@atlashub/smartstack-mcp 1.17.0 → 1.20.0

package/dist/index.js

@@ -82,10 +82,10 @@ import { stat, mkdir, readFile, writeFile, cp, rm } from "fs/promises";
 import path from "path";
 import { glob } from "glob";
 var FileSystemError = class extends Error {
-  constructor(message, operation, path26, cause) {
+  constructor(message, operation, path27, cause) {
     super(message);
     this.operation = operation;
-    this.path = path26;
+    this.path = path27;
     this.cause = cause;
     this.name = "FileSystemError";
   }
@@ -189,6 +189,288 @@ async function findFiles(pattern, options = {}) {
   return files;
 }
 
+// src/types/index.ts
+import { z } from "zod";
+var ProjectConfigSchema = z.object({
+  projectType: z.enum(["client", "platform"]).default("platform"),
+  dbContext: z.enum(["core", "extensions"]).default("core"),
+  baseNamespace: z.string().optional(),
+  smartStackVersion: z.string().optional(),
+  initialized: z.string().optional()
+});
+var SmartStackConfigSchema = z.object({
+  projectPath: z.string(),
+  apiUrl: z.string().url().optional(),
+  apiEnabled: z.boolean().default(true)
+});
+var ConventionsConfigSchema = z.object({
+  schemas: z.object({
+    platform: z.string().default("core"),
+    extensions: z.string().default("extensions")
+  }),
+  tablePrefixes: z.array(z.string()).default([
+    "auth_",
+    "nav_",
+    "usr_",
+    "ai_",
+    "cfg_",
+    "wkf_",
+    "support_",
+    "entra_",
+    "ref_",
+    "loc_",
+    "lic_"
+  ]),
+  scopeTypes: z.array(z.string()).default(["Core", "Extension", "Partner", "Community"]),
+  migrationFormat: z.string().default("{context}_v{version}_{sequence}_{Description}"),
+  namespaces: z.object({
+    domain: z.string(),
+    application: z.string(),
+    infrastructure: z.string(),
+    api: z.string()
+  }),
+  servicePattern: z.object({
+    interface: z.string().default("I{Name}Service"),
+    implementation: z.string().default("{Name}Service")
+  })
+});
+var EfCoreContextSchema = z.object({
+  name: z.string(),
+  projectPath: z.string(),
+  migrationsFolder: z.string().default("Migrations")
+});
+var EfCoreConfigSchema = z.object({
+  contexts: z.array(EfCoreContextSchema),
+  validation: z.object({
+    checkModelSnapshot: z.boolean().default(true),
+    checkMigrationOrder: z.boolean().default(true),
+    requireBuildSuccess: z.boolean().default(true)
+  })
+});
+var ScaffoldingConfigSchema = z.object({
+  outputPath: z.string(),
+  templates: z.object({
+    service: z.string(),
+    entity: z.string(),
+    controller: z.string(),
+    component: z.string()
+  })
+});
+var ConfigSchema = z.object({
+  version: z.string(),
+  smartstack: SmartStackConfigSchema,
+  conventions: ConventionsConfigSchema,
+  efcore: EfCoreConfigSchema,
+  scaffolding: ScaffoldingConfigSchema,
+  // Loaded from .smartstack/config.json if present
+  projectConfig: ProjectConfigSchema.optional(),
+  // Resolved DbContext to use (from projectConfig or default)
+  defaultDbContext: z.enum(["core", "extensions"]).default("core")
+});
+var ValidateConventionsInputSchema = z.object({
+  path: z.string().optional().describe("Project path to validate (default: SmartStack.app path)"),
+  checks: z.array(z.enum(["tables", "migrations", "services", "namespaces", "entities", "tenants", "controllers", "layouts", "tabs", "hierarchies", "protected-actions", "all"])).default(["all"]).describe("Types of checks to perform")
+});
+var CheckMigrationsInputSchema = z.object({
+  projectPath: z.string().optional().describe("EF Core project path"),
+  branch: z.string().optional().describe("Git branch to check (default: current)"),
+  compareBranch: z.string().optional().describe("Branch to compare against")
+});
+var EntityPropertySchema = z.object({
+  name: z.string().describe("Property name (PascalCase)"),
+  type: z.string().describe("C# type (string, int, Guid, DateTime, etc.)"),
+  required: z.boolean().optional().describe("If true, property is required"),
+  maxLength: z.number().optional().describe("Max length for string properties")
+});
+var ScaffoldExtensionInputSchema = z.object({
+  type: z.enum(["feature", "service", "entity", "controller", "component", "test", "dto", "validator", "repository"]).describe('Type of extension to scaffold. Use "feature" for full-stack generation.'),
+  name: z.string().describe('Name of the extension (e.g., "UserProfile", "Order")'),
+  options: z.object({
+    namespace: z.string().optional().describe("Custom namespace"),
+    baseEntity: z.string().optional().describe("Base entity to extend (for entity type)"),
+    methods: z.array(z.string()).optional().describe("Methods to generate (for service type)"),
+    outputPath: z.string().optional().describe("Custom output path"),
+    isSystemEntity: z.boolean().optional().describe("If true, creates a system entity without TenantId"),
+    tablePrefix: z.string().optional().describe('Domain prefix for table name (e.g., "auth_", "nav_", "cfg_")'),
+    schema: z.enum(["core", "extensions"]).optional().describe("Database schema (default: core)"),
+    dryRun: z.boolean().optional().describe("If true, preview generated code without writing files"),
+    skipService: z.boolean().optional().describe("For feature type: skip service generation"),
+    skipController: z.boolean().optional().describe("For feature type: skip controller generation"),
+    skipComponent: z.boolean().optional().describe("For feature type: skip React component generation"),
+    clientExtension: z.boolean().optional().describe("If true, use extensions schema for client-specific code"),
+    withTests: z.boolean().optional().describe("For feature type: also generate unit tests"),
+    withDtos: z.boolean().optional().describe("For feature type: generate DTOs (Create, Update, Response)"),
+    withValidation: z.boolean().optional().describe("For feature type: generate FluentValidation validators"),
+    withRepository: z.boolean().optional().describe("For feature type: generate repository pattern"),
+    entityProperties: z.array(EntityPropertySchema).optional().describe("Entity properties for DTO/Validator generation"),
+    navRoute: z.string().optional().describe('Navigation route path for controller (e.g., "platform.administration.users"). Required for controllers.'),
+    navRouteSuffix: z.string().optional().describe('Optional suffix for NavRoute (e.g., "dashboard" for sub-resources)'),
+    withHierarchyFunction: z.boolean().optional().describe("For entity type with self-reference (ParentId): generate TVF SQL script for hierarchy traversal"),
+    hierarchyDirection: z.enum(["ancestors", "descendants", "both"]).optional().describe("Direction for hierarchy traversal function (default: both)")
+  }).optional()
+});
+var ApiDocsInputSchema = z.object({
+  endpoint: z.string().optional().describe('Filter by endpoint path (e.g., "/api/users")'),
+  format: z.enum(["markdown", "json", "openapi"]).default("markdown").describe("Output format"),
+  controller: z.string().optional().describe("Filter by controller name")
+});
+var SuggestMigrationInputSchema = z.object({
+  description: z.string().describe('Description of what the migration does (e.g., "Add User Profiles", "Create Orders Table")'),
+  context: z.enum(["core", "extensions"]).optional().describe("DbContext name (default: core)"),
+  version: z.string().optional().describe('Semver version (e.g., "1.0.0", "1.2.0"). If not provided, uses latest from existing migrations.')
+});
+var GeneratePermissionsInputSchema = z.object({
+  navRoute: z.string().optional().describe('NavRoute path (e.g., "platform.administration.entra"). If not provided, scans all controllers.'),
+  actions: z.array(z.string()).optional().describe("Custom actions to generate (default: read, create, update, delete)"),
+  includeStandardActions: z.boolean().default(true).describe("Include standard CRUD actions (read, create, update, delete)"),
+  generateMigration: z.boolean().default(true).describe("Generate EF Core migration to seed permissions in database"),
+  dryRun: z.boolean().default(false).describe("Preview without writing files or creating migration")
+});
+var TestTypeSchema = z.enum(["unit", "integration", "security", "e2e"]);
+var TestTargetSchema = z.enum(["entity", "service", "controller", "validator", "repository", "all"]);
+var ScaffoldTestsInputSchema = z.object({
+  target: TestTargetSchema.describe("Type of component to test"),
+  name: z.string().min(1).describe('Component name (PascalCase, e.g., "User", "Order")'),
+  testTypes: z.array(TestTypeSchema).default(["unit"]).describe("Types of tests to generate"),
+  options: z.object({
+    includeEdgeCases: z.boolean().default(true).describe("Include edge case tests"),
+    includeTenantIsolation: z.boolean().default(true).describe("Include tenant isolation tests"),
+    includeSoftDelete: z.boolean().default(true).describe("Include soft delete tests"),
+    includeAudit: z.boolean().default(true).describe("Include audit trail tests"),
+    includeValidation: z.boolean().default(true).describe("Include validation tests"),
+    includeAuthorization: z.boolean().default(false).describe("Include authorization tests"),
+    includePerformance: z.boolean().default(false).describe("Include performance tests"),
+    entityProperties: z.array(EntityPropertySchema).optional().describe("Entity properties for test generation"),
+    isSystemEntity: z.boolean().default(false).describe("If true, entity has no TenantId"),
+    dryRun: z.boolean().default(false).describe("Preview without writing files")
+  }).optional()
+});
+var AnalyzeTestCoverageInputSchema = z.object({
+  path: z.string().optional().describe("Project path to analyze"),
+  scope: z.enum(["entity", "service", "controller", "all"]).default("all").describe("Scope of analysis"),
+  outputFormat: z.enum(["summary", "detailed", "json"]).default("summary").describe("Output format"),
+  includeRecommendations: z.boolean().default(true).describe("Include recommendations for missing tests")
+});
+var ValidateTestConventionsInputSchema = z.object({
+  path: z.string().optional().describe("Project path to validate"),
+  checks: z.array(z.enum(["naming", "structure", "patterns", "assertions", "mocking", "all"])).default(["all"]).describe("Types of convention checks to perform"),
+  autoFix: z.boolean().default(false).describe("Automatically fix minor issues")
+});
+var SuggestTestScenariosInputSchema = z.object({
+  target: z.enum(["entity", "service", "controller", "file"]).describe("Type of target to analyze"),
+  name: z.string().min(1).describe("Component name or file path"),
+  depth: z.enum(["basic", "comprehensive", "security-focused"]).default("comprehensive").describe("Depth of analysis")
+});
+var SecurityCheckSchema = z.enum([
+  "hardcoded-secrets",
+  "sql-injection",
+  "tenant-isolation",
+  "authorization",
+  "dangerous-functions",
+  "input-validation",
+  "xss",
+  "csrf",
+  "logging-sensitive",
+  "all"
+]);
+var ValidateSecurityInputSchema = z.object({
+  path: z.string().optional().describe("Project path to validate (default: SmartStack.app path)"),
+  checks: z.array(SecurityCheckSchema).default(["all"]).describe("Security checks to run"),
+  severity: z.enum(["blocking", "all"]).optional().describe("Filter results by severity")
+});
+var QualityMetricSchema = z.enum([
+  "cognitive-complexity",
+  "cyclomatic-complexity",
+  "function-size",
+  "nesting-depth",
+  "parameter-count",
+  "code-duplication",
+  "file-size",
+  "all"
+]);
+var AnalyzeCodeQualityInputSchema = z.object({
+  path: z.string().optional().describe("Project path to analyze (default: SmartStack.app path)"),
+  metrics: z.array(QualityMetricSchema).default(["all"]).describe("Metrics to analyze"),
+  threshold: z.enum(["strict", "normal", "lenient"]).default("normal").describe("Threshold level for violations"),
+  scope: z.enum(["changed", "all"]).default("all").describe("Analyze only changed files or all")
+});
+var ScaffoldApiClientInputSchema = z.object({
+  path: z.string().optional().describe("Path to SmartStack project root (defaults to configured project path)"),
+  navRoute: z.string().min(1).describe('NavRoute path (e.g., "platform.administration.users")'),
+  name: z.string().min(1).describe('Entity name in PascalCase (e.g., "User", "Order")'),
+  methods: z.array(z.enum(["getAll", "getById", "create", "update", "delete", "search", "export"])).default(["getAll", "getById", "create", "update", "delete"]).describe("API methods to generate"),
+  options: z.object({
+    outputPath: z.string().optional().describe("Custom output path for generated files"),
+    includeTypes: z.boolean().default(true).describe("Generate TypeScript types"),
+    includeHook: z.boolean().default(true).describe("Generate React Query hook"),
