snippets from source files using new getCodeSnippet() helper
- Properly convert Line (int) to SourceLine/SinkLine (uint32)

Example output now includes:
   Source: test.vulnerable() calls builtins.input()
           at /tmp/test_project/test.py:2
              2 | user_input = input("Enter: ")

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* test: Add comprehensive tests for integration.go (98% coverage)

Added test coverage for callgraph integration functions:
- InitializeCallGraph: Tests initialization with various scenarios
- AnalyzePatterns: Tests security pattern detection and code snippet population
- getCodeSnippet: Tests code snippet extraction from files

Coverage improvements:
- integration.go: 6.66% → 98.0%
- InitializeCallGraph: 88.9%
- AnalyzePatterns: 100.0%
- getCodeSnippet: 100.0%

All tests passing, linting clean.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

---------

Co-authored-by: Claude <[email protected]>

Author: shivasurya

sourcecode-parser/cmd/ci.go

@@ -9,7 +9,9 @@ import (
 	sarif "github.com/owenrumney/go-sarif/v2/sarif"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/dsl"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph"
-	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/builder"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/registry"
 	"github.com/spf13/cobra"
 )
 
@@ -53,15 +55,15 @@ Examples:
 
 		// Build module registry
 		log.Printf("Building module registry...\n")
-		registry, err := callgraph.BuildModuleRegistry(projectPath)
+		moduleRegistry, err := registry.BuildModuleRegistry(projectPath)
 		if err != nil {
 			log.Printf("Warning: failed to build module registry: %v\n", err)
-			registry = callgraph.NewModuleRegistry()
+			moduleRegistry = core.NewModuleRegistry()
 		}
 
 		// Build callgraph
 		log.Printf("Building callgraph...\n")
-		cg, err := callgraph.BuildCallGraph(codeGraph, registry, projectPath)
+		cg, err := builder.BuildCallGraph(codeGraph, moduleRegistry, projectPath)
 		if err != nil {
 			return fmt.Errorf("failed to build callgraph: %w", err)
 		}

sourcecode-parser/cmd/query.go

@@ -6,7 +6,9 @@ import (
 
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/dsl"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph"
-	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/builder"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/registry"
 	"github.com/spf13/cobra"
 )
 
@@ -45,15 +47,15 @@ Examples:
 
 		// Build module registry
 		log.Printf("Building module registry...\n")
-		registry, err := callgraph.BuildModuleRegistry(projectPath)
+		moduleRegistry, err := registry.BuildModuleRegistry(projectPath)
 		if err != nil {
 			log.Printf("Warning: failed to build module registry: %v\n", err)
-			registry = callgraph.NewModuleRegistry()
+			moduleRegistry = core.NewModuleRegistry()
 		}
 
 		// Build callgraph
 		log.Printf("Building callgraph...\n")
-		cg, err := callgraph.BuildCallGraph(codeGraph, registry, projectPath)
+		cg, err := builder.BuildCallGraph(codeGraph, moduleRegistry, projectPath)
 		if err != nil {
 			return fmt.Errorf("failed to build callgraph: %w", err)
 		}

sourcecode-parser/cmd/resolution_report.go

@@ -6,9 +6,12 @@ import (
 
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"
 	"github.com/spf13/cobra"
 )
 
+// Note: callgraph.InitializeCallGraph is used from the callgraph root package integration
+
 var resolutionReportCmd = &cobra.Command{
 	Use:   "resolution-report",
 	Short: "Generate a diagnostic report on call resolution statistics",
@@ -79,7 +82,7 @@ type resolutionStatistics struct {
 	FailuresByReason map[string]int                // Category -> count
 	PatternCounts    map[string]int                // Target pattern -> count
 	FrameworkCounts  map[string]int                // Framework prefix -> count (for external_framework category)
-	UnresolvedByFQN  map[string]callgraph.CallSite // For detailed inspection
+	UnresolvedByFQN  map[string]core.CallSite // For detailed inspection
 
 	// Phase 2: Type inference statistics
 	TypeInferenceResolved  int            // Calls resolved via type inference
@@ -100,12 +103,12 @@ type resolutionStatistics struct {
 }
 
