Found in BugHunter smoke #17
SurfaceMCP's vite stack returns `not_found` for every `surface_routes_for_page` call against the comprehensive-bench web surface. Result: BugHunter's form→API cross-ref (PR #175) returns 0 API tools per page, which makes the resolver useless.
Impact
- Form-driven detectors (xss_reflected, sql_injection, command_injection) can't reach the api surface's tools via form actions on the web surface
- The PR #175 design assumed page→form→api-tool resolution would work; it can't if the page registry is empty for SPA routes
Hypothesis
The vite extractor recognizes the SPA's static routes (Landing, Login, Dashboard, etc.) but doesn't build a page registry that `surface_routes_for_page` queries. Or the registry only includes pages with explicit handlers (not React-Router-defined routes).
Fix
Vite extractor should:
- Walk the React Router config in the SPA source (or src/router.tsx pattern)
- Register each route path → component mapping in the page registry
- `surface_routes_for_page(path)` returns the matched component + any forms it contains
This is the legitimate "Vite SPA forms map to component definitions" problem that PR #175's BugHunter-side resolver tried to side-step.
Priority
High — blocks PR #175's value on real-world Vite SPAs.
Found in BugHunter smoke #17
SurfaceMCP's vite stack returns `not_found` for every `surface_routes_for_page` call against the comprehensive-bench web surface. Result: BugHunter's form→API cross-ref (PR #175) returns 0 API tools per page, which makes the resolver useless.
Impact
Hypothesis
The vite extractor recognizes the SPA's static routes (Landing, Login, Dashboard, etc.) but doesn't build a page registry that `surface_routes_for_page` queries. Or the registry only includes pages with explicit handlers (not React-Router-defined routes).
Fix
Vite extractor should:
This is the legitimate "Vite SPA forms map to component definitions" problem that PR #175's BugHunter-side resolver tried to side-step.
Priority
High — blocks PR #175's value on real-world Vite SPAs.