+    dryRun: z.boolean().default(false).describe("Preview without writing files")
+  }).optional()
+});
+var ScaffoldRoutesInputSchema = z.object({
+  path: z.string().optional().describe("Path to SmartStack project root (defaults to configured project path)"),
+  source: z.enum(["controllers", "navigation", "manual"]).default("controllers").describe("Source for route discovery: controllers (scan NavRoute attributes), navigation (from DB), manual (from config)"),
+  scope: z.enum(["all", "platform", "business", "extensions"]).default("all").describe("Scope of routes to generate"),
+  options: z.object({
+    outputPath: z.string().optional().describe("Custom output path"),
+    includeLayouts: z.boolean().default(true).describe("Generate layout components"),
+    includeGuards: z.boolean().default(true).describe("Include route guards for permissions"),
+    generateRegistry: z.boolean().default(true).describe("Generate navRoutes.generated.ts"),
+    dryRun: z.boolean().default(false).describe("Preview without writing files")
+  }).optional()
+});
+var ValidateFrontendRoutesInputSchema = z.object({
+  path: z.string().optional().describe("Path to SmartStack project root (defaults to configured project path)"),
+  scope: z.enum(["api-clients", "routes", "registry", "all"]).default("all").describe("Scope of validation"),
+  options: z.object({
+    fix: z.boolean().default(false).describe("Auto-fix minor issues"),
+    strict: z.boolean().default(false).describe("Fail on warnings")
+  }).optional()
+});
+var SlotDefinitionSchema = z.object({
+  name: z.string().describe('Slot name (e.g., "users.form.fields.after")'),
+  location: z.string().describe("Where the slot is located in the page"),
+  contextProps: z.array(z.string()).optional().describe("Props passed to slot content")
+});
+var ScaffoldFrontendExtensionInputSchema = z.object({
+  type: z.enum(["infrastructure", "page-slots", "extension-example", "all"]).describe("Type of extension to scaffold: infrastructure (types, contexts), page-slots (add slots to a page), extension-example (client usage example), all"),
+  target: z.string().optional().describe('Target page or component (e.g., "UsersPage", "UserDetailPage")'),
+  options: z.object({
+    slots: z.array(SlotDefinitionSchema).optional().describe("Slot definitions to add"),
+    outputPath: z.string().optional().describe("Custom output path"),
+    dryRun: z.boolean().default(false).describe("Preview without writing files"),
+    overwrite: z.boolean().default(false).describe("Overwrite existing files")
+  }).optional()
+});
+var AnalyzeExtensionPointsInputSchema = z.object({
+  path: z.string().optional().describe("Path to SmartStack web project"),
+  target: z.enum(["pages", "components", "forms", "tables", "all"]).default("all").describe("Type of components to analyze"),
+  filter: z.string().optional().describe('Filter by file name pattern (e.g., "User*")')
+});
+var AnalyzeHierarchyPatternsInputSchema = z.object({
+  path: z.string().optional().describe("Project path to analyze (default: SmartStack.app path)"),
+  entityFilter: z.string().optional().describe('Filter entities by name pattern (e.g., "User*", "*Group*")'),
+  includeRecommendations: z.boolean().default(true).describe("Include pattern recommendations for each hierarchy"),
+  outputFormat: z.enum(["summary", "detailed", "json"]).default("detailed").describe("Output format")
+});
+var ReviewCodeCheckSchema = z.enum([
+  "security",
+  "architecture",
+  "hardcoded-values",
+  "tests",
+  "ai-hallucinations",
+  "performance",
+  "dead-code",
+  "i18n",
+  "accessibility",
+  "all"
+]);
+var ReviewCodeInputSchema = z.object({
+  path: z.string().optional().describe("Project path to review (default: SmartStack.app path)"),
+  scope: z.enum(["all", "changed", "staged"]).default("all").describe("Files to review: all, only changed (git diff), or staged files"),
+  checks: z.array(ReviewCodeCheckSchema).default(["all"]).describe("Categories of checks to run"),
+  severity: z.enum(["blocking", "critical", "warning", "all"]).default("all").describe("Filter results by minimum severity")
+});
+
 // src/utils/dotnet.ts
 import { exec } from "child_process";
 import { promisify } from "util";
@@ -373,7 +655,11 @@ var defaultConfig = {
       controller: "templates/controller.cs.hbs",
       component: "templates/component.tsx.hbs"
     }
-  }
+  },
+  // Will be loaded from .smartstack/config.json if present
+  projectConfig: void 0,
+  // Default to 'core', will be overridden by projectConfig.dbContext if present
+  defaultDbContext: "core"
 };
 var cachedConfig = null;
 function resolveProjectPath(configPath) {
@@ -408,12 +694,33 @@ async function getConfig() {
   cachedConfig.smartstack.projectPath = resolveProjectPath(
     cachedConfig.smartstack.projectPath
   );
-  const namespacesEmpty = !cachedConfig.conventions.namespaces.domain || !cachedConfig.conventions.namespaces.application || !cachedConfig.conventions.namespaces.infrastructure || !cachedConfig.conventions.namespaces.api;
-  if (namespacesEmpty && cachedConfig.smartstack.projectPath) {
+  const smartstackConfigPath = path3.join(
+    cachedConfig.smartstack.projectPath,
+    ".smartstack",
+    "config.json"
+  );
+  if (await fileExists(smartstackConfigPath)) {
     try {
-      const csprojFiles = await findCsprojFiles(cachedConfig.smartstack.projectPath);
-      const detected = await detectNamespaces(csprojFiles);
-      if (detected) {
+      const projectConfigRaw = await readJson(smartstackConfigPath);
+      const projectConfig = ProjectConfigSchema.parse(projectConfigRaw);
+      cachedConfig.projectConfig = projectConfig;
+      cachedConfig.defaultDbContext = projectConfig.dbContext;
+      logger.info("Project config loaded from .smartstack/config.json", {
+        projectType: projectConfig.projectType,
+        dbContext: projectConfig.dbContext
+      });
+    } catch (error) {
+      logger.warn("Failed to load .smartstack/config.json, using defaults", { error });
+    }
+  } else {
+    logger.debug("No .smartstack/config.json found, assuming platform project (core context)");
+  }
+  const namespacesEmpty = !cachedConfig.conventions.namespaces.domain || !cachedConfig.conventions.namespaces.application || !cachedConfig.conventions.namespaces.infrastructure || !cachedConfig.conventions.namespaces.api;
+  if (namespacesEmpty && cachedConfig.smartstack.projectPath) {
+    try {
+      const csprojFiles = await findCsprojFiles(cachedConfig.smartstack.projectPath);
+      const detected = await detectNamespaces(csprojFiles);
+      if (detected) {
         if (!cachedConfig.conventions.namespaces.domain) {
           cachedConfig.conventions.namespaces.domain = detected.domain;
         }
@@ -489,251 +796,6 @@ function mergeConfig(base, override) {
   };
 }
 
-// src/types/index.ts
-import { z } from "zod";
-var SmartStackConfigSchema = z.object({
-  projectPath: z.string(),
-  apiUrl: z.string().url().optional(),
-  apiEnabled: z.boolean().default(true)
-});
-var ConventionsConfigSchema = z.object({
-  schemas: z.object({
-    platform: z.string().default("core"),
-    extensions: z.string().default("extensions")
-  }),
-  tablePrefixes: z.array(z.string()).default([
-    "auth_",
-    "nav_",
-    "usr_",
-    "ai_",
-    "cfg_",
-    "wkf_",
-    "support_",
-    "entra_",
-    "ref_",
-    "loc_",
-    "lic_"
-  ]),
-  scopeTypes: z.array(z.string()).default(["Core", "Extension", "Partner", "Community"]),
-  migrationFormat: z.string().default("{context}_v{version}_{sequence}_{Description}"),
-  namespaces: z.object({
-    domain: z.string(),
-    application: z.string(),
-    infrastructure: z.string(),
-    api: z.string()
-  }),
-  servicePattern: z.object({
-    interface: z.string().default("I{Name}Service"),
-    implementation: z.string().default("{Name}Service")
-  })
-});
-var EfCoreContextSchema = z.object({
-  name: z.string(),
-  projectPath: z.string(),
-  migrationsFolder: z.string().default("Migrations")
-});
-var EfCoreConfigSchema = z.object({
-  contexts: z.array(EfCoreContextSchema),
-  validation: z.object({
-    checkModelSnapshot: z.boolean().default(true),
-    checkMigrationOrder: z.boolean().default(true),
-    requireBuildSuccess: z.boolean().default(true)
-  })
-});
-var ScaffoldingConfigSchema = z.object({
-  outputPath: z.string(),
-  templates: z.object({
-    service: z.string(),
-    entity: z.string(),
-    controller: z.string(),
-    component: z.string()
-  })
-});
-var ConfigSchema = z.object({
-  version: z.string(),
-  smartstack: SmartStackConfigSchema,
-  conventions: ConventionsConfigSchema,
-  efcore: EfCoreConfigSchema,
-  scaffolding: ScaffoldingConfigSchema
-});
-var ValidateConventionsInputSchema = z.object({
-  path: z.string().optional().describe("Project path to validate (default: SmartStack.app path)"),
-  checks: z.array(z.enum(["tables", "migrations", "services", "namespaces", "entities", "tenants", "controllers", "layouts", "tabs", "all"])).default(["all"]).describe("Types of checks to perform")
-});
-var CheckMigrationsInputSchema = z.object({
-  projectPath: z.string().optional().describe("EF Core project path"),
-  branch: z.string().optional().describe("Git branch to check (default: current)"),
-  compareBranch: z.string().optional().describe("Branch to compare against")
-});
-var EntityPropertySchema = z.object({
-  name: z.string().describe("Property name (PascalCase)"),
-  type: z.string().describe("C# type (string, int, Guid, DateTime, etc.)"),
-  required: z.boolean().optional().describe("If true, property is required"),
-  maxLength: z.number().optional().describe("Max length for string properties")
-});
-var ScaffoldExtensionInputSchema = z.object({
-  type: z.enum(["feature", "service", "entity", "controller", "component", "test", "dto", "validator", "repository"]).describe('Type of extension to scaffold. Use "feature" for full-stack generation.'),
-  name: z.string().describe('Name of the extension (e.g., "UserProfile", "Order")'),
-  options: z.object({
-    namespace: z.string().optional().describe("Custom namespace"),
-    baseEntity: z.string().optional().describe("Base entity to extend (for entity type)"),
-    methods: z.array(z.string()).optional().describe("Methods to generate (for service type)"),
-    outputPath: z.string().optional().describe("Custom output path"),
-    isSystemEntity: z.boolean().optional().describe("If true, creates a system entity without TenantId"),
-    tablePrefix: z.string().optional().describe('Domain prefix for table name (e.g., "auth_", "nav_", "cfg_")'),
-    schema: z.enum(["core", "extensions"]).optional().describe("Database schema (default: core)"),
-    dryRun: z.boolean().optional().describe("If true, preview generated code without writing files"),
-    skipService: z.boolean().optional().describe("For feature type: skip service generation"),
-    skipController: z.boolean().optional().describe("For feature type: skip controller generation"),
-    skipComponent: z.boolean().optional().describe("For feature type: skip React component generation"),
-    clientExtension: z.boolean().optional().describe("If true, use extensions schema for client-specific code"),
-    withTests: z.boolean().optional().describe("For feature type: also generate unit tests"),
-    withDtos: z.boolean().optional().describe("For feature type: generate DTOs (Create, Update, Response)"),
-    withValidation: z.boolean().optional().describe("For feature type: generate FluentValidation validators"),
-    withRepository: z.boolean().optional().describe("For feature type: generate repository pattern"),
-    entityProperties: z.array(EntityPropertySchema).optional().describe("Entity properties for DTO/Validator generation"),
-    navRoute: z.string().optional().describe('Navigation route path for controller (e.g., "platform.administration.users"). Required for controllers.'),
-    navRouteSuffix: z.string().optional().describe('Optional suffix for NavRoute (e.g., "dashboard" for sub-resources)')
-  }).optional()
-});
-var ApiDocsInputSchema = z.object({
-  endpoint: z.string().optional().describe('Filter by endpoint path (e.g., "/api/users")'),
-  format: z.enum(["markdown", "json", "openapi"]).default("markdown").describe("Output format"),
-  controller: z.string().optional().describe("Filter by controller name")
-});
-var SuggestMigrationInputSchema = z.object({
-  description: z.string().describe('Description of what the migration does (e.g., "Add User Profiles", "Create Orders Table")'),
-  context: z.enum(["core", "extensions"]).optional().describe("DbContext name (default: core)"),
-  version: z.string().optional().describe('Semver version (e.g., "1.0.0", "1.2.0"). If not provided, uses latest from existing migrations.')