 // aggregateResolutionStatistics analyzes the call graph and collects statistics.
-func aggregateResolutionStatistics(cg *callgraph.CallGraph) *resolutionStatistics {
+func aggregateResolutionStatistics(cg *core.CallGraph) *resolutionStatistics {
 	stats := &resolutionStatistics{
 		FailuresByReason:       make(map[string]int),
 		PatternCounts:          make(map[string]int),
 		FrameworkCounts:        make(map[string]int),
-		UnresolvedByFQN:        make(map[string]callgraph.CallSite),
+		UnresolvedByFQN:        make(map[string]core.CallSite),
 		TypesBySource:          make(map[string]int),
 		ConfidenceDistribution: make(map[string]int),
 		StdlibByModule:         make(map[string]int),

sourcecode-parser/cmd/resolution_report_test.go

@@ -3,7 +3,7 @@ package cmd
 import (
 	"testing"
 
-	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -12,31 +12,31 @@ import (
 
 func TestAggregateResolutionStatistics(t *testing.T) {
 	// Create a mock call graph with various call sites
-	cg := callgraph.NewCallGraph()
+	cg := core.NewCallGraph()
 
 	// Add resolved call sites
-	cg.AddCallSite("test.func1", callgraph.CallSite{
+	cg.AddCallSite("test.func1", core.CallSite{
 		Target:    "print",
 		Resolved:  true,
 		TargetFQN: "builtins.print",
 	})
 
 	// Add unresolved call sites with different failure reasons
-	cg.AddCallSite("test.func2", callgraph.CallSite{
+	cg.AddCallSite("test.func2", core.CallSite{
 		Target:        "models.ForeignKey",
 		Resolved:      false,
 		TargetFQN:     "django.db.models.ForeignKey",
 		FailureReason: "external_framework",
 	})
 
-	cg.AddCallSite("test.func3", callgraph.CallSite{
+	cg.AddCallSite("test.func3", core.CallSite{
 		Target:        "Task.objects.filter",
 		Resolved:      false,
 		TargetFQN:     "tasks.models.Task.objects.filter",
 		FailureReason: "orm_pattern",
 	})
 
-	cg.AddCallSite("test.func4", callgraph.CallSite{
+	cg.AddCallSite("test.func4", core.CallSite{
 		Target:        "response.json",
 		Resolved:      false,
 		TargetFQN:     "response.json",
@@ -161,26 +161,26 @@ func TestDetermineStdlibType(t *testing.T) {
 
 func TestAggregateResolutionStatistics_WithStdlib(t *testing.T) {
 	// Create a mock call graph with stdlib call sites
-	cg := callgraph.NewCallGraph()
+	cg := core.NewCallGraph()
 
 	// Add stdlib resolved via builtin registry
-	cg.AddCallSite("test.func1", callgraph.CallSite{
+	cg.AddCallSite("test.func1", core.CallSite{
 		Target:     "getcwd",
 		Resolved:   true,
 		TargetFQN:  "os.getcwd",
 		TypeSource: "builtin",
 	})
 
 	// Add stdlib resolved via annotation
-	cg.AddCallSite("test.func2", callgraph.CallSite{
+	cg.AddCallSite("test.func2", core.CallSite{
 		Target:     "dumps",
 		Resolved:   true,
 		TargetFQN:  "json.dumps",
 		TypeSource: "stdlib_annotation",
 	})
 
 	// Add stdlib resolved via type inference
-	cg.AddCallSite("test.func3", callgraph.CallSite{
+	cg.AddCallSite("test.func3", core.CallSite{
 		Target:                   "Path",
 		Resolved:                 true,
 		TargetFQN:                "pathlib.Path",
@@ -189,7 +189,7 @@ func TestAggregateResolutionStatistics_WithStdlib(t *testing.T) {
 	})
 
 	// Add non-stdlib resolved call
-	cg.AddCallSite("test.func4", callgraph.CallSite{
+	cg.AddCallSite("test.func4", core.CallSite{
 		Target:    "myfunction",
 		Resolved:  true,
 		TargetFQN: "myproject.utils.myfunction",

sourcecode-parser/cmd/scan.go

@@ -8,7 +8,9 @@ import (
 
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/dsl"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph"
-	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/builder"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/registry"
 	"github.com/spf13/cobra"
 )
 
