Phase 3: Flow generator with interactive HTML drill-down UI

New features:
- FlowEngine core library (CLI/API/MCP/UI all call same methods)
- 5 views: overview, ci, deploy, runtime, auth
- 3 renderers: Mermaid, JSON, interactive HTML
- Self-contained HTML with dark/light theme, click-to-drill navigation
- CLI: code-intelligence flow [--view] [--format mermaid|json|html]
- Bundle integration: flow.html auto-included in bundles

New detectors:
- GitLab CI (.gitlab-ci.yml): stages, jobs, needs, extends, tools
- Enhanced Dockerfile: multi-stage builds, COPY --from, ARG

Output consistency: FlowDiagram is single source of truth.
All consumers get identical data, only format changes.

76 detectors, 639 tests, 32KB interactive HTML, zero server needed.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: aksOps

README.md

@@ -20,11 +20,11 @@
   <a href="https://github.com/RandomCodeSpace/code-iq/security/dependabot"><img src="https://img.shields.io/badge/dependabot-enabled-brightgreen?style=flat-square&logo=dependabot&logoColor=white" alt="Dependabot enabled"></a>
   <a href="https://github.com/RandomCodeSpace/code-iq/security/code-scanning"><img src="https://img.shields.io/badge/CodeQL-enabled-brightgreen?style=flat-square&logo=github&logoColor=white" alt="CodeQL"></a>
   <!-- DYNAMIC:vulnerabilities --><a href="https://github.com/RandomCodeSpace/code-iq/security/dependabot"><img src="https://img.shields.io/badge/vulnerabilities-0-brightgreen?style=flat-square&logo=hackthebox&logoColor=white" alt="0 Vulnerabilities"></a><!-- /DYNAMIC:vulnerabilities -->
-  <!-- DYNAMIC:detectors --><a href="https://github.com/RandomCodeSpace/code-iq"><img src="https://img.shields.io/badge/detectors-75-brightgreen?style=flat-square&logo=codefactor&logoColor=white" alt="75 Detectors"></a><!-- /DYNAMIC:detectors -->
+  <!-- DYNAMIC:detectors --><a href="https://github.com/RandomCodeSpace/code-iq"><img src="https://img.shields.io/badge/detectors-76-brightgreen?style=flat-square&logo=codefactor&logoColor=white" alt="76 Detectors"></a><!-- /DYNAMIC:detectors -->
   <!-- DYNAMIC:languages --><a href="https://github.com/RandomCodeSpace/code-iq"><img src="https://img.shields.io/badge/languages-35-blue?style=flat-square&logo=stackblitz&logoColor=white" alt="35 Languages"></a><!-- /DYNAMIC:languages -->
-  <!-- DYNAMIC:tests --><a href="https://github.com/RandomCodeSpace/code-iq"><img src="https://img.shields.io/badge/tests-565%20passed-brightgreen?style=flat-square&logo=pytest&logoColor=white" alt="565 passed Tests"></a><!-- /DYNAMIC:tests -->
-  <!-- DYNAMIC:files --><a href="https://github.com/RandomCodeSpace/code-iq"><img src="https://img.shields.io/badge/files-226-informational?style=flat-square&logo=files&logoColor=white" alt="226 Files"></a><!-- /DYNAMIC:files -->
-  <!-- DYNAMIC:loc --><a href="https://github.com/RandomCodeSpace/code-iq"><img src="https://img.shields.io/badge/LOC-25%2C736-informational?style=flat-square&logo=codacy&logoColor=white" alt="25,736 Loc"></a><!-- /DYNAMIC:loc -->
+  <!-- DYNAMIC:tests --><a href="https://github.com/RandomCodeSpace/code-iq"><img src="https://img.shields.io/badge/tests-639%20passed-brightgreen?style=flat-square&logo=pytest&logoColor=white" alt="639 passed Tests"></a><!-- /DYNAMIC:tests -->
+  <!-- DYNAMIC:files --><a href="https://github.com/RandomCodeSpace/code-iq"><img src="https://img.shields.io/badge/files-238-informational?style=flat-square&logo=files&logoColor=white" alt="238 Files"></a><!-- /DYNAMIC:files -->
+  <!-- DYNAMIC:loc --><a href="https://github.com/RandomCodeSpace/code-iq"><img src="https://img.shields.io/badge/LOC-27%2C365-informational?style=flat-square&logo=codacy&logoColor=white" alt="27,365 Loc"></a><!-- /DYNAMIC:loc -->
 </p>
 