-});
-var GeneratePermissionsInputSchema = z.object({
-  navRoute: z.string().optional().describe('NavRoute path (e.g., "platform.administration.entra"). If not provided, scans all controllers.'),
-  actions: z.array(z.string()).optional().describe("Custom actions to generate (default: read, create, update, delete)"),
-  includeStandardActions: z.boolean().default(true).describe("Include standard CRUD actions (read, create, update, delete)"),
-  generateMigration: z.boolean().default(true).describe("Generate EF Core migration to seed permissions in database"),
-  dryRun: z.boolean().default(false).describe("Preview without writing files or creating migration")
-});
-var TestTypeSchema = z.enum(["unit", "integration", "security", "e2e"]);
-var TestTargetSchema = z.enum(["entity", "service", "controller", "validator", "repository", "all"]);
-var ScaffoldTestsInputSchema = z.object({
-  target: TestTargetSchema.describe("Type of component to test"),
-  name: z.string().min(1).describe('Component name (PascalCase, e.g., "User", "Order")'),
-  testTypes: z.array(TestTypeSchema).default(["unit"]).describe("Types of tests to generate"),
-  options: z.object({
-    includeEdgeCases: z.boolean().default(true).describe("Include edge case tests"),
-    includeTenantIsolation: z.boolean().default(true).describe("Include tenant isolation tests"),
-    includeSoftDelete: z.boolean().default(true).describe("Include soft delete tests"),
-    includeAudit: z.boolean().default(true).describe("Include audit trail tests"),
-    includeValidation: z.boolean().default(true).describe("Include validation tests"),
-    includeAuthorization: z.boolean().default(false).describe("Include authorization tests"),
-    includePerformance: z.boolean().default(false).describe("Include performance tests"),
-    entityProperties: z.array(EntityPropertySchema).optional().describe("Entity properties for test generation"),
-    isSystemEntity: z.boolean().default(false).describe("If true, entity has no TenantId"),
-    dryRun: z.boolean().default(false).describe("Preview without writing files")
-  }).optional()
-});
-var AnalyzeTestCoverageInputSchema = z.object({
-  path: z.string().optional().describe("Project path to analyze"),
-  scope: z.enum(["entity", "service", "controller", "all"]).default("all").describe("Scope of analysis"),
-  outputFormat: z.enum(["summary", "detailed", "json"]).default("summary").describe("Output format"),
-  includeRecommendations: z.boolean().default(true).describe("Include recommendations for missing tests")
-});
-var ValidateTestConventionsInputSchema = z.object({
-  path: z.string().optional().describe("Project path to validate"),
-  checks: z.array(z.enum(["naming", "structure", "patterns", "assertions", "mocking", "all"])).default(["all"]).describe("Types of convention checks to perform"),
-  autoFix: z.boolean().default(false).describe("Automatically fix minor issues")
-});
-var SuggestTestScenariosInputSchema = z.object({
-  target: z.enum(["entity", "service", "controller", "file"]).describe("Type of target to analyze"),
-  name: z.string().min(1).describe("Component name or file path"),
-  depth: z.enum(["basic", "comprehensive", "security-focused"]).default("comprehensive").describe("Depth of analysis")
-});
-var SecurityCheckSchema = z.enum([
-  "hardcoded-secrets",
-  "sql-injection",
-  "tenant-isolation",
-  "authorization",
-  "dangerous-functions",
-  "input-validation",
-  "xss",
-  "csrf",
-  "logging-sensitive",
-  "all"
-]);
-var ValidateSecurityInputSchema = z.object({
-  path: z.string().optional().describe("Project path to validate (default: SmartStack.app path)"),
-  checks: z.array(SecurityCheckSchema).default(["all"]).describe("Security checks to run"),
-  severity: z.enum(["blocking", "all"]).optional().describe("Filter results by severity")
-});
-var QualityMetricSchema = z.enum([
-  "cognitive-complexity",
-  "cyclomatic-complexity",
-  "function-size",
-  "nesting-depth",
-  "parameter-count",
-  "code-duplication",
-  "file-size",
-  "all"
-]);
-var AnalyzeCodeQualityInputSchema = z.object({
-  path: z.string().optional().describe("Project path to analyze (default: SmartStack.app path)"),
-  metrics: z.array(QualityMetricSchema).default(["all"]).describe("Metrics to analyze"),
-  threshold: z.enum(["strict", "normal", "lenient"]).default("normal").describe("Threshold level for violations"),
-  scope: z.enum(["changed", "all"]).default("all").describe("Analyze only changed files or all")
-});
-var ScaffoldApiClientInputSchema = z.object({
-  path: z.string().optional().describe("Path to SmartStack project root (defaults to configured project path)"),
-  navRoute: z.string().min(1).describe('NavRoute path (e.g., "platform.administration.users")'),
-  name: z.string().min(1).describe('Entity name in PascalCase (e.g., "User", "Order")'),
-  methods: z.array(z.enum(["getAll", "getById", "create", "update", "delete", "search", "export"])).default(["getAll", "getById", "create", "update", "delete"]).describe("API methods to generate"),
-  options: z.object({
-    outputPath: z.string().optional().describe("Custom output path for generated files"),
-    includeTypes: z.boolean().default(true).describe("Generate TypeScript types"),
-    includeHook: z.boolean().default(true).describe("Generate React Query hook"),
-    dryRun: z.boolean().default(false).describe("Preview without writing files")
-  }).optional()
-});
-var ScaffoldRoutesInputSchema = z.object({
-  path: z.string().optional().describe("Path to SmartStack project root (defaults to configured project path)"),
-  source: z.enum(["controllers", "navigation", "manual"]).default("controllers").describe("Source for route discovery: controllers (scan NavRoute attributes), navigation (from DB), manual (from config)"),
-  scope: z.enum(["all", "platform", "business", "extensions"]).default("all").describe("Scope of routes to generate"),
-  options: z.object({
-    outputPath: z.string().optional().describe("Custom output path"),
-    includeLayouts: z.boolean().default(true).describe("Generate layout components"),
-    includeGuards: z.boolean().default(true).describe("Include route guards for permissions"),
-    generateRegistry: z.boolean().default(true).describe("Generate navRoutes.generated.ts"),
-    dryRun: z.boolean().default(false).describe("Preview without writing files")
-  }).optional()
-});
-var ValidateFrontendRoutesInputSchema = z.object({
-  path: z.string().optional().describe("Path to SmartStack project root (defaults to configured project path)"),
-  scope: z.enum(["api-clients", "routes", "registry", "all"]).default("all").describe("Scope of validation"),
-  options: z.object({
-    fix: z.boolean().default(false).describe("Auto-fix minor issues"),
-    strict: z.boolean().default(false).describe("Fail on warnings")
-  }).optional()
-});
-var SlotDefinitionSchema = z.object({
-  name: z.string().describe('Slot name (e.g., "users.form.fields.after")'),
-  location: z.string().describe("Where the slot is located in the page"),
-  contextProps: z.array(z.string()).optional().describe("Props passed to slot content")
-});
-var ScaffoldFrontendExtensionInputSchema = z.object({
-  type: z.enum(["infrastructure", "page-slots", "extension-example", "all"]).describe("Type of extension to scaffold: infrastructure (types, contexts), page-slots (add slots to a page), extension-example (client usage example), all"),
-  target: z.string().optional().describe('Target page or component (e.g., "UsersPage", "UserDetailPage")'),
-  options: z.object({
-    slots: z.array(SlotDefinitionSchema).optional().describe("Slot definitions to add"),
-    outputPath: z.string().optional().describe("Custom output path"),
-    dryRun: z.boolean().default(false).describe("Preview without writing files"),
-    overwrite: z.boolean().default(false).describe("Overwrite existing files")
-  }).optional()
-});
-var AnalyzeExtensionPointsInputSchema = z.object({
-  path: z.string().optional().describe("Path to SmartStack web project"),
-  target: z.enum(["pages", "components", "forms", "tables", "all"]).default("all").describe("Type of components to analyze"),
-  filter: z.string().optional().describe('Filter by file name pattern (e.g., "User*")')
-});
-
 // src/lib/detector.ts
 import path5 from "path";
 
@@ -778,10 +840,19 @@ async function getCurrentBranch(cwd) {
     return null;
   }
 }
-async function branchExists(branch, cwd) {
+async function getChangedFiles(cwd) {
   try {
-    await git(`rev-parse --verify ${branch}`, cwd);
-    return true;
+    const status = await git("status --porcelain", cwd);
+    if (!status) return [];
+    return status.split("\n").map((line) => line.substring(3).trim()).filter(Boolean);
+  } catch {
+    return [];
+  }
+}
+async function branchExists(branch, cwd) {
+  try {
+    await git(`rev-parse --verify ${branch}`, cwd);
+    return true;
   } catch {
     return false;
   }
@@ -801,6 +872,15 @@ async function getDiff(fromBranch, toBranch, filePath, cwd) {
     return "";
   }
 }
+async function getStagedFiles(cwd) {
+  try {
+    const status = await git("diff --cached --name-only", cwd);
+    if (!status) return [];
+    return status.split("\n").filter(Boolean);
+  } catch {
+    return [];
+  }
+}
 
 // src/lib/detector.ts
 import { glob as glob2 } from "glob";
@@ -947,7 +1027,7 @@ var validateConventionsTool = {
         type: "array",
         items: {
           type: "string",
-          enum: ["tables", "migrations", "services", "namespaces", "entities", "tenants", "controllers", "layouts", "tabs", "all"]
+          enum: ["tables", "migrations", "services", "namespaces", "entities", "tenants", "controllers", "layouts", "tabs", "hierarchies", "protected-actions", "all"]
         },
         description: "Types of checks to perform",
         default: ["all"]
@@ -958,7 +1038,7 @@ var validateConventionsTool = {
 async function handleValidateConventions(args, config) {
   const input = ValidateConventionsInputSchema.parse(args);
   const projectPath = input.path || config.smartstack.projectPath;
-  const checks = input.checks.includes("all") ? ["tables", "migrations", "services", "namespaces", "entities", "tenants", "controllers", "layouts", "tabs"] : input.checks;
+  const checks = input.checks.includes("all") ? ["tables", "migrations", "services", "namespaces", "entities", "tenants", "controllers", "layouts", "tabs", "hierarchies", "protected-actions"] : input.checks;
   logger.info("Validating conventions", { projectPath, checks });
   const result = {
     valid: true,
@@ -994,6 +1074,12 @@ async function handleValidateConventions(args, config) {
   if (checks.includes("tabs")) {
     await validateTabs(structure, config, result);
   }
+  if (checks.includes("hierarchies")) {
+    await validateHierarchies(structure, config, result);
+  }
+  if (checks.includes("protected-actions")) {
+    await validateProtectedActions(structure, config, result);
+  }
   result.valid = result.errors.length === 0;
   result.summary = generateSummary(result, checks);
   return formatResult(result);
@@ -1511,6 +1597,7 @@ async function validateTabs(structure, _config, result) {
   const pageFiles = await findFiles("**/pages/**/*.tsx", { cwd: structure.web });
   let tabPagesCount = 0;
   let hookUsageCount = 0;
+  let lazyLoadingCount = 0;
   for (const file of pageFiles) {
     const content = await readText(file);
     const fileName = path6.basename(file);
@@ -1540,14 +1627,326 @@ async function validateTabs(structure, _config, result) {
           suggestion: "Use useTabNavigation hook to sync tab state with URL: const { activeTab, setActiveTab } = useTabNavigation(defaultTab, VALID_TABS)"
         });
       }
+      const lazyLoadingPatterns = detectTabLazyLoading(content);
+      if (lazyLoadingPatterns.hasLazyLoading) {
+        lazyLoadingCount++;
+      } else if (lazyLoadingPatterns.hasDataFetching) {
+        result.warnings.push({
+          type: "warning",
+          category: "tabs",
+          message: `Page "${fileName}" has tabs with data fetching but no lazy loading pattern detected`,
+          file: path6.relative(structure.root, file),
+          suggestion: 'Use lazy loading for tab data: useQuery([...], fetchFn, { enabled: activeTab === "tabName" }) or React.lazy() for tab components'
+        });
+      }
     }
   }
   if (tabPagesCount > 0) {
+    const summaryParts = [
+      `${hookUsageCount}/${tabPagesCount} use useTabNavigation hook`
+    ];
+    if (lazyLoadingCount > 0 || tabPagesCount > hookUsageCount) {
+      summaryParts.push(`${lazyLoadingCount}/${tabPagesCount} use lazy loading`);
+    }
     result.warnings.push({
       type: "warning",
       category: "tabs",
-      message: `Tab summary: ${hookUsageCount}/${tabPagesCount} pages with tabs use useTabNavigation hook`
+      message: `Tab summary: ${summaryParts.join(", ")}`
+    });
+  }
+}
+function detectTabLazyLoading(content) {
+  const patterns = [];
+  let hasLazyLoading = false;
+  let hasDataFetching = false;
+  const hasUseQuery = /useQuery\s*\(/.test(content);