@@ -52,16 +54,16 @@ Examples:
 
 		// Step 2: Build module registry
 		log.Printf("Building module registry...\n")
-		registry, err := callgraph.BuildModuleRegistry(projectPath)
+		moduleRegistry, err := registry.BuildModuleRegistry(projectPath)
 		if err != nil {
 			log.Printf("Warning: failed to build module registry: %v\n", err)
 			// Create empty registry as fallback
-			registry = callgraph.NewModuleRegistry()
+			moduleRegistry = core.NewModuleRegistry()
 		}
 
 		// Step 3: Build callgraph
 		log.Printf("Building callgraph...\n")
-		cg, err := callgraph.BuildCallGraph(codeGraph, registry, projectPath)
+		cg, err := builder.BuildCallGraph(codeGraph, moduleRegistry, projectPath)
 		if err != nil {
 			return fmt.Errorf("failed to build callgraph: %w", err)
 		}
@@ -105,7 +107,7 @@ Examples:
 	},
 }
 
-func countTotalCallSites(cg *callgraph.CallGraph) int {
+func countTotalCallSites(cg *core.CallGraph) int {
 	total := 0
 	for _, sites := range cg.CallSites {
 		total += len(sites)

sourcecode-parser/cmd/scan_test.go

@@ -7,7 +7,7 @@ import (
 	"testing"
 
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/dsl"
-	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -25,28 +25,28 @@ func createTestRuleScan(id, name, severity, cwe, owasp, description string) dsl.
 
 func TestCountTotalCallSites(t *testing.T) {
 	t.Run("counts call sites across all functions", func(t *testing.T) {
-		cg := callgraph.NewCallGraph()
-		cg.CallSites["func1"] = []callgraph.CallSite{
-			{Target: "foo", Location: callgraph.Location{Line: 10}},
-			{Target: "bar", Location: callgraph.Location{Line: 20}},
+		cg := core.NewCallGraph()
+		cg.CallSites["func1"] = []core.CallSite{
+			{Target: "foo", Location: core.Location{Line: 10}},
+			{Target: "bar", Location: core.Location{Line: 20}},
 		}
-		cg.CallSites["func2"] = []callgraph.CallSite{
-			{Target: "baz", Location: callgraph.Location{Line: 30}},
+		cg.CallSites["func2"] = []core.CallSite{
+			{Target: "baz", Location: core.Location{Line: 30}},
 		}
 
 		total := countTotalCallSites(cg)
 		assert.Equal(t, 3, total)
 	})
 
 	t.Run("returns zero for empty callgraph", func(t *testing.T) {
-		cg := callgraph.NewCallGraph()
+		cg := core.NewCallGraph()
 		total := countTotalCallSites(cg)
 		assert.Equal(t, 0, total)
 	})
 
 	t.Run("handles function with no call sites", func(t *testing.T) {
-		cg := callgraph.NewCallGraph()
-		cg.CallSites["func1"] = []callgraph.CallSite{}
+		cg := core.NewCallGraph()
+		cg.CallSites["func1"] = []core.CallSite{}
 		total := countTotalCallSites(cg)
 		assert.Equal(t, 0, total)
 	})

sourcecode-parser/diagnostic/analyzer.go

@@ -5,7 +5,9 @@ import (
 	"strings"
 
 	sitter "github.com/smacker/go-tree-sitter"
-	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/analysis/taint"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/extraction"
 )
 
 // FunctionTaintResult represents the structured taint analysis result for a single function.
@@ -82,7 +84,7 @@ func AnalyzeSingleFunction(
 
 	// Parse function source code
 	sourceCode := []byte(fn.SourceCode)
-	tree, err := callgraph.ParsePythonFile(sourceCode)
+	tree, err := extraction.ParsePythonFile(sourceCode)
 	if err != nil {
 		result.AnalysisError = true
 		result.ErrorMessage = fmt.Sprintf("Parse error: %v", err)
@@ -98,18 +100,18 @@ func AnalyzeSingleFunction(
 	}
 
