Every Hallucinated References Audit check

An unresolved bare package import fails the production build the moment the bundler reaches the file, and if you ship via a platform that pre-builds only the routes it needs, the failure may surface mid-deploy rather than in local dev. AI models hallucinate confident-looking names from their training data — `react-icons/fi` when only `react-icons/fa` is installed, `lodash` when the codebase uses `lodash-es`, or outright typos like `expres`. Each one is a reference-integrity failure the tsconfig and bundler cannot silently paper over.

Why this severity: Critical because a single unresolved import breaks the build and blocks every deployment until it is fixed.

Path-alias hallucinations are one of the most common AI failure modes: the model writes `import { calculateTax } from '@/lib/billing/calculator'` for a file it imagined rather than a file that exists. The TypeScript compiler and the bundler both fail at the resolution step, so the build breaks and the route cannot render. Even when `tsc --noEmit` is skipped in CI, runtime imports via dynamic `import()` throw `Cannot find module` the first time the code path executes in production.

Why this severity: High because an unresolved alias breaks the build or crashes the route at runtime, though a passing `tsc` step catches it before deploy.

A stale lockfile is a reference-integrity failure at the supply-chain layer (SLSA 1.0 L1): the declared dependency exists in `package.json` but has no pinned version in the lockfile, so every fresh install can resolve a different version — including one with a known CVE that your pinned version avoided. Beyond security, the presence of two competing lockfiles (`package-lock.json` + `yarn.lock`) is a distinct AI confusion signal that indicates the model switched package managers mid-session, leaving the project with contradictory resolution graphs that CI will handle unpredictably.

Why this severity: High because unpinned transitive dependencies silently admit supply-chain version drift that can introduce security regressions across deploys.

A missing asset or codegen output fails the bundler the moment it tries to inline the file, so `import logo from './logo.svg'` with no `logo.svg` on disk hard-stops the build. AI tools commonly write import statements for images, stylesheets, and Prisma/GraphQL-Codegen outputs that were never created — the codegen case is especially subtle because the file exists locally after `npm run dev` but the CI step skips the generator and fails. Either way the deploy breaks.

Why this severity: High because unresolved asset or codegen imports break the build in CI even when the local dev server runs clean.

This is a narrow AI confusion where the model treats a tsconfig alias prefix like `@` as though it were a published package name, writing `import { Foo } from '@'` with no path after the prefix. The resolver cannot match it against `node_modules/@` (which does not exist) or against the alias (which requires a path). The result is a module-not-found error at build time and a blank route if the bad import survives into a dynamic chunk.

Why this severity: Low because the pattern is rare and the bundler error points directly at the offending line.

A client that fetches `/api/user/profile` when the server only defines `/api/users/me` returns 404 on every call in production — and AI tools are specifically prone to inventing plausible-sounding endpoints that do not exist. The user sees a loading spinner that never resolves, or a silent data-load failure that reads as a blank page. This is reference-integrity at the API boundary and it aligns directly with OWASP A05 (Security Misconfiguration) when the 404 exposes stack traces.

Why this severity: Critical because a broken fetch URL produces a user-visible 404 on every call and silently corrupts every page that depends on the data.

A client calls `fetch('/api/posts', { method: 'DELETE' })` but the route handler at `app/api/posts/route.ts` only exports `GET` and `POST`. Next.js and every other App Router framework respond with HTTP 405 Method Not Allowed — the server is reachable, the path resolves, but the method is refused. This is a reference-integrity failure that neither the bundler nor tsc can catch because HTTP methods are stringly-typed, and the error only surfaces when the user clicks the delete button.

Why this severity: High because a 405 response breaks a user-facing action at runtime and no build step catches the mismatch.

Broken internal hrefs turn into visible 404s the moment a user clicks a nav item — they are the most common user-facing symptom of AI hallucination because the model names a page from its training intuition rather than your routing tree. `<Link href='/dashbord'>` will silently deploy, get indexed by crawlers, and then 404 every visitor who lands on it. Reference integrity at the navigation layer is load-bearing for crawlability and for bounce rate on marketing pages.

Why this severity: High because every broken internal href is a 404 a user can trigger by clicking, and search engines penalize the domain for it.

Programmatic navigation to a non-existent route is worse UX than a static link to a non-existent route: the user clicks a button, takes a deliberate action, and ends up on a 404 with no breadcrumb back to where they were. `router.push('/admin/users')` when no `app/admin/users/page.tsx` exists is the exact shape of this failure. It breaks post-signup flows, post-payment redirects, and admin dashboards — all critical journeys the audit fixtures test.

Why this severity: High because a bad router.push during a critical flow strands the user on a 404 mid-journey after they took an action.