+  const hasEnabledTabCondition = /enabled\s*:\s*(?:activeTab|tab|currentTab)\s*===\s*['"][^'"]+['"]/.test(content);
+  if (hasUseQuery && hasEnabledTabCondition) {
+    hasLazyLoading = true;
+    patterns.push("useQuery with enabled condition");
+  }
+  const reactLazyPattern = /(?:React\.)?lazy\s*\(\s*\(\)\s*=>\s*import\s*\(/;
+  if (reactLazyPattern.test(content)) {
+    hasLazyLoading = true;
+    patterns.push("React.lazy() imports");
+  }
+  const suspensePattern = /<Suspense\s+[^>]*fallback\s*=/;
+  if (suspensePattern.test(content)) {
+    hasLazyLoading = true;
+    patterns.push("Suspense with fallback");
+  }
+  const conditionalRenderPattern = /(?:activeTab|tab|currentTab)\s*===\s*['"][^'"]+['"]\s*(?:&&|\?)\s*<[A-Z]/;
+  if (conditionalRenderPattern.test(content)) {
+    hasLazyLoading = true;
+    patterns.push("Conditional tab rendering");
+  }
+  const useSWRConditionalPattern = /useSWR\s*\(\s*(?:activeTab|tab|currentTab)\s*===\s*['"][^'"]+['"]\s*\?/;
+  if (useSWRConditionalPattern.test(content)) {
+    hasLazyLoading = true;
+    patterns.push("useSWR with conditional key");
+  }
+  const dataFetchingPatterns = [
+    /useQuery\s*\(/,
+    /useSWR\s*\(/,
+    /useMutation\s*\(/,
+    /fetch\s*\(/,
+    /axios\./,
+    /useEffect\s*\([^)]*\{[^}]*(?:fetch|axios|api\.)/s
+  ];
+  for (const pattern of dataFetchingPatterns) {
+    if (pattern.test(content)) {
+      hasDataFetching = true;
+      break;
+    }
+  }
+  return {
+    hasLazyLoading,
+    hasDataFetching,
+    patterns
+  };
+}
+async function validateHierarchies(structure, _config, result) {
+  if (!structure.domain) {
+    result.warnings.push({
+      type: "warning",
+      category: "hierarchies",
+      message: "Domain project not found, skipping hierarchy validation"
+    });
+    return;
+  }
+  const entityFiles = await findFiles("**/*.cs", { cwd: structure.domain });
+  const hierarchies = [];
+  const entityNames = /* @__PURE__ */ new Set();
+  for (const file of entityFiles) {
+    const content = await readText(file);
+    const fileName = path6.basename(file, ".cs");
+    if (fileName.endsWith("Dto") || fileName.endsWith("Command") || fileName.endsWith("Query") || fileName.endsWith("Handler") || fileName.endsWith("Validator") || fileName.endsWith("Exception") || fileName.startsWith("I")) {
+      continue;
+    }
+    const classMatch = content.match(
+      /public\s+(?:class|record)\s+(\w+)(?:\s*:\s*([^{]+))?/
+    );
+    if (!classMatch) continue;
+    const entityName = classMatch[1];
+    const inheritance = classMatch[2]?.trim() || "";
+    const hasBaseEntity = inheritance.includes("BaseEntity");
+    const hasSystemEntity = inheritance.includes("SystemEntity");
+    if (!hasBaseEntity && !hasSystemEntity) continue;
+    entityNames.add(entityName);
+    const hasITenantEntity = inheritance.includes("ITenantEntity");
+    const selfRefMatch = content.match(
+      new RegExp(
+        `public\\s+(?:Guid\\??|${entityName}\\??)\\s+(Parent(?:Id)?|Parent${entityName}(?:Id)?)\\s*\\{`,
+        "i"
+      )
+    );
+    const childCollections = [];
+    const collectionMatches = content.matchAll(
+      /public\s+(?:virtual\s+)?ICollection<(\w+)>\s+(\w+)\s*\{/g
+    );
+    for (const match of collectionMatches) {
+      childCollections.push(match[1]);
+    }
+    const fkMatches = content.matchAll(/public\s+Guid\s+(\w+Id)\s*\{[^}]+\}/g);
+    let parentEntity;
+    for (const match of fkMatches) {
+      const propName = match[1];
+      if (propName.toLowerCase().includes("parent")) continue;
+      if (propName === "TenantId") continue;
+      const refEntity = propName.replace(/Id$/, "");
+      if (refEntity !== entityName) {
+        parentEntity = refEntity;
+        break;
+      }
+    }
+    if (selfRefMatch || childCollections.length > 0 || parentEntity) {
+      hierarchies.push({
+        name: entityName,
+        file: path6.relative(structure.root, file),
+        isSelfReferencing: !!selfRefMatch,
+        selfRefField: selfRefMatch ? selfRefMatch[1] : void 0,
+        parentEntity,
+        isTenantAware: hasITenantEntity,
+        childCollections,
+        depth: 0
+        // Will be calculated later
+      });
+    }
+  }
+  let selfRefCount = 0;
+  let parentChildCount = 0;
+  let deepHierarchyCount = 0;
+  for (const h of hierarchies) {
+    if (h.isSelfReferencing) {
+      selfRefCount++;
+      result.warnings.push({
+        type: "warning",
+        category: "hierarchies",
+        message: `Entity "${h.name}" is self-referencing via "${h.selfRefField}"`,
+        file: h.file,
+        suggestion: `Consider using TVF with CTE for efficient hierarchy traversal. Ensure index on ${h.selfRefField}.`
+      });
+      if (h.name.toLowerCase().includes("group") || h.name.toLowerCase().includes("permission") || h.name.toLowerCase().includes("role")) {
+        result.warnings.push({
+          type: "warning",
+          category: "hierarchies",
+          message: `Permission/Group entity "${h.name}" detected with self-reference`,
+          file: h.file,
+          suggestion: `CRITICAL: Use fn_Get${h.name}Hierarchy TVF for recursive permission resolution. Run analyze_hierarchy_patterns for SQL template.`
+        });
+      }
+    }
+    if (h.parentEntity) {
+      parentChildCount++;
+      if (!entityNames.has(h.parentEntity)) {
+        result.errors.push({
+          type: "error",
+          category: "hierarchies",
+          message: `Entity "${h.name}" references non-existent parent "${h.parentEntity}"`,
+          file: h.file,
+          suggestion: `Create the ${h.parentEntity} entity or fix the foreign key reference.`
+        });
+      }
+    }
+    if (h.parentEntity && entityNames.has(h.parentEntity)) {
+      const parentInfo = hierarchies.find((x) => x.name === h.parentEntity);
+      if (parentInfo && parentInfo.isTenantAware && !h.isTenantAware) {
+        result.errors.push({
+          type: "error",
+          category: "hierarchies",
+          message: `Entity "${h.name}" has tenant-aware parent "${h.parentEntity}" but is not tenant-aware itself`,
+          file: h.file,
+          suggestion: `Add ITenantEntity interface to ${h.name} for consistent tenant isolation.`
+        });
+      }
+    }
+    if (h.childCollections.length > 0) {
+      for (const child of h.childCollections) {
+        const childInfo = hierarchies.find((x) => x.name === child);
+        if (childInfo && childInfo.childCollections.length > 0) {
+          deepHierarchyCount++;
+          result.warnings.push({
+            type: "warning",
+            category: "hierarchies",
+            message: `Deep hierarchy detected: ${h.name} \u2192 ${child} \u2192 ...`,
+            file: h.file,
+            suggestion: `Consider TVF for efficient traversal. Run analyze_hierarchy_patterns for recommendations.`
+          });
+        }
+      }
+    }
+  }
+  if (hierarchies.length > 0) {
+    result.warnings.push({
+      type: "warning",
+      category: "hierarchies",
+      message: `Hierarchy summary: ${selfRefCount} self-referencing, ${parentChildCount} parent-child, ${deepHierarchyCount} deep hierarchies detected`
+    });
+  }
+}
+async function validateProtectedActions(structure, _config, result) {
+  if (!structure.web) {
+    result.warnings.push({
+      type: "warning",
+      category: "protected-actions",
+      message: "Web project not found, skipping protected actions validation"
+    });
+    return;
+  }
+  const pageFiles = await findFiles("**/pages/**/*.tsx", { cwd: structure.web });
+  const componentFiles = await findFiles("**/components/**/*.tsx", { cwd: structure.web });
+  const allFiles = [...pageFiles, ...componentFiles];
+  const actionPatterns = {
+    create: ["create", "add", "new", "cr\xE9er", "ajouter", "nouveau"],
+    update: ["edit", "update", "modify", "modifier", "\xE9diter", "save", "enregistrer"],
+    delete: ["delete", "remove", "supprimer", "retirer"],
+    execute: ["execute", "run", "sync", "ex\xE9cuter", "lancer", "synchroniser"]
+  };
+  let protectedButtonCount = 0;
+  let hasPermissionCount = 0;
+  let unprotectedCount = 0;
+  const unprotectedButtons = [];
+  for (const file of allFiles) {
+    const content = await readText(file);
+    const lines = content.split("\n");
+    const usesProtectedButton = content.includes("<ProtectedButton");
+    if (usesProtectedButton) {
+      protectedButtonCount++;
+      continue;
+    }
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      const trimmed = line.trim();
+      if (trimmed.startsWith("//") || trimmed.startsWith("*") || trimmed.startsWith("/*")) {
+        continue;
+      }
+      const buttonMatch = /<(?:button|Button)[^>]*>([^<]*)<\/|onClick\s*=\s*\{[^}]*handle(Create|Delete|Edit|Update|Remove|Save|Add|Sync|Execute)/i.exec(line);
+      if (buttonMatch) {
+        const buttonContent = buttonMatch[1]?.toLowerCase() || "";
+        const handlerAction = buttonMatch[2]?.toLowerCase() || "";
+        let detectedAction = null;
+        for (const [action, keywords] of Object.entries(actionPatterns)) {
+          if (keywords.some((kw) => buttonContent.includes(kw) || handlerAction.includes(kw))) {
+            detectedAction = action;
+            break;
+          }
+        }
+        if (detectedAction) {
+          const startLine = Math.max(0, i - 5);
+          const endLine = Math.min(lines.length - 1, i + 5);
+          const context = lines.slice(startLine, endLine + 1).join("\n");
+          const hasPermissionCheck = context.includes("hasPermission") || context.includes("canCreate") || context.includes("canEdit") || context.includes("canUpdate") || context.includes("canDelete") || context.includes("canExecute") || context.includes("disabled={!can");
+          if (!hasPermissionCheck) {
+            unprotectedCount++;
+            unprotectedButtons.push({
+              file: path6.relative(structure.root, file),
+              line: i + 1,
+              action: detectedAction,
+              code: line.trim().substring(0, 80)
+            });
+          } else {
+            hasPermissionCount++;
+          }
+        }
+      }
+    }
+  }
+  const reportedButtons = unprotectedButtons.slice(0, 10);
+  for (const btn of reportedButtons) {
+    result.warnings.push({
+      type: "warning",
+      category: "protected-actions",
+      message: `Button with "${btn.action}" action may be missing permission check`,
+      file: btn.file,
+      line: btn.line,
+      suggestion: `Use <ProtectedButton action="${btn.action}" navRoute="..."> or add hasPermission check`
+    });
+  }
+  if (unprotectedButtons.length > 10) {
+    result.warnings.push({
+      type: "warning",
+      category: "protected-actions",
+      message: `... and ${unprotectedButtons.length - 10} more unprotected buttons`
+    });
+  }
+  const totalActionButtons = protectedButtonCount + hasPermissionCount + unprotectedCount;
+  if (totalActionButtons > 0) {
+    const protectedPercentage = Math.round(
+      (protectedButtonCount + hasPermissionCount) / totalActionButtons * 100
+    );
+    result.warnings.push({
+      type: "warning",
+      category: "protected-actions",
+      message: `Protected actions summary: ${protectedButtonCount} use ProtectedButton, ${hasPermissionCount} use hasPermission, ${unprotectedCount} potentially unprotected (${protectedPercentage}% protected)`
     });
+    if (protectedPercentage < 80 && totalActionButtons > 5) {
+      result.errors.push({
+        type: "error",
+        category: "protected-actions",
+        message: `Less than 80% of action buttons are protected (${protectedPercentage}%)`,
+        suggestion: "Migrate action buttons to use <ProtectedButton> component for consistent permission checking"
+      });
+    }
   }
 }
 function generateSummary(result, checks) {
@@ -2011,6 +2410,15 @@ var scaffoldExtensionTool = {
           navRouteSuffix: {
             type: "string",
             description: 'Optional suffix for NavRoute (e.g., "dashboard" for sub-resources)'
+          },
+          withHierarchyFunction: {
+            type: "boolean",
+            description: "For entity type with self-reference (ParentId): generate TVF SQL script for hierarchy traversal"
+          },
+          hierarchyDirection: {
+            type: "string",
+            enum: ["ancestors", "descendants", "both"],
+            description: "Direction for hierarchy traversal function (default: both)"
           }
         }
       }
@@ -2155,10 +2563,10 @@ async function scaffoldFeature(name, options, structure, config, result, dryRun
   result.instructions.push("---");
   result.instructions.push(`## Summary: Generated ${generated.join(" + ")}`);
   result.instructions.push("");
-  const schema = options?.schema || (isClientExtension ? "extensions" : "core");
+  const schema = options?.schema || (isClientExtension ? "extensions" : config.defaultDbContext);
   const dbContextName = schema === "extensions" ? "ExtensionsDbContext" : "CoreDbContext";