 	// Extract statements (using existing logic from statement_extraction.go)
-	statements, err := callgraph.ExtractStatements(fn.FilePath, sourceCode, functionNode)
+	statements, err := extraction.ExtractStatements(fn.FilePath, sourceCode, functionNode)
 	if err != nil {
 		result.AnalysisError = true
 		result.ErrorMessage = fmt.Sprintf("Statement extraction error: %v", err)
 		return result, nil
 	}
 
 	// Build def-use chains (using existing logic from statement.go)
-	defUseChain := callgraph.BuildDefUseChains(statements)
+	defUseChain := core.BuildDefUseChains(statements)
 
 	// Run taint analysis (using existing logic from taint.go)
-	taintSummary := callgraph.AnalyzeIntraProceduralTaint(
+	taintSummary := taint.AnalyzeIntraProceduralTaint(
 		fn.FQN,
 		statements,
 		defUseChain,

sourcecode-parser/diagnostic/analyzer_test.go

@@ -3,7 +3,7 @@ package diagnostic
 import (
 	"testing"
 
-	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/extraction"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -131,7 +131,7 @@ def function_two():
     pass
 `)
 
-	tree, err := callgraph.ParsePythonFile(sourceCode)
+	tree, err := extraction.ParsePythonFile(sourceCode)
 	require.NoError(t, err)
 	require.NotNil(t, tree)
 

sourcecode-parser/dsl/call_matcher.go

@@ -3,17 +3,17 @@ package dsl
 import (
 	"strings"
 
-	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"
 )
 
 // CallMatcherExecutor executes call_matcher IR against callgraph.
 type CallMatcherExecutor struct {
 	IR        *CallMatcherIR
-	CallGraph *callgraph.CallGraph
+	CallGraph *core.CallGraph
 }
 
 // NewCallMatcherExecutor creates a new executor.
-func NewCallMatcherExecutor(ir *CallMatcherIR, cg *callgraph.CallGraph) *CallMatcherExecutor {
+func NewCallMatcherExecutor(ir *CallMatcherIR, cg *core.CallGraph) *CallMatcherExecutor {
 	return &CallMatcherExecutor{
 		IR:        ir,
 		CallGraph: cg,
@@ -33,8 +33,8 @@ func NewCallMatcherExecutor(ir *CallMatcherIR, cg *callgraph.CallGraph) *CallMat
 //   C = avg call sites per function (~5-10)
 //   P = number of patterns (~2-5)
 // Typical: 1000 functions * 7 calls * 3 patterns = 21,000 comparisons (fast!)
-func (e *CallMatcherExecutor) Execute() []callgraph.CallSite {
-	matches := []callgraph.CallSite{}
+func (e *CallMatcherExecutor) Execute() []core.CallSite {
+	matches := []core.CallSite{}
 
 	// Iterate over all functions' call sites
 	for _, callSites := range e.CallGraph.CallSites {
@@ -49,7 +49,7 @@ func (e *CallMatcherExecutor) Execute() []callgraph.CallSite {
 }
 
 // matchesCallSite checks if a call site matches any pattern.
-func (e *CallMatcherExecutor) matchesCallSite(cs *callgraph.CallSite) bool {
+func (e *CallMatcherExecutor) matchesCallSite(cs *core.CallSite) bool {
 	target := cs.Target
 
 	for _, pattern := range e.IR.Patterns {
@@ -103,7 +103,7 @@ func (e *CallMatcherExecutor) matchesPattern(target, pattern string) bool {
 
 // CallMatchResult represents a match with additional context.
 type CallMatchResult struct {
-	CallSite    callgraph.CallSite
+	CallSite    core.CallSite
 	MatchedBy   string // Which pattern matched
 	FunctionFQN string // Which function contains this call
 	SourceFile  string // Which file
@@ -132,7 +132,7 @@ func (e *CallMatcherExecutor) ExecuteWithContext() []CallMatchResult {
 }
 
 // getMatchedPattern returns which pattern matched (or empty string if no match).
-func (e *CallMatcherExecutor) getMatchedPattern(cs *callgraph.CallSite) string {
+func (e *CallMatcherExecutor) getMatchedPattern(cs *core.CallSite) string {
 	for _, pattern := range e.IR.Patterns {
 		if e.matchesPattern(cs.Target, pattern) {
 			return pattern