Improve tool/config surface detection for missed agent signals

[EgemennSahin]

Problem

The agent repo lab found source files and framework config that look like agent-relevant surfaces but were not represented strongly enough in the scan map. These are missed signals, not vulnerabilities in the tested repos.

Evidence from tested repos

From .agentdiff/agent-repo-lab/latest/report.md:

• langchain-ai/agents-from-scratch-ts: langgraph.json (LangGraph config file)
• vercel-labs/github-tools: packages/github-tools/src/types.ts (AI SDK import; agent operation vocabulary)
• vercel-labs/github-tools: apps/chat/nuxt.config.ts (AI tool definition syntax)
• vercel-labs/github-tools: apps/chat/server/workflows/chat.ts (AI SDK import; state-changing or tool-like operation name; agent operation vocabulary)
• langchain-ai/langgraphjs: libs/sdk-vue/src/selectors.ts (AI tool definition syntax; state-changing or tool-like operation name; agent operation vocabulary)

Lab context:

• 7/10 repos scanned
• 0 crashes
• 23 useful findings
• 46 missed signals
• 3/3 useful synthetic PR tests

Proposed fix

Add narrow detectors for common JS/TS agent framework files and tool definitions that appeared in the lab evidence:

• LangGraph config files such as langgraph.json
• Mastra runtime/config/index files where they establish agents, tools, or workflows
• AI SDK tool-definition syntax such as tool(...), defineTool, createTool, tools:, and schema-like tool declarations
• OpenAI/Anthropic tool schema definitions where they are local repo surfaces

Keep this evidence-based and scoped. Do not build a universal analyzer.

Acceptance criteria

• npm test passes.
• npm run lab:agent-repos still has 0 crashes.
• At least one cited missed signal is now represented as an agent-relevant surface or entrypoint evidence.
• Report wording calls these agent-relevant surfaces, not bugs or vulnerabilities.
• Docs/tests/config are not promoted to action-required unless configured or reachable from runtime agent code.

Non-goals

• No live model calls.
• No dependency installs in external repos.
• No Python/Java import graph work.
• No broad TypeScript compiler integration.
• No claims that the cited external repos are unsafe.

[EgemennSahin]

Implemented in 23b32c4.

What changed:

• Added narrow framework_config detection for langgraph.json and Mastra runtime paths under src/mastra/index.*, src/mastra/agents, src/mastra/tools, and src/mastra/workflows.
• Added ai_sdk_tool detection for tool syntax: tool(...), createTool(...), defineTool(...), tools:, parameters:, execute:, AI SDK Tool type imports, and the cited AI SDK import + agent factory pattern.
• Added tool_schema detection for OpenAI/Anthropic-style schemas: type: "function", function: { name, parameters }, and input_schema.
• Kept docs/tests/config downrank precedence intact; docs examples still resolve as docs_example.
• Updated the agent repo lab missed-signal heuristic so fixed syntax does not keep appearing as a missed signal.
• Added focused tests for each detector.

Verification:

• npm test passed.
• npm run lab:agent-repos passed.

Lab before/after:

• Before: 7/10 repos scanned, 0 crashes, 23 useful findings, 1 noisy finding, 46 missed signals, 3/3 useful synthetic PR tests.
• After: 7/10 repos scanned, 0 crashes, 23 useful findings, 1 noisy finding, 29 missed signals, 3/3 useful synthetic PR tests.

Cited evidence now represented in maps:

• langchain-ai/agents-from-scratch-ts: langgraph.json -> agent_entrypoint/framework_config.
• vercel-labs/github-tools: packages/github-tools/src/types.ts -> tool_definition/ai_sdk_tool.
• vercel-labs/github-tools: apps/chat/server/workflows/chat.ts -> tool_definition/ai_sdk_tool, reachable from apps/chat/server/api/workflow/chats/[id].post.ts.
• langchain-ai/langgraphjs: libs/sdk-vue/src/selectors.ts -> tool_definition/ai_sdk_tool.
• cometchat/ai-agent-mastra-examples: src/mastra/index.ts files -> agent_entrypoint/framework_config.

No external repos were modified, no live models were run, and no dependencies were installed in tested repos.

[EgemennSahin]

The fix is now available through the moving v0 action channel.

Recommended:
uses: agentdiff-ai/agentdiff@v0

The v0 tag currently points to 0150538, which includes 23b32c4.
Closing this issue.

[EgemennSahin]

Closing now that the fix is available through @v0.