   const dbContextInterface = schema === "extensions" ? "IExtensionsDbContext" : "ICoreDbContext";
-  const migrationPrefix = schema === "extensions" ? "ext" : "core";
+  const migrationPrefix = schema;
   result.instructions.push("### Next Steps:");
   result.instructions.push(`1. Add DbSet to ${dbContextInterface} and ${dbContextName}: \`public DbSet<${name}> ${name}s => Set<${name}>();\``);
   if (withRepository) {
@@ -2500,7 +2908,7 @@ public class {{name}}Configuration : IEntityTypeConfiguration<{{name}}>
   result.files.push({ path: configFilePath, content: configContent, type: "created" });
   const dbContextName = schema === "extensions" ? "ExtensionsDbContext" : "CoreDbContext";
   const dbContextInterface = schema === "extensions" ? "IExtensionsDbContext" : "ICoreDbContext";
-  const migrationPrefix = schema === "extensions" ? "ext" : "core";
+  const migrationPrefix = schema;
   result.instructions.push(`Add DbSet to ${dbContextInterface}:`);
   result.instructions.push(`public DbSet<${name}> ${name}s => Set<${name}>();`);
   result.instructions.push("");
@@ -2520,6 +2928,11 @@ public class {{name}}Configuration : IEntityTypeConfiguration<{{name}}>
     result.instructions.push("### Seed Data");
     await scaffoldSeedData(name, options, structure, config, result, dryRun);
   }
+  if (options?.withHierarchyFunction) {
+    result.instructions.push("");
+    result.instructions.push("### Hierarchy Function (TVF)");
+    await scaffoldHierarchyFunction(name, options, structure, config, result, dryRun);
+  }
 }
 async function scaffoldSeedData(name, options, structure, config, result, dryRun = false) {
   const tablePrefix = options?.tablePrefix || "ref_";
@@ -2629,6 +3042,180 @@ public static class {{name}}SeedData
   result.instructions.push("3. Implement GetSeedData() returning object[]");
   result.instructions.push("4. Reference other SeedData IDs for foreign keys");
 }
+async function scaffoldHierarchyFunction(name, options, structure, config, result, dryRun = false) {
+  const tablePrefix = options?.tablePrefix || "ref_";
+  const schema = options?.schema || config.conventions.schemas.platform;
+  const tableName = `${tablePrefix}${name}s`;
+  const tvfTemplate = `-- ============================================================================
+-- Table-Valued Function: fn_Get{{name}}Hierarchy
+-- Purpose: Recursively traverse {{name}} hierarchy (ancestors/descendants)
+-- Generated by: SmartStack MCP scaffold_extension
+-- ============================================================================
+
+-- Drop existing function if it exists
+IF OBJECT_ID('[{{schema}}].[fn_Get{{name}}Hierarchy]', 'IF') IS NOT NULL
+    DROP FUNCTION [{{schema}}].[fn_Get{{name}}Hierarchy];
+GO
+
+CREATE FUNCTION [{{schema}}].[fn_Get{{name}}Hierarchy]
+(
+    @{{nameLower}}Id UNIQUEIDENTIFIER,
+    @Direction VARCHAR(11) = 'descendants' -- 'ancestors', 'descendants', or 'both'
+)
+RETURNS TABLE
+AS
+RETURN
+(
+    WITH HierarchyCTE AS (
+        -- ========================================
+        -- Base case: starting node
+        -- ========================================
+        SELECT
+            Id,
+            ParentId,
+            Code,
+            TenantId,
+            0 AS [Level],
+            CAST(Id AS NVARCHAR(MAX)) AS [Path],
+            'self' AS Direction
+        FROM [{{schema}}].[{{tableName}}]
+        WHERE Id = @{{nameLower}}Id
+          AND IsDeleted = 0
+
+        UNION ALL
+
+        -- ========================================
+        -- Recursive: ancestors (climb up the tree)
+        -- ========================================
+        SELECT
+            parent.Id,
+            parent.ParentId,
+            parent.Code,
+            parent.TenantId,
+            h.[Level] - 1,
+            CAST(parent.Id AS NVARCHAR(MAX)) + '/' + h.[Path],
+            'ancestor' AS Direction
+        FROM [{{schema}}].[{{tableName}}] parent
+        INNER JOIN HierarchyCTE h ON parent.Id = h.ParentId
+        WHERE parent.IsDeleted = 0
+          AND @Direction IN ('ancestors', 'both')
+          AND h.[Level] > -50  -- Prevent infinite recursion
+
+        UNION ALL
+
+        -- ========================================
+        -- Recursive: descendants (go down the tree)
+        -- ========================================
+        SELECT
+            child.Id,
+            child.ParentId,
+            child.Code,
+            child.TenantId,
+            h.[Level] + 1,
+            h.[Path] + '/' + CAST(child.Id AS NVARCHAR(MAX)),
+            'descendant' AS Direction
+        FROM [{{schema}}].[{{tableName}}] child
+        INNER JOIN HierarchyCTE h ON child.ParentId = h.Id
+        WHERE child.IsDeleted = 0
+          AND @Direction IN ('descendants', 'both')
+          AND h.[Level] < 50  -- Prevent infinite recursion
+    )
+    SELECT
+        Id,
+        ParentId,
+        Code,
+        TenantId,
+        [Level],
+        [Path],
+        Direction,
+        ABS([Level]) AS Depth  -- Absolute depth from starting node
+    FROM HierarchyCTE
+    WHERE (
+        @Direction = 'both'
+        OR (@Direction = 'ancestors' AND Direction IN ('self', 'ancestor'))
+        OR (@Direction = 'descendants' AND Direction IN ('self', 'descendant'))
+    )
+);
+GO
+
+-- ============================================================================
+-- Usage Examples
+-- ============================================================================
+
+-- Get all descendants of a {{name}}
+-- SELECT * FROM [{{schema}}].[fn_Get{{name}}Hierarchy](@id, 'descendants') ORDER BY [Level];
+
+-- Get all ancestors of a {{name}}
+-- SELECT * FROM [{{schema}}].[fn_Get{{name}}Hierarchy](@id, 'ancestors') ORDER BY [Level] DESC;
+
+-- Get full hierarchy (ancestors + descendants)
+-- SELECT * FROM [{{schema}}].[fn_Get{{name}}Hierarchy](@id, 'both') ORDER BY [Level];
+
+-- Get all {{name}}s at a specific level
+-- SELECT * FROM [{{schema}}].[fn_Get{{name}}Hierarchy](@rootId, 'descendants') WHERE [Level] = 2;
+
+-- Check if user belongs to a specific {{name}} hierarchy
+-- SELECT CASE WHEN EXISTS (
+--     SELECT 1 FROM [{{schema}}].[fn_Get{{name}}Hierarchy](@userId{{name}}Id, 'ancestors')
+--     WHERE Id = @target{{name}}Id
+-- ) THEN 1 ELSE 0 END AS BelongsToHierarchy;
+`;
+  const context = {
+    name,
+    nameLower: name.charAt(0).toLowerCase() + name.slice(1),
+    tableName,
+    schema
+  };
+  const tvfContent = Handlebars.compile(tvfTemplate)(context);
+  const projectRoot = config.smartstack.projectPath;
+  const infraPath = structure.infrastructure || path8.join(projectRoot, "Infrastructure");
+  const scriptsPath = path8.join(infraPath, "Persistence", "Scripts", "Functions");
+  const tvfFilePath = path8.join(scriptsPath, `fn_Get${name}Hierarchy.sql`);
+  validatePathSecurity(tvfFilePath, projectRoot);
+  if (!dryRun) {
+    await ensureDirectory(scriptsPath);
+    await writeText(tvfFilePath, tvfContent);
+  }
+  result.files.push({ path: tvfFilePath, content: tvfContent, type: "created" });
+  result.instructions.push("TVF hierarchy function generated!");
+  result.instructions.push("");
+  result.instructions.push("**Next Steps:**");
+  result.instructions.push(`1. Run the SQL script to create the function in your database`);
+  result.instructions.push(`2. Add a method to I${name}Repository for hierarchy queries:`);
+  result.instructions.push("```csharp");
+  result.instructions.push(`Task<IReadOnlyList<${name}HierarchyDto>> GetHierarchyAsync(`);
+  result.instructions.push(`    Guid ${name.toLowerCase()}Id,`);
+  result.instructions.push(`    HierarchyDirection direction,`);
+  result.instructions.push(`    CancellationToken ct = default);`);
+  result.instructions.push("```");
+  result.instructions.push("");
+  result.instructions.push(`3. Create ${name}HierarchyDto:`);
+  result.instructions.push("```csharp");
+  result.instructions.push(`public record ${name}HierarchyDto(`);
+  result.instructions.push("    Guid Id,");
+  result.instructions.push("    Guid? ParentId,");
+  result.instructions.push("    string Code,");
+  result.instructions.push("    Guid TenantId,");
+  result.instructions.push("    int Level,");
+  result.instructions.push("    string Path,");
+  result.instructions.push("    string Direction,");
+  result.instructions.push("    int Depth);");
+  result.instructions.push("```");
+  result.instructions.push("");
+  result.instructions.push("4. Implement using raw SQL in repository:");
+  result.instructions.push("```csharp");
+  result.instructions.push(`var sql = "SELECT * FROM [${schema}].[fn_Get${name}Hierarchy]({0}, {1})";`);
+  result.instructions.push(`return await _context.Database`);
+  result.instructions.push(`    .SqlQueryRaw<${name}HierarchyDto>(sql, id, direction.ToString().ToLower())`);
+  result.instructions.push(`    .ToListAsync(ct);`);
+  result.instructions.push("```");
+  result.instructions.push("");
+  result.instructions.push(`**Pattern Recommendation**: TVF with CTE is optimal for:`);
+  result.instructions.push("- Permission/role hierarchies (recursive permission check)");
+  result.instructions.push("- Organization charts (reporting structure)");
+  result.instructions.push("- Category trees (nested categories)");
+  result.instructions.push("- Group memberships (user belongs to parent groups)");
+}
 async function scaffoldController(name, options, structure, config, result, dryRun = false) {
   const namespace = options?.namespace || `${config.conventions.namespaces.api}.Controllers`;
   const navRoute = options?.navRoute;
@@ -3858,7 +4445,7 @@ var suggestMigrationTool = {
       context: {
         type: "string",
         enum: ["core", "extensions"],
-        description: "DbContext name (default: core)"
+        description: 'DbContext name (default: auto-detected from .smartstack/config.json, or "core" for platform projects)'
       },
       version: {
         type: "string",
@@ -3870,12 +4457,12 @@ var suggestMigrationTool = {
 };
 var SuggestMigrationInputSchema2 = z2.object({
   description: z2.string().describe("Description of what the migration does"),
-  context: z2.enum(["core", "extensions"]).optional().describe("DbContext name (default: core)"),
+  context: z2.enum(["core", "extensions"]).optional().describe("DbContext name (default: auto-detected from project config)"),
   version: z2.string().optional().describe('Semver version (e.g., "1.0.0")')
 });
 async function handleSuggestMigration(args, config) {
   const input = SuggestMigrationInputSchema2.parse(args);
-  const context = input.context || "core";
+  const context = input.context || config.defaultDbContext || "core";
   logger.info("Suggesting migration name", { description: input.description, context });
   const structure = await findSmartStackStructure(config.smartstack.projectPath);
   const existingMigrations = await findExistingMigrations(structure, config, context);
@@ -3898,7 +4485,8 @@ async function handleSuggestMigration(args, config) {
   const sequenceStr = sequence.toString().padStart(3, "0");
   const migrationName = `${context}_v${version}_${sequenceStr}_${pascalDescription}`;
   const dbContextName = context === "core" ? "CoreDbContext" : "ExtensionsDbContext";
-  const command = `dotnet ef migrations add ${migrationName} --context ${dbContextName}`;
+  const outputPath = context === "extensions" ? "Persistence/Migrations/Extensions" : "Persistence/Migrations";
+  const command = `dotnet ef migrations add ${migrationName} --context ${dbContextName} --project ../SmartStack.Infrastructure -o ${outputPath}`;
   const lines = [];
   lines.push("# Migration Name Suggestion");
   lines.push("");
@@ -10587,141 +11175,2864 @@ function calculateMetrics(functions, fileMetrics, thresholds) {
     fileSize: createStat(fileSizes, thresholds.fileSize)
   };
 }
-function identifyHotspots(functions, fileMetrics, thresholds) {
-  const hotspots = [];
-  for (const func of functions) {
-    const issues = [];
-    if (func.cognitiveComplexity > thresholds.cognitiveComplexity) {
-      issues.push(`Cognitive complexity: ${func.cognitiveComplexity} (threshold: ${thresholds.cognitiveComplexity})`);
+function identifyHotspots(functions, fileMetrics, thresholds) {
+  const hotspots = [];
+  for (const func of functions) {
+    const issues = [];
+    if (func.cognitiveComplexity > thresholds.cognitiveComplexity) {
+      issues.push(`Cognitive complexity: ${func.cognitiveComplexity} (threshold: ${thresholds.cognitiveComplexity})`);
+    }
+    if (func.cyclomaticComplexity > thresholds.cyclomaticComplexity) {
+      issues.push(`Cyclomatic complexity: ${func.cyclomaticComplexity} (threshold: ${thresholds.cyclomaticComplexity})`);
+    }
+    if (func.lineCount > thresholds.functionSize) {
+      issues.push(`Lines: ${func.lineCount} (threshold: ${thresholds.functionSize})`);
+    }
+    if (func.maxNestingDepth > thresholds.nestingDepth) {
+      issues.push(`Nesting depth: ${func.maxNestingDepth} (threshold: ${thresholds.nestingDepth})`);
+    }
+    if (issues.length > 0) {
+      const severity = issues.length >= 3 ? "high" : issues.length === 2 ? "medium" : "low";