 ---

src/code_intelligence/cli.py

@@ -386,6 +386,14 @@ def bundle(
             from code_intelligence.output.serializers import JsonSerializer
             zf.writestr("graph/graph.json", JsonSerializer().serialize(model))
 
+        # Include interactive flow HTML
+        try:
+            from code_intelligence.flow.engine import FlowEngine
+            flow_html = FlowEngine(result.graph).render_interactive()
+            zf.writestr("flow.html", flow_html)
+        except Exception:
+            pass  # Flow generation is optional in bundles
+
     result.graph.close()
 
     console.print(f"Bundle created: [bold]{output}[/bold]")
@@ -617,5 +625,39 @@ def _unprotected_fallback(store) -> list[dict]:
     ]
 
 
+@app.command()
+def flow(
+    path: Annotated[Path, typer.Argument(help="Path to analyzed codebase")] = Path("."),
+    view: Annotated[str, typer.Option("--view", "-v", help="View: overview, ci, deploy, runtime, auth")] = "overview",
+    format: Annotated[str, typer.Option("--format", "-f", help="Format: mermaid, json, html")] = "mermaid",
+    backend: Annotated[str, typer.Option("--backend", "-b", help="Graph backend")] = "networkx",
+    output: Annotated[Optional[Path], typer.Option("--output", "-o", help="Output file path")] = None,
+    config: Annotated[Optional[Path], typer.Option("--config", "-c")] = None,
+) -> None:
+    """Generate architecture flow diagrams."""
+    store = _load_graph_backend(path, backend, config)
+
+    from code_intelligence.flow.engine import FlowEngine
+    engine = FlowEngine(store)
+
+    if format == "html":
+        content = engine.render_interactive()
+        out_path = output or Path("flow.html")
+        out_path.write_text(content)
+        console.print(f"Interactive flow diagram saved to [bold]{out_path}[/bold]")
+        size_kb = out_path.stat().st_size / 1024
+        console.print(f"   Size: {size_kb:.1f} KB — open in any browser, no server needed")
+    else:
+        diagram = engine.generate(view)
+        content = engine.render(diagram, format)
+        if output:
+            output.write_text(content)
+            console.print(f"Flow diagram ({view}) saved to [bold]{output}[/bold]")
+        else:
+            console.print(content)
+
+    store.close()
+
+
 if __name__ == "__main__":
     app()