Next.js App Router route handlers that export non-conventional names — `handler`, `default`, `loader` — are silently ignored by the framework. The file appears to have an endpoint but HTTP requests return 405 Method Not Allowed or fall through to the next handler with no warning, no build error, and no runtime log. This reference-integrity gap makes the failure invisible: your API contract says the route exists, but no code runs. The taxon `code-quality` understates the operational impact — a hallucinated export name deletes the handler entirely from the request lifecycle.

Why this severity: Medium because the route silently stops working rather than exposing a security vulnerability, but the debugging surface is near-zero without knowing the allowlist.

A middleware matcher like `/api/legacy/:path*` that has no matching route files forces the runtime to execute the entire middleware function for every request that happens to hit that prefix — or worse, wastes edge-function invocations on paths that always 404. The matcher is reference-integrity at the routing-configuration layer: it declares an intent the codebase cannot honor. In high-traffic apps this inflates the edge bill and makes debugging a 404 harder because the middleware still runs first.

Why this severity: Medium because dangling matchers waste edge invocations and obscure 404 debugging but do not break the build.

A `metadata` export inside a `'use client'` page is one of the most common silent failures in AI-generated Next.js code: the model writes both directives in the same file, Next.js drops the metadata without any warning, and the page ships with no `<title>` or `<meta description>`. The same applies to `generateStaticParams` placed in a component file — it runs nowhere. CWE-489 (Active Debug Code) maps loosely, but the practical harm is SEO blackout and broken static generation — neither of which surfaces in development because the app still renders.

Why this severity: Medium because the failure is silent data loss (missing metadata, skipped static params) rather than a security vulnerability, but it directly harms SEO and deployment correctness.

A hallucinated table name is one of the clearest markers of AI-generated database code: the model invents a plausible name (`userProfile`, `user_profiles`) that differs from the actual schema (`users`, `profiles`). Prisma throws `Cannot read property 'findMany' of undefined` at runtime — a hard crash. Supabase returns a PostgREST 404 or an empty result set, which can silently suppress data that the application treats as authoritative. In both cases the failure mode is a runtime data-layer outage tied directly to reference-integrity drift (CWE-1188, OWASP A08: Software and Data Integrity Failures). The mismatch is undetectable at build time in Supabase projects unless type generation is wired into CI.

Why this severity: Critical because a single unresolved table reference crashes the affected code path at runtime — Prisma hard-throws, Supabase silently returns no data — with no compile-time safety net in most stacks.

A hallucinated column name is subtler than a hallucinated table name and more dangerous in Supabase projects: Prisma's TypeScript client will flag unknown field names at compile time if types are regenerated, but Supabase's PostgREST API silently ignores an unrecognized column in `.select()` — returning a result set with the column omitted and no error. An unrecognized column in `.eq('avatarUrl', ...)` makes the filter a no-op, so the query returns all rows instead of the intended subset. This is an OWASP A08 data-integrity failure that can expose records to the wrong user if the broken filter was access-gating data.

Why this severity: High because a silent no-op filter in Supabase can expose data to unauthorized callers — the query succeeds but returns the wrong rows.

An undocumented environment variable is a reference to something that may not exist on the deployment target. CWE-798 covers hardcoded credentials, but the inverse failure — a credential variable that is referenced but never defined — is equally damaging: on a fresh Vercel or Railway deploy, `process.env.STRIPE_SECRET_KEY` is `undefined`, and the Stripe client silently initializes with no key, causing every payment request to fail with a confusing API error rather than a startup crash. OWASP A05 (Security Misconfiguration) covers this class of deployment-time misconfiguration. The `env-vars-documented` check enforces reference-integrity between code and its runtime configuration contract.

Why this severity: High because an undocumented env var causes silent `undefined` substitution at runtime, turning every dependent call into a misconfiguration failure that may bypass security checks or crash payment flows.

A Zod schema exported but never called at runtime is not input validation — it is type decoration. The taxons `placeholder-hygiene` and `injection-and-input-trust` both apply: the AI wrote a schema to satisfy the appearance of security (OWASP A03: Injection), but the validation never executes, so arbitrary input reaches database writes, file operations, and downstream systems unchanged. CWE-20 (Improper Input Validation) is the direct mapping. This is the canonical AI security-theater pattern: the codebase looks hardened because schemas exist, but `CreateUserSchema.parse()` is never called on any entry-point body.

Why this severity: Critical because a defined-but-never-invoked schema provides zero protection — every API route that relies on it accepts arbitrary input, enabling injection and data corruption.