+      hotspots.push({
+        file: func.file,
+        function: func.name,
+        issues,
+        severity,
+        metrics: {
+          cognitiveComplexity: func.cognitiveComplexity,
+          cyclomaticComplexity: func.cyclomaticComplexity,
+          lineCount: func.lineCount,
+          nestingDepth: func.maxNestingDepth
+        }
+      });
+    }
+  }
+  for (const [file, metrics] of fileMetrics) {
+    if (metrics.lineCount > thresholds.fileSize) {
+      hotspots.push({
+        file,
+        issues: [`File size: ${metrics.lineCount} lines (threshold: ${thresholds.fileSize})`],
+        severity: "medium",
+        metrics: {
+          lineCount: metrics.lineCount
+        }
+      });
+    }
+  }
+  const severityOrder = { high: 0, medium: 1, low: 2 };
+  hotspots.sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);
+  return hotspots.slice(0, 20);
+}
+function calculateSummary(functions, fileMetrics, metrics, hotspots) {
+  const totalViolations = metrics.cognitiveComplexity.violations + metrics.cyclomaticComplexity.violations + metrics.functionSize.violations + metrics.nestingDepth.violations + metrics.fileSize.violations;
+  const totalFunctions = functions.length;
+  const totalFiles = fileMetrics.size;
+  const violationRate = totalFunctions > 0 ? totalViolations / totalFunctions : 0;
+  const score = Math.max(0, Math.round(100 - violationRate * 100));
+  let grade;
+  if (score >= 90) grade = "A";
+  else if (score >= 80) grade = "B";
+  else if (score >= 70) grade = "C";
+  else if (score >= 60) grade = "D";
+  else grade = "F";
+  return {
+    score,
+    grade,
+    filesAnalyzed: totalFiles,
+    functionsAnalyzed: totalFunctions,
+    issuesFound: hotspots.length
+  };
+}
+function isExcludedPath(filePath) {
+  const exclusions = [
+    /[/\\]bin[/\\]/,
+    /[/\\]obj[/\\]/,
+    /[/\\]node_modules[/\\]/,
+    /[/\\]Migrations[/\\]/,
+    /\.test\./,
+    /\.spec\./,
+    /Tests[/\\]/,
+    /\.d\.ts$/,
+    /\.min\./
+  ];
+  return exclusions.some((pattern) => pattern.test(filePath));
+}
+function getLineNumber2(content, index) {
+  const normalizedContent = content.substring(0, index).replace(/\r\n/g, "\n");
+  return normalizedContent.split("\n").length;
+}
+function formatQualityReport(result, thresholds) {
+  const lines = [];
+  lines.push("# Code Quality Report");
+  lines.push("");
+  lines.push("## Summary");
+  lines.push(`- **Score**: ${result.summary.score}/100 (Grade: ${result.summary.grade})`);
+  lines.push(`- **Files analyzed**: ${result.summary.filesAnalyzed}`);
+  lines.push(`- **Functions analyzed**: ${result.summary.functionsAnalyzed}`);
+  lines.push(`- **Issues found**: ${result.summary.issuesFound}`);
+  lines.push("");
+  lines.push("## Metrics Overview");
+  lines.push("");
+  lines.push("| Metric | Average | Max | Threshold | Status |");
+  lines.push("|--------|---------|-----|-----------|--------|");
+  const formatMetricRow = (name, stat2) => {
+    const status = stat2.violations > 0 ? `${stat2.violations} violations` : "\u2705 OK";
+    return `| ${name} | ${stat2.average} | ${stat2.max} | ${stat2.threshold} | ${status} |`;
+  };
+  lines.push(formatMetricRow("Cognitive Complexity", result.metrics.cognitiveComplexity));
+  lines.push(formatMetricRow("Cyclomatic Complexity", result.metrics.cyclomaticComplexity));
+  lines.push(formatMetricRow("Function Size", result.metrics.functionSize));
+  lines.push(formatMetricRow("Nesting Depth", result.metrics.nestingDepth));
+  lines.push(formatMetricRow("File Size", result.metrics.fileSize));
+  lines.push("");
+  if (result.hotspots.length > 0) {
+    lines.push("## Hotspots (Needs Attention)");
+    lines.push("");
+    for (const hotspot of result.hotspots) {
+      const severityEmoji = hotspot.severity === "high" ? "\u{1F534}" : hotspot.severity === "medium" ? "\u{1F7E1}" : "\u{1F7E2}";
+      const location = hotspot.function ? `\`${hotspot.function}\` (${hotspot.file})` : `\`${hotspot.file}\``;
+      lines.push(`### ${severityEmoji} ${hotspot.severity.toUpperCase()}: ${location}`);
+      for (const issue of hotspot.issues) {
+        lines.push(`- ${issue}`);
+      }
+      if (hotspot.function) {
+        if (hotspot.metrics.cognitiveComplexity && hotspot.metrics.cognitiveComplexity > thresholds.cognitiveComplexity) {
+          lines.push(`- **Recommendation**: Extract logic into smaller, focused methods`);
+        } else if (hotspot.metrics.lineCount && hotspot.metrics.lineCount > thresholds.functionSize) {
+          lines.push(`- **Recommendation**: Split into multiple functions with single responsibilities`);
+        }
+      } else {
+        lines.push(`- **Recommendation**: Consider splitting this file into smaller modules`);
+      }
+      lines.push("");
+    }
+  } else {
+    lines.push("No hotspots found. Code quality is within acceptable thresholds.");
+  }
+  return lines.join("\n");
+}
+
+// src/tools/analyze-hierarchy-patterns.ts
+import path22 from "path";
+var analyzeHierarchyPatternsTool = {
+  name: "analyze_hierarchy_patterns",
+  description: `Analyze parent-child relationships in SmartStack entities and recommend optimal hierarchy patterns.
+
+Detects:
+- Direct parent-child relationships (via foreign keys)
+- Self-referencing hierarchies (ParentId pointing to same entity)
+- Inheritance chains (entity extending another entity)
+- Collection relationships (ICollection<T>)
+
+Recommends patterns based on usage:
+- **TVF + CTE**: Deep hierarchies with frequent traversal (permissions, org charts)
+- **Materialized Path**: Deep hierarchies with frequent modifications
+- **Simple ParentId**: Shallow hierarchies (2-3 levels)
+- **Nested Sets**: Read-heavy, rarely modified trees
+- **Closure Table**: All operations need to be fast`,
+  inputSchema: {
+    type: "object",
+    properties: {
+      path: {
+        type: "string",
+        description: "Project path to analyze (default: SmartStack.app path from config)"
+      },
+      entityFilter: {
+        type: "string",
+        description: 'Filter entities by name pattern (e.g., "User*", "*Group*")'
+      },
+      includeRecommendations: {
+        type: "boolean",
+        default: true,
+        description: "Include pattern recommendations for each hierarchy"
+      },
+      outputFormat: {
+        type: "string",
+        enum: ["summary", "detailed", "json"],
+        default: "detailed",
+        description: "Output format"
+      }
+    }
+  }
+};
+async function handleAnalyzeHierarchyPatterns(args, config) {
+  const input = AnalyzeHierarchyPatternsInputSchema.parse(args);
+  const projectPath = input.path || config.smartstack.projectPath;
+  const includeRecommendations = input.includeRecommendations ?? true;
+  const outputFormat = input.outputFormat || "detailed";
+  logger.info("Analyzing hierarchy patterns", { projectPath });
+  const structure = await findSmartStackStructure(projectPath);
+  if (!structure.domain) {
+    return "# Error\n\nDomain project not found. Cannot analyze entity hierarchies.";
+  }
+  const entityGraph = await buildEntityGraph(structure.domain, input.entityFilter);
+  const hierarchies = detectHierarchies(entityGraph);
+  const recommendations = includeRecommendations ? generateRecommendations4(hierarchies, entityGraph) : [];
+  const result = {
+    totalEntities: entityGraph.size,
+    hierarchicalEntities: hierarchies.filter((h) => h.isHierarchical).length,
+    selfReferencingEntities: hierarchies.filter((h) => h.isSelfReferencing).length,
+    maxDepth: Math.max(0, ...hierarchies.map((h) => h.depth)),
+    hierarchies,
+    recommendations,
+    circularDependencies: detectCircularDependencies(entityGraph)
+  };
+  return formatResult8(result, outputFormat, structure.root);
+}
+async function buildEntityGraph(domainPath, filter) {
+  const entityFiles = await findFiles("**/*.cs", { cwd: domainPath });
+  const entityMap = /* @__PURE__ */ new Map();
+  const parsedEntities = [];
+  for (const file of entityFiles) {
+    const content = await readText(file);
+    const parsed = parseEntity(content, file, domainPath);
+    if (parsed && (!filter || matchesFilter(parsed.name, filter))) {
+      parsedEntities.push(parsed);
+    }
+  }
+  for (const entity of parsedEntities) {
+    entityMap.set(entity.name, {
+      name: entity.name,
+      file: entity.file,
+      baseClass: entity.baseClass,
+      isTenantAware: entity.isTenantAware,
+      isSystemEntity: entity.isSystemEntity,
+      parent: null,
+      children: [],
+      depth: 0,
+      isRoot: true,
+      isLeaf: true,
+      isSelfReferencing: !!entity.selfReferenceField,
+      selfReferenceField: entity.selfReferenceField,
+      childCollections: entity.childCollections,
+      foreignKeys: entity.foreignKeys,
+      isHierarchical: false
+    });
+  }
+  for (const entity of parsedEntities) {
+    const node = entityMap.get(entity.name);
+    if (entity.parentEntity && entityMap.has(entity.parentEntity)) {
+      const parent = entityMap.get(entity.parentEntity);
+      node.parent = parent.name;
+      node.isRoot = false;
+      parent.children.push(entity.name);
+      parent.isLeaf = false;
+    }
+    if (entity.childCollections.length > 0 || entity.selfReferenceField) {
+      node.isHierarchical = true;
+    }
+  }
+  for (const node of entityMap.values()) {
+    node.depth = calculateDepth(node.name, entityMap, /* @__PURE__ */ new Set());
+  }
+  for (const node of entityMap.values()) {
+    if (node.children.length > 0) {
+      node.isHierarchical = true;
+    }
+  }
+  return entityMap;
+}
+function parseEntity(content, file, domainPath) {
+  const fileName = path22.basename(file, ".cs");
+  if (fileName.endsWith("Dto") || fileName.endsWith("Command") || fileName.endsWith("Query") || fileName.endsWith("Handler") || fileName.endsWith("Validator") || fileName.endsWith("Exception") || fileName.startsWith("I")) {
+    return null;
+  }
+  const classMatch = content.match(
+    /public\s+(?:class|record)\s+(\w+)(?:\s*:\s*([^{]+))?/
+  );
+  if (!classMatch) return null;
+  const entityName = classMatch[1];
+  const inheritance = classMatch[2]?.trim() || "";
+  const hasBaseEntity = inheritance.includes("BaseEntity");
+  const hasSystemEntity = inheritance.includes("SystemEntity");
+  if (!hasBaseEntity && !hasSystemEntity) return null;
+  const hasITenantEntity = inheritance.includes("ITenantEntity");
+  const selfRefMatch = content.match(
+    new RegExp(`public\\s+(?:Guid\\??|${entityName}\\??)\\s+(Parent(?:Id)?|Parent${entityName}(?:Id)?)\\s*\\{`, "i")
+  );
+  const selfReferenceField = selfRefMatch ? selfRefMatch[1] : void 0;
+  const childCollections = [];
+  const collectionMatches = content.matchAll(
+    /public\s+(?:virtual\s+)?ICollection<(\w+)>\s+(\w+)\s*\{/g
+  );
+  for (const match of collectionMatches) {
+    childCollections.push(match[1]);
+  }
+  const foreignKeys = [];
+  const fkMatches = content.matchAll(
+    /public\s+Guid\s+(\w+Id)\s*\{[^}]+\}/g
+  );
+  for (const match of fkMatches) {
+    const propName = match[1];
+    if (selfReferenceField && propName.toLowerCase().includes("parent")) continue;
+    const referencedEntity = propName.replace(/Id$/, "");
+    if (referencedEntity !== entityName) {
+      foreignKeys.push({
+        propertyName: propName,
+        referencedEntity,
+        isNavigationProperty: content.includes(`public virtual ${referencedEntity}?`)
+      });
+    }
+  }
+  const parentEntity = foreignKeys.length > 0 ? foreignKeys[0].referencedEntity : void 0;
+  return {
+    name: entityName,
+    file: path22.relative(domainPath, file),
+    baseClass: hasSystemEntity ? "SystemEntity" : "BaseEntity",
+    isTenantAware: hasITenantEntity,
+    isSystemEntity: hasSystemEntity,
+    parentEntity,
+    selfReferenceField,
+    childCollections,
+    foreignKeys
+  };
+}
+function matchesFilter(name, filter) {
+  const pattern = filter.replace(/\*/g, ".*").replace(/\?/g, ".");
+  return new RegExp(`^${pattern}$`, "i").test(name);
+}
+function calculateDepth(name, entityMap, visited) {
+  if (visited.has(name)) return -1;
+  const node = entityMap.get(name);
+  if (!node || !node.parent) return 0;
+  visited.add(name);
+  const parentDepth = calculateDepth(node.parent, entityMap, visited);
+  return parentDepth === -1 ? -1 : parentDepth + 1;
+}
+function detectHierarchies(entityMap) {
+  return Array.from(entityMap.values()).filter(
+    (node) => node.isHierarchical || node.isSelfReferencing || node.children.length > 0
+  );
+}
+function detectCircularDependencies(entityMap) {
+  const cycles = [];
+  for (const [name] of entityMap) {
+    let dfs2 = function(current) {
+      if (path27.includes(current)) {
+        const cycleStart = path27.indexOf(current);
+        cycles.push([...path27.slice(cycleStart), current]);
+        return true;
+      }
+      if (visited.has(current)) return false;
+      visited.add(current);
+      path27.push(current);
+      const node = entityMap.get(current);
+      if (node?.parent) {