src/code_intelligence/detectors/config/gitlab_ci.py

@@ -0,0 +1,216 @@
+"""GitLab CI pipeline detector for .gitlab-ci.yml definitions."""
+
+from __future__ import annotations
+
+from typing import Any
+
+from code_intelligence.detectors.base import DetectorContext, DetectorResult
+from code_intelligence.models.graph import (
+    EdgeKind,
+    GraphEdge,
+    GraphNode,
+    NodeKind,
+    SourceLocation,
+)
+
+_GITLAB_CI_KEYWORDS = frozenset({
+    "stages",
+    "variables",
+    "default",
+    "workflow",
+    "include",
+    "image",
+    "services",
+    "before_script",
+    "after_script",
+    "cache",
+})
+
+_TOOL_KEYWORDS = (
+    "docker",
+    "helm",
+    "kubectl",
+    "terraform",
+    "maven",
+    "gradle",
+    "npm",
+    "pip",
+)
+
+
+def _is_gitlab_ci_file(ctx: DetectorContext) -> bool:
+    """Check whether the file is a GitLab CI configuration file."""
+    return ctx.file_path.endswith(".gitlab-ci.yml")
+
+
+def _detect_tools(scripts: list[Any]) -> list[str]:
+    """Scan script lines for known tool keywords."""
+    tools: list[str] = []
+    for line in scripts:
+        line_str = str(line)
+        for tool in _TOOL_KEYWORDS:
+            if tool in line_str and tool not in tools:
+                tools.append(tool)
+    return tools
+
+
+class GitLabCIDetector:
+    """Detects stages, jobs, dependencies, and tool usage from GitLab CI YAML files."""
+
+    name: str = "gitlab_ci"
+    supported_languages: tuple[str, ...] = ("yaml",)
+
+    def detect(self, ctx: DetectorContext) -> DetectorResult:
+        result = DetectorResult()
+
+        if not _is_gitlab_ci_file(ctx):
+            return result
+
+        if not ctx.parsed_data:
+            return result
+
+        data = ctx.parsed_data.get("data")
+        if not isinstance(data, dict):
+            return result
+
+        fp = ctx.file_path
+        pipeline_id = f"gitlab:{fp}:pipeline"
+
+        # Pipeline MODULE node
+        result.nodes.append(GraphNode(
+            id=pipeline_id,
+            kind=NodeKind.MODULE,
+            label=f"pipeline:{fp}",
+            fqn=pipeline_id,
+            module=ctx.module_name,
+            location=SourceLocation(file_path=fp),
+            properties={"pipeline_file": fp},
+        ))
+
+        # Stages
+        stages = data.get("stages")
+        if isinstance(stages, list):
+            for stage_name in stages:
+                stage_str = str(stage_name)
+                result.nodes.append(GraphNode(
+                    id=f"gitlab:{fp}:stage:{stage_str}",
+                    kind=NodeKind.CONFIG_KEY,
+                    label=f"stage:{stage_str}",
+                    module=ctx.module_name,
+                    location=SourceLocation(file_path=fp),
+                    properties={"stage": stage_str},
+                ))
+
+        # Include directives
+        includes = data.get("include")
+        if includes is not None:
+            if isinstance(includes, str):
+                includes = [includes]
+            if isinstance(includes, list):
+                for inc in includes:
+                    if isinstance(inc, str):
+                        target = inc
+                    elif isinstance(inc, dict):
+                        target = inc.get("local") or inc.get("file") or inc.get("template") or str(inc)
+                    else:
+                        target = str(inc)
+                    result.edges.append(GraphEdge(
+                        source=pipeline_id,
+                        target=str(target),
+                        kind=EdgeKind.IMPORTS,
+                        label=f"includes {target}",
+                    ))
+
+        # Collect job names first for edge resolution
+        job_names: list[str] = []
+        for key in data:
+            key_str = str(key)
+            if key_str in _GITLAB_CI_KEYWORDS:
+                continue
+            val = data[key]
+            if isinstance(val, dict):
+                job_names.append(key_str)
+
+        job_ids: dict[str, str] = {}
+        for name in job_names:
+            job_ids[name] = f"gitlab:{fp}:job:{name}"
+
+        # Process each job
+        for job_name in job_names:
+            job_def = data[job_name]
+            job_id = job_ids[job_name]
+
+            props: dict[str, Any] = {}
+
+            # Stage property
+            stage_val = job_def.get("stage")
+            if stage_val is not None:
+                props["stage"] = str(stage_val)
+
+            # Image property
+            image_val = job_def.get("image")
+            if image_val is not None:
+                props["image"] = str(image_val)
+
+            # Script tool detection
+            scripts = job_def.get("script")
+            if isinstance(scripts, list):
+                tools = _detect_tools(scripts)
+                if tools:
+                    props["tools"] = tools
+
+            # Job METHOD node
+            result.nodes.append(GraphNode(
+                id=job_id,
+                kind=NodeKind.METHOD,
+                label=job_name,
+                fqn=job_id,
+                module=ctx.module_name,
+                location=SourceLocation(file_path=fp),
+                properties=props,
+            ))
+
+            # CONTAINS edge: pipeline -> job
+            result.edges.append(GraphEdge(
+                source=pipeline_id,
+                target=job_id,
+                kind=EdgeKind.CONTAINS,
+                label=f"pipeline contains job {job_name}",
+            ))
+
+            # needs: dependencies
+            needs = job_def.get("needs")
+            if isinstance(needs, str):
+                needs = [needs]
+            if isinstance(needs, list):
+                for dep in needs:
+                    # needs can be a string or a dict with "job" key
+                    if isinstance(dep, dict):
+                        dep_str = str(dep.get("job", ""))
+                    else:
+                        dep_str = str(dep)
+                    if dep_str and dep_str in job_ids:
+                        result.edges.append(GraphEdge(
+                            source=job_id,
+                            target=job_ids[dep_str],
+                            kind=EdgeKind.DEPENDS_ON,
+                            label=f"job {job_name} needs {dep_str}",
+                        ))
+
+            # extends: template inheritance
+            extends = job_def.get("extends")
+            if extends is not None:
+                if isinstance(extends, str):
+                    extends = [extends]
+                if isinstance(extends, list):
+                    for parent in extends:
+                        parent_str = str(parent)
+                        if parent_str in job_ids:
+                            result.edges.append(GraphEdge(
+                                source=job_id,
+                                target=job_ids[parent_str],
+                                kind=EdgeKind.EXTENDS,
+                                label=f"job {job_name} extends {parent_str}",
+                            ))
+
+        return result