A reference like `config.stripe.priceIds.pro` that does not exist in the config object evaluates to `undefined` at runtime, which then propagates into a Stripe API call as `{ price: undefined }` and produces a confusing `No such price` error in logs — not a crash at the config call site. Reference integrity at the configuration layer matters because the failure surfaces far downstream, often in a webhook handler where the original intent is lost. AI tools invent config keys confidently.

Why this severity: Low because the failure only surfaces in code paths that exercise the bad key, though the downstream error can be misleading.

A GraphQL operation that queries `User.emailAddress` when the schema defines `User.email` fails at request time with a schema validation error — the server returns an errors array, the client receives no data, and the page renders whatever skeleton state you wrote for the loading case. Reference integrity between operation and schema is exactly what GraphQL Codegen was built to enforce, and AI tools writing queries without running codegen introduce this drift on nearly every new query.

Why this severity: Info because GraphQL validation errors surface cleanly in logs and codegen eliminates the class of bug entirely.

A hallucinated RPC function name is more disruptive than a hallucinated table name: Supabase `.rpc()` calls to non-existent functions return a PostgREST 404 error immediately rather than an empty result set, causing hard failures in dashboards, analytics, and any server action that delegates business logic to the database. This is a reference-integrity gap (OWASP A08) specific to Supabase projects where the AI correctly patterns the `.rpc()` call but invents the function name. Unlike missing tables, there is no partial fallback — the entire call fails, and the error message (`function get_dashboard_data() does not exist`) requires knowing to look in migration SQL to diagnose.

Why this severity: Critical because RPC calls to non-existent functions fail with an immediate 404 error — there is no silent fallback, and every caller of that code path is broken at runtime.

A missing file under `public/` — a hero image, a logo, a web font — renders as a broken image icon, a ghosted logo slot, or a fallback system font in production. None of these fail the build; they degrade the first paint silently. AI tools frequently reference `/images/hero.png` or `/fonts/Inter.woff2` that were never committed to `public/`, and the failure only surfaces when a designer or customer notices the missing asset days later.

Why this severity: Medium because missing public assets ship silently and degrade the visual polish of every page that references them.

A `<link rel="icon" href="/favicon-32.png">` pointing at a file that does not exist returns 404 on the browser's favicon request, which in turn shows a default globe icon in the tab and logs a 404 in analytics for every page view. The missing icon is cosmetic but persistent: once a browser caches the 404 it does not retry for hours, so the fix does not show up immediately even after the file is added.

Why this severity: Info because a missing favicon is purely cosmetic and browser-cached but shows up in 404 analytics on every page.

A `metadata.openGraph.images = '/og.png'` referencing a file that does not exist means every share of the URL to Slack, Twitter, LinkedIn, or iMessage produces a blank preview card — the link unfurls as bare text rather than an image, and organic social click-through collapses. This is a reference-integrity failure with direct marketing impact, and AI tools confidently hardcode `/og.png` into layouts without ever creating the file.

Why this severity: Low because missing OG images degrade share previews but do not break the page or the build.

An OS-specific absolute path hardcoded in source is a machine-identity leak (CWE-426: Untrusted Search Path) and a guaranteed deployment failure: `/Users/dev/project/data/seed.json` works on one laptop and nowhere else — not in CI, not in Docker, not on a teammate's machine. The taxon `operational-readiness` frames this correctly: the code was never tested outside the original development environment. AI models frequently emit absolute paths because they pattern-match on the developer's stated project location during the session, then embed that path literally into file reads, seed scripts, and config loaders.

Why this severity: Medium because the broken path causes a hard runtime crash on any non-originating machine, but it does not expose data or enable unauthorized access.

A Stripe price ID (`price_1AbC...`) hardcoded in an API route handler means the same literal string is duplicated across every checkout flow the AI generated. When the price changes — plan restructuring, annual pricing, regional variants — every scattered reference must be found and updated manually, with no guarantee they all match. CWE-798 applies because the same pattern that scatters price IDs also scatters webhook secrets (`whsec_*`), which must never appear as literals. OWASP A05 (Security Misconfiguration) covers the broader class: configuration that belongs in a single source of truth spread across the codebase is a maintenance and security misconfiguration by definition.

Why this severity: Medium because scattered price IDs create update-coherence failures and mask webhook secret leaks — the business impact is pricing drift and potential secret exposure rather than immediate data breach.

An `@import './variables.css'` or `url('/fonts/Inter.woff2')` pointing at a file that does not exist produces no build error in most setups — the bundler emits a warning, the missing font falls back to the system default, and the broken background shows as a color block. The regression is invisible in code review and invisible in the build log, but the rendered page loses the typography and visuals the design system intended. AI-generated CSS especially drifts this way when the model hallucinates font filenames.

Why this severity: Medium because broken CSS references silently degrade fonts and layouts without a build-time error.