+        dfs2(node.parent);
+      }
+      path27.pop();
+      return false;
+    };
+    var dfs = dfs2;
+    const visited = /* @__PURE__ */ new Set();
+    const path27 = [];
+    dfs2(name);
+  }
+  const unique = /* @__PURE__ */ new Map();
+  for (const cycle of cycles) {
+    const key = [...cycle].sort().join(",");
+    if (!unique.has(key)) {
+      unique.set(key, cycle);
+    }
+  }
+  return Array.from(unique.values());
+}
+function generateRecommendations4(hierarchies, entityMap) {
+  const recommendations = [];
+  for (const hierarchy of hierarchies) {
+    const rec = analyzeHierarchy(hierarchy, entityMap);
+    if (rec) {
+      recommendations.push(rec);
+    }
+  }
+  return recommendations;
+}
+function analyzeHierarchy(node, entityMap) {
+  if (!node.isRoot && !node.isSelfReferencing) return null;
+  const depth = calculateMaxChildDepth(node, entityMap);
+  const totalNodes = countDescendants(node, entityMap) + 1;
+  const hasPermissionPattern = node.name.toLowerCase().includes("permission") || node.name.toLowerCase().includes("role") || node.name.toLowerCase().includes("group");
+  let pattern;
+  let reason;
+  let priority;
+  let sqlTemplate;
+  if (node.isSelfReferencing) {
+    if (depth > 3 || hasPermissionPattern) {
+      pattern = "tvf-cte";
+      reason = `Self-referencing hierarchy with variable depth. ${hasPermissionPattern ? "Permission/Group pattern detected - TVF recommended for recursive permission resolution." : ""}`;
+      priority = hasPermissionPattern ? "critical" : "high";
+      sqlTemplate = generateTvfTemplate(node);
+    } else if (depth <= 3) {
+      pattern = "simple-parentid";
+      reason = "Shallow self-referencing hierarchy (depth <= 3). Simple ParentId with eager loading is sufficient.";
+      priority = "low";
+    } else {
+      pattern = "materialized-path";
+      reason = "Deep self-referencing hierarchy. Consider Materialized Path for efficient ancestor/descendant queries.";
+      priority = "medium";
+    }
+  } else if (node.children.length > 0) {
+    if (depth > 2) {
+      pattern = "tvf-cte";
+      reason = `Multi-level parent-child hierarchy (depth: ${depth}). TVF with CTE recommended for efficient traversal.`;
+      priority = "medium";
+      sqlTemplate = generateTvfTemplate(node);
+    } else {
+      pattern = "simple-parentid";
+      reason = `Simple two-level parent-child relationship. Standard FK relationship is optimal.`;
+      priority = "low";
+    }
+  } else {
+    return null;
+  }
+  return {
+    entityName: node.name,
+    currentPattern: node.isSelfReferencing ? "self-referencing" : "parent-child",
+    recommendedPattern: pattern,
+    reason,
+    priority,
+    hierarchyDepth: depth,
+    estimatedNodes: totalNodes,
+    sqlTemplate,
+    implementationSteps: getImplementationSteps(pattern, node)
+  };
+}
+function calculateMaxChildDepth(node, entityMap, visited = /* @__PURE__ */ new Set()) {
+  if (visited.has(node.name)) return 0;
+  visited.add(node.name);
+  if (node.isSelfReferencing) {
+    return 5;
+  }
+  if (node.children.length === 0) return 0;
+  let maxChildDepth = 0;
+  for (const childName of node.children) {
+    const child = entityMap.get(childName);
+    if (child) {
+      const childDepth = calculateMaxChildDepth(child, entityMap, visited);
+      maxChildDepth = Math.max(maxChildDepth, childDepth);
+    }
+  }
+  return maxChildDepth + 1;
+}
+function countDescendants(node, entityMap, visited = /* @__PURE__ */ new Set()) {
+  if (visited.has(node.name)) return 0;
+  visited.add(node.name);
+  let count = 0;
+  for (const childName of node.children) {
+    const child = entityMap.get(childName);
+    if (child) {
+      count += 1 + countDescendants(child, entityMap, visited);
+    }
+  }
+  return count;
+}
+function generateTvfTemplate(node) {
+  const tableName = `${node.name}s`;
+  const idField = "Id";
+  const parentField = node.selfReferenceField || "ParentId";
+  return `-- Table-Valued Function with Recursive CTE
+-- Returns all ancestors/descendants for ${node.name}
+CREATE OR ALTER FUNCTION [core].[fn_Get${node.name}Hierarchy]
+(
+    @${node.name}Id UNIQUEIDENTIFIER,
+    @Direction VARCHAR(10) = 'ancestors' -- 'ancestors' or 'descendants'
+)
+RETURNS TABLE
+AS
+RETURN
+(
+    WITH Hierarchy AS (
+        -- Base case: starting node
+        SELECT
+            ${idField},
+            ${parentField},
+            0 AS Level,
+            CAST(${idField} AS VARCHAR(MAX)) AS Path
+        FROM core.${tableName}
+        WHERE ${idField} = @${node.name}Id
+          AND IsDeleted = 0
+
+        UNION ALL
+
+        -- Recursive case: traverse hierarchy
+        SELECT
+            t.${idField},
+            t.${parentField},
+            h.Level + 1,
+            h.Path + '/' + CAST(t.${idField} AS VARCHAR(MAX))
+        FROM core.${tableName} t
+        INNER JOIN Hierarchy h ON
+            CASE @Direction
+                WHEN 'ancestors' THEN t.${idField}
+                WHEN 'descendants' THEN t.${parentField}
+            END =
+            CASE @Direction
+                WHEN 'ancestors' THEN h.${parentField}
+                WHEN 'descendants' THEN h.${idField}
+            END
+        WHERE t.IsDeleted = 0
+          AND h.Level < 50 -- Prevent infinite recursion
+    )
+    SELECT
+        ${idField},
+        ${parentField},
+        Level,
+        Path
+    FROM Hierarchy
+);
+GO
+
+-- Usage example:
+-- SELECT * FROM core.fn_Get${node.name}Hierarchy(@id, 'descendants');
+-- SELECT * FROM core.fn_Get${node.name}Hierarchy(@id, 'ancestors');`;
+}
+function getImplementationSteps(pattern, node) {
+  switch (pattern) {
+    case "tvf-cte":
+      return [
+        `1. Create migration with TVF: fn_Get${node.name}Hierarchy`,
+        `2. Add method to I${node.name}Repository: GetHierarchyAsync(Guid id, HierarchyDirection direction)`,
+        `3. Implement using raw SQL: _context.Database.SqlQuery<${node.name}HierarchyDto>(...)`,
+        `4. Create ${node.name}HierarchyDto with Id, ParentId, Level, Path`,
+        `5. Add unit tests for hierarchy traversal (ancestors/descendants)`
+      ];
+    case "materialized-path":
+      return [
+        `1. Add Path column to ${node.name}: public string Path { get; private set; } // e.g., "/1/3/5/"`,
+        `2. Add PathDepth computed column or property`,
+        `3. Create index on Path for prefix queries`,
+        `4. Update Create/Update methods to maintain Path`,
+        `5. Query ancestors: WHERE @path LIKE Path + '%'`,
+        `6. Query descendants: WHERE Path LIKE @path + '%'`
+      ];
+    case "simple-parentid":
+      return [
+        `1. Ensure ${node.selfReferenceField || "ParentId"} FK is configured`,
+        `2. Add navigation property: public virtual ${node.name}? Parent { get; }`,
+        `3. Add children collection: public virtual ICollection<${node.name}> Children { get; }`,
+        `4. Use .Include() for eager loading when needed`
+      ];
+    case "nested-sets":
+      return [
+        `1. Add Left and Right columns (int)`,
+        `2. Implement tree rebuild on modifications`,
+        `3. Query descendants: WHERE Left > @left AND Right < @right`,
+        `4. Query ancestors: WHERE Left < @left AND Right > @right`,
+        `5. Warning: Updates are expensive - only use for read-heavy scenarios`
+      ];
+    case "closure-table":
+      return [
+        `1. Create ${node.name}Closure table: (AncestorId, DescendantId, Depth)`,
+        `2. Populate closure table on Create/Update`,
+        `3. Query all ancestors: WHERE DescendantId = @id`,
+        `4. Query all descendants: WHERE AncestorId = @id`,
+        `5. Maintain closure table on hierarchy changes`
+      ];
+    default:
+      return [];
+  }
+}
+function formatResult8(result, format, _rootPath) {
+  if (format === "json") {
+    return JSON.stringify(result, null, 2);
+  }
+  const lines = [];
+  lines.push("# Entity Hierarchy Analysis");
+  lines.push("");
+  lines.push("## Summary");
+  lines.push("");
+  lines.push(`| Metric | Value |`);
+  lines.push(`|--------|-------|`);
+  lines.push(`| Total Entities | ${result.totalEntities} |`);
+  lines.push(`| Hierarchical Entities | ${result.hierarchicalEntities} |`);
+  lines.push(`| Self-Referencing | ${result.selfReferencingEntities} |`);
+  lines.push(`| Max Depth | ${result.maxDepth} |`);
+  lines.push("");
+  if (result.circularDependencies.length > 0) {
+    lines.push("## \u26A0\uFE0F Circular Dependencies Detected");
+    lines.push("");
+    for (const cycle of result.circularDependencies) {
+      lines.push(`- ${cycle.join(" \u2192 ")}`);
+    }
+    lines.push("");
+  }
+  if (result.hierarchies.length > 0) {
+    lines.push("## Detected Hierarchies");
+    lines.push("");
+    for (const h of result.hierarchies) {
+      const icon = h.isSelfReferencing ? "\u{1F504}" : "\u{1F4C2}";
+      lines.push(`### ${icon} ${h.name}`);
+      lines.push("");
+      lines.push(`| Property | Value |`);
+      lines.push(`|----------|-------|`);
+      lines.push(`| File | \`${h.file}\` |`);
+      lines.push(`| Type | ${h.isSelfReferencing ? "Self-referencing" : "Parent-child"} |`);
+      lines.push(`| Tenant-aware | ${h.isTenantAware ? "Yes" : "No"} |`);
+      lines.push(`| Depth | ${h.depth} |`);
+      if (h.selfReferenceField) {
+        lines.push(`| Self-ref field | \`${h.selfReferenceField}\` |`);
+      }
+      if (h.children.length > 0) {
+        lines.push(`| Children | ${h.children.join(", ")} |`);
+      }
+      if (h.childCollections.length > 0) {
+        lines.push(`| Collections | ${h.childCollections.join(", ")} |`);
+      }
+      lines.push("");
+    }
+  }
+  if (result.recommendations.length > 0) {
+    lines.push("## Pattern Recommendations");
+    lines.push("");
+    const priorityOrder = ["critical", "high", "medium", "low"];
+    const sorted = [...result.recommendations].sort(
+      (a, b) => priorityOrder.indexOf(a.priority) - priorityOrder.indexOf(b.priority)
+    );
+    for (const rec of sorted) {
+      const priorityIcon = {
+        critical: "\u{1F534}",
+        high: "\u{1F7E0}",
+        medium: "\u{1F7E1}",
+        low: "\u{1F7E2}"
+      }[rec.priority];
+      lines.push(`### ${priorityIcon} ${rec.entityName}`);
+      lines.push("");
+      lines.push(`**Recommended Pattern**: \`${rec.recommendedPattern}\``);
+      lines.push("");
+      lines.push(`**Reason**: ${rec.reason}`);
+      lines.push("");
+      lines.push(`**Priority**: ${rec.priority.toUpperCase()}`);
+      lines.push("");
+      if (format === "detailed") {
+        lines.push("#### Implementation Steps");
+        lines.push("");
+        for (const step of rec.implementationSteps) {
+          lines.push(step);
+        }
+        lines.push("");
+        if (rec.sqlTemplate) {
+          lines.push("#### SQL Template");
+          lines.push("");
+          lines.push("```sql");
+          lines.push(rec.sqlTemplate);
+          lines.push("```");
+          lines.push("");
+        }
+      }
+    }
+  }
+  lines.push("---");
+  lines.push("");
+  lines.push("## Pattern Legend");
+  lines.push("");
+  lines.push("| Pattern | Best For | Trade-offs |");
+  lines.push("|---------|----------|------------|");
+  lines.push("| **TVF + CTE** | Deep hierarchies, frequent traversal | Requires SQL Server, slightly more complex |");
+  lines.push("| **Materialized Path** | Deep hierarchies, frequent modifications | Path maintenance overhead |");
+  lines.push("| **Simple ParentId** | Shallow hierarchies (2-3 levels) | N+1 queries on deep traversal |");
+  lines.push("| **Nested Sets** | Read-heavy, rarely modified | Expensive updates |");
+  lines.push("| **Closure Table** | All operations fast | Storage overhead (N\xB2 entries) |");
+  return lines.join("\n");
+}
+
+// src/tools/review-code/types.ts
+var LAYER_RULES = {
+  domain: {
+    canImport: [],
+    cannotImport: ["application", "infrastructure", "api", "web"]
+  },
+  application: {
+    canImport: ["domain"],
+    cannotImport: ["infrastructure", "api", "web"]
+  },
+  infrastructure: {
+    canImport: ["domain", "application"],
+    cannotImport: ["api", "web"]
+  },
+  api: {
+    canImport: ["domain", "application", "infrastructure"],
+    cannotImport: ["web"]
+  },
+  web: {
+    canImport: ["domain", "application"],
+    cannotImport: ["infrastructure"]
+  }
+};
+var FINDING_PREFIXES = {
+  security: "SEC",
+  architecture: "ARCH",
+  "hardcoded-values": "HARD",
+  tests: "TEST",
+  "ai-hallucinations": "AI",
+  performance: "PERF",
+  "dead-code": "DEAD",
+  i18n: "I18N",
+  accessibility: "A11Y"
+};
+var findingCounters = {};
+function generateFindingId(category) {
+  const prefix = FINDING_PREFIXES[category];
+  if (!findingCounters[prefix]) {
+    findingCounters[prefix] = 0;
+  }
+  findingCounters[prefix]++;
+  return `${prefix}-${String(findingCounters[prefix]).padStart(3, "0")}`;
+}
+function resetFindingCounters() {
+  Object.keys(findingCounters).forEach((key) => {
+    findingCounters[key] = 0;
+  });
+}
+