src/code_intelligence/detectors/iac/dockerfile.py

@@ -18,6 +18,8 @@
 _EXPOSE_RE = re.compile(r'^EXPOSE\s+(\d+)', re.MULTILINE)
 _ENV_RE = re.compile(r'^ENV\s+(\w+)[=\s]', re.MULTILINE)
 _LABEL_RE = re.compile(r'^LABEL\s+(\S+)=', re.MULTILINE)
+_COPY_FROM_RE = re.compile(r'COPY\s+--from=(\w+)', re.MULTILINE | re.IGNORECASE)
+_ARG_RE = re.compile(r'^ARG\s+(\w+)', re.MULTILINE)
 
 
 
@@ -32,6 +34,10 @@ def detect(self, ctx: DetectorContext) -> DetectorResult:
         text = decode_text(ctx)
 
         stages: dict[str, str] = {}  # stage alias -> base image
+        stage_node_ids: dict[str, str] = {}  # stage alias -> node id
+        # Ordered list of (start_offset, node_id) for determining current stage
+        from_offsets: list[tuple[int, str]] = []
+        stage_order = 0
 
         # Detect FROM instructions (base image dependencies)
         for m in _FROM_RE.finditer(text):
@@ -44,7 +50,7 @@ def detect(self, ctx: DetectorContext) -> DetectorResult:
                 stages[alias] = image
 
             # Parse image name and tag
-            props: dict[str, str] = {"image": image}
+            props: dict[str, str | int] = {"image": image}
             if ":" in image and not image.startswith("$"):
                 img_name, tag = image.rsplit(":", 1)
                 props["image_name"] = img_name
@@ -54,10 +60,18 @@ def detect(self, ctx: DetectorContext) -> DetectorResult:
 
             if alias:
                 props["stage_alias"] = alias
+                props["build_stage"] = alias
+
+            props["stage_order"] = stage_order
+            stage_order += 1
 
             node_id = f"docker:{ctx.file_path}:from:{image}"
             label = f"FROM {image}" + (f" AS {alias}" if alias else "")
 
+            if alias:
+                stage_node_ids[alias] = node_id
+            from_offsets.append((m.start(), node_id))
+
             result.nodes.append(GraphNode(
                 id=node_id,
                 kind=NodeKind.INFRA_RESOURCE,
@@ -79,6 +93,24 @@ def detect(self, ctx: DetectorContext) -> DetectorResult:
                 label=f"{ctx.file_path} depends on image {image}",
             ))
 
+        # Detect COPY --from instructions (multi-stage build dependencies)
+        for m in _COPY_FROM_RE.finditer(text):
+            source_stage = m.group(1)
+            if source_stage in stage_node_ids:
+                # Find the current stage (most recent FROM before this COPY)
+                current_node_id = None
+                for offset, nid in reversed(from_offsets):
+                    if offset < m.start():
+                        current_node_id = nid
+                        break
+                if current_node_id and current_node_id != stage_node_ids[source_stage]:
+                    result.edges.append(GraphEdge(
+                        source=current_node_id,
+                        target=stage_node_ids[source_stage],
+                        kind=EdgeKind.DEPENDS_ON,
+                        label=f"COPY --from={source_stage}",
+                    ))
+
         # Detect EXPOSE instructions (exposed ports)
         for m in _EXPOSE_RE.finditer(text):
             port = m.group(1)
@@ -130,4 +162,21 @@ def detect(self, ctx: DetectorContext) -> DetectorResult:
                 properties={"label_key": label_key},
             ))
 
+        # Detect ARG instructions (build arguments)
+        for m in _ARG_RE.finditer(text):
+            arg_name = m.group(1)
+            line = find_line_number(text, m.start())
+
+            result.nodes.append(GraphNode(
+                id=f"docker:{ctx.file_path}:arg:{arg_name}",
+                kind=NodeKind.CONFIG_DEFINITION,
+                label=f"ARG {arg_name}",
+                module=ctx.module_name,
+                location=SourceLocation(
+                    file_path=ctx.file_path,
+                    line_start=line,
+                ),
+                properties={"arg_name": arg_name},
+            ))
+
         return result