+// src/tools/review-code/checks/security.ts
+var SECRET_PATTERNS = [
+  { pattern: /["']sk[-_]live[-_][a-zA-Z0-9]{20,}["']/gi, name: "Stripe Live Key" },
+  { pattern: /["']sk[-_]test[-_][a-zA-Z0-9]{20,}["']/gi, name: "Stripe Test Key" },
+  { pattern: /["'][a-zA-Z0-9]{40}["']/g, name: "Generic API Key (40 chars)" },
+  { pattern: /password\s*[=:]\s*["'][^"']{4,}["']/gi, name: "Hardcoded Password" },
+  { pattern: /apikey\s*[=:]\s*["'][^"']{8,}["']/gi, name: "Hardcoded API Key" },
+  { pattern: /secret\s*[=:]\s*["'][^"']{8,}["']/gi, name: "Hardcoded Secret" },
+  { pattern: /connectionstring\s*[=:]\s*["'][^"']+["']/gi, name: "Connection String" },
+  { pattern: /Bearer\s+[a-zA-Z0-9\-_.]+/gi, name: "Bearer Token" },
+  { pattern: /-----BEGIN\s+(RSA\s+)?PRIVATE\s+KEY-----/gi, name: "Private Key" }
+];
+var SQL_INJECTION_PATTERNS = [
+  { pattern: /\$["'`]SELECT\s+.+\s+FROM/gi, name: "String interpolation in SQL" },
+  { pattern: /\+\s*["'].*SELECT.*FROM/gi, name: "Concatenation in SQL" },
+  { pattern: /string\.Format\s*\(\s*["'].*SELECT/gi, name: "String.Format with SQL" },
+  { pattern: /ExecuteSqlRaw\s*\(\s*\$"/gi, name: "ExecuteSqlRaw with interpolation" },
+  { pattern: /FromSqlRaw\s*\(\s*\$"/gi, name: "FromSqlRaw with interpolation" }
+];
+var XSS_PATTERNS = [
+  { pattern: /innerHTML\s*=/gi, name: "innerHTML assignment" },
+  { pattern: /dangerouslySetInnerHTML/gi, name: "dangerouslySetInnerHTML" },
+  { pattern: /document\.write\s*\(/gi, name: "document.write" },
+  { pattern: /eval\s*\(/gi, name: "eval() usage" }
+];
+var CONTROLLER_WITHOUT_AUTH = /\[ApiController\][\s\S]*?public\s+class\s+\w+Controller/gi;
+async function checkSecurity(context) {
+  const findings = [];
+  for (const file of context.files) {
+    if (!["csharp", "typescript", "javascript", "tsx", "jsx"].includes(file.language)) {
+      continue;
+    }
+    const lines = file.content.split("\n");
+    for (const { pattern, name } of SECRET_PATTERNS) {
+      let match;
+      pattern.lastIndex = 0;
+      while ((match = pattern.exec(file.content)) !== null) {
+        const lineNumber = getLineNumber3(file.content, match.index);
+        const lineContent = lines[lineNumber - 1]?.trim() || "";
+        if (isInComment(lineContent)) continue;
+        findings.push({
+          id: generateFindingId("security"),
+          category: "security",
+          severity: "blocking",
+          title: `Hardcoded ${name}`,
+          description: `Found a hardcoded ${name.toLowerCase()} in the source code. Secrets should never be committed to version control.`,
+          file: file.relativePath,
+          line: lineNumber,
+          code: truncateCode2(lineContent),
+          suggestion: "Move this secret to environment variables, Azure Key Vault, or a secure configuration provider.",
+          autoFixable: false,
+          cweId: "CWE-798",
+          references: ["https://cwe.mitre.org/data/definitions/798.html"]
+        });
+      }
+    }
+    if (file.language === "csharp") {
+      for (const { pattern, name } of SQL_INJECTION_PATTERNS) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(file.content)) !== null) {
+          const lineNumber = getLineNumber3(file.content, match.index);
+          const lineContent = lines[lineNumber - 1]?.trim() || "";
+          if (isInComment(lineContent)) continue;
+          findings.push({
+            id: generateFindingId("security"),
+            category: "security",
+            severity: "blocking",
+            title: "Potential SQL Injection",
+            description: `${name} detected. This pattern can lead to SQL injection vulnerabilities.`,
+            file: file.relativePath,
+            line: lineNumber,
+            code: truncateCode2(lineContent),
+            suggestion: "Use parameterized queries or EF Core LINQ methods instead of string interpolation.",
+            autoFixable: false,
+            cweId: "CWE-89",
+            references: ["https://cwe.mitre.org/data/definitions/89.html"]
+          });
+        }
+      }
+      const controllerMatch = CONTROLLER_WITHOUT_AUTH.exec(file.content);
+      if (controllerMatch) {
+        const hasAuthorize = /\[Authorize\]/i.test(file.content.slice(0, controllerMatch.index + 200));
+        const hasAllowAnonymous = /\[AllowAnonymous\]/i.test(file.content.slice(0, controllerMatch.index + 200));
+        const hasNavRoute = /\[NavRoute\(/i.test(file.content);
+        if (!hasAuthorize && !hasAllowAnonymous && !hasNavRoute) {
+          findings.push({
+            id: generateFindingId("security"),
+            category: "security",
+            severity: "critical",
+            title: "Missing Authorization Attribute",
+            description: "This API controller does not have [Authorize], [AllowAnonymous], or [NavRoute] attribute.",
+            file: file.relativePath,
+            line: getLineNumber3(file.content, controllerMatch.index),
+            suggestion: 'Add [Authorize] or [NavRoute("...")] attribute to secure the controller.',
+            autoFixable: false,
+            cweId: "CWE-862"
+          });
+        }
+      }
+    }
+    if (["typescript", "javascript", "tsx", "jsx"].includes(file.language)) {
+      for (const { pattern, name } of XSS_PATTERNS) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(file.content)) !== null) {
+          const lineNumber = getLineNumber3(file.content, match.index);
+          const lineContent = lines[lineNumber - 1]?.trim() || "";
+          if (isInComment(lineContent)) continue;
+          const contextStart = Math.max(0, match.index - 200);
+          const contextEnd = Math.min(file.content.length, match.index + 200);
+          const context2 = file.content.slice(contextStart, contextEnd).toLowerCase();
+          if (context2.includes("sanitize") || context2.includes("dompurify") || context2.includes("escape")) {
+            continue;
+          }
+          findings.push({
+            id: generateFindingId("security"),
+            category: "security",
+            severity: "critical",
+            title: "Potential XSS Vulnerability",
+            description: `${name} detected without apparent sanitization. This can lead to Cross-Site Scripting attacks.`,
+            file: file.relativePath,
+            line: lineNumber,
+            code: truncateCode2(lineContent),
+            suggestion: "Sanitize user input before rendering. Use DOMPurify or React's built-in escaping.",
+            autoFixable: false,
+            cweId: "CWE-79",
+            references: ["https://cwe.mitre.org/data/definitions/79.html"]
+          });
+        }
+      }
+    }
+  }
+  return findings;
+}
+function getLineNumber3(content, index) {
+  return content.slice(0, index).split("\n").length;
+}
+function truncateCode2(code, maxLength = 100) {
+  if (code.length <= maxLength) return code;
+  return code.slice(0, maxLength - 3) + "...";
+}
+function isInComment(line) {
+  const trimmed = line.trim();
+  return trimmed.startsWith("//") || trimmed.startsWith("/*") || trimmed.startsWith("*");
+}
+
+// src/tools/review-code/checks/architecture.ts
+var CSHARP_LAYER_PATTERNS = {
+  domain: [
+    /namespace\s+\w+\.Domain/i,
+    /SmartStack\.Domain/i
+  ],
+  application: [
+    /namespace\s+\w+\.Application/i,
+    /SmartStack\.Application/i
+  ],
+  infrastructure: [
+    /namespace\s+\w+\.Infrastructure/i,
+    /SmartStack\.Infrastructure/i,
+    /\.Persistence\./i,
+    /DbContext/i
+  ],
+  api: [
+    /namespace\s+\w+\.Api/i,
+    /SmartStack\.Api/i,
+    /\[ApiController\]/i
+  ]
+};
+var CSHARP_IMPORT_PATTERNS = {
+  domain: /using\s+[\w.]*\.Domain[.\w]*/gi,
+  application: /using\s+[\w.]*\.Application[.\w]*/gi,
+  infrastructure: /using\s+[\w.]*\.Infrastructure[.\w]*/gi,
+  api: /using\s+[\w.]*\.Api[.\w]*/gi
+};
+var TS_LAYER_VIOLATIONS = [
+  {
+    pattern: /from\s+['"].*Infrastructure.*['"]/gi,
+    layer: "infrastructure",
+    message: "Web/React code should not import from Infrastructure layer"
+  },
+  {
+    pattern: /from\s+['"].*\.Api.*['"]/gi,
+    layer: "api",
+    message: "Web/React code should not import from Api layer directly"
+  }
+];
+var DIRECT_DB_PATTERNS = [
+  {
+    pattern: /private\s+readonly\s+\w*DbContext/gi,
+    name: "Direct DbContext field"
+  },
+  {
+    pattern: /new\s+\w*DbContext\s*\(/gi,
+    name: "DbContext instantiation"
+  },
+  {
+    pattern: /IApplicationDbContext|ICoreDbContext/gi,
+    name: "DbContext interface",
+    allowed: ["service", "repository", "handler"]
+  }
+];
+async function checkArchitecture(context) {
+  const findings = [];
+  for (const file of context.files) {
+    const lines = file.content.split("\n");
+    if (file.language === "csharp") {
+      const fileLayer = detectCsharpLayer(file.content, file.relativePath);
+      if (fileLayer && LAYER_RULES[fileLayer]) {
+        const rules = LAYER_RULES[fileLayer];
+        for (const forbiddenLayer of rules.cannotImport) {
+          const importPattern = CSHARP_IMPORT_PATTERNS[forbiddenLayer];
+          if (!importPattern) continue;
+          let match2;
+          importPattern.lastIndex = 0;
+          while ((match2 = importPattern.exec(file.content)) !== null) {
+            const lineNumber = getLineNumber4(file.content, match2.index);
+            const lineContent = lines[lineNumber - 1]?.trim() || "";
+            findings.push({
+              id: generateFindingId("architecture"),
+              category: "architecture",
+              severity: "critical",
+              title: `Layer Violation: ${capitalize2(fileLayer)} \u2192 ${capitalize2(forbiddenLayer)}`,
+              description: `The ${capitalize2(fileLayer)} layer should not import from the ${capitalize2(forbiddenLayer)} layer. This violates Clean Architecture principles.`,
+              file: file.relativePath,
+              line: lineNumber,
+              code: truncateCode3(lineContent),
+              suggestion: `Remove this import. ${getSuggestionForViolation(fileLayer, forbiddenLayer)}`,
+              autoFixable: false
+            });
+          }
+        }
+      }
+      const isController = /Controller\.cs$/i.test(file.relativePath);
+      if (isController) {
+        for (const { pattern, name: _name } of DIRECT_DB_PATTERNS) {
+          let match2;
+          pattern.lastIndex = 0;
+          while ((match2 = pattern.exec(file.content)) !== null) {
+            const hasComplexQuery = /\.Include\(/.test(file.content) && /\.ThenInclude\(/.test(file.content);
+            if (hasComplexQuery) {
+              const lineNumber = getLineNumber4(file.content, match2.index);
+              findings.push({
+                id: generateFindingId("architecture"),
+                category: "architecture",
+                severity: "warning",
+                title: "Complex Query in Controller",
+                description: "Controllers with complex queries (multiple Includes) should consider moving logic to a service.",
+                file: file.relativePath,
+                line: lineNumber,
+                suggestion: "Consider extracting complex query logic to an Application layer service.",
+                autoFixable: false
+              });
+              break;
+            }
+          }
+        }
+      }
+      const newServicePattern = /new\s+(\w+Service)\s*\(/gi;
+      let match;
+      while ((match = newServicePattern.exec(file.content)) !== null) {
+        const lineNumber = getLineNumber4(file.content, match.index);
+        const lineContent = lines[lineNumber - 1]?.trim() || "";
+        if (file.relativePath.includes("Test") || file.relativePath.includes(".test.")) continue;
+        findings.push({
+          id: generateFindingId("architecture"),
+          category: "architecture",
+          severity: "critical",
+          title: "Service Instantiation Instead of DI",
+          description: `Direct instantiation of ${match[1]} detected. Services should be injected via constructor, not instantiated with 'new'.`,
+          file: file.relativePath,
+          line: lineNumber,
+          code: truncateCode3(lineContent),
+          suggestion: "Inject the service interface via constructor dependency injection.",
+          autoFixable: false
+        });
+      }
+    }
+    if (["typescript", "tsx"].includes(file.language) && file.layer === "web") {
+      for (const { pattern, message } of TS_LAYER_VIOLATIONS) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(file.content)) !== null) {
+          const lineNumber = getLineNumber4(file.content, match.index);
+          const lineContent = lines[lineNumber - 1]?.trim() || "";
+          findings.push({
+            id: generateFindingId("architecture"),
+            category: "architecture",
+            severity: "critical",
+            title: "Web Layer Violation",
+            description: message,
+            file: file.relativePath,
+            line: lineNumber,
+            code: truncateCode3(lineContent),
+            suggestion: "Use API client services to communicate with the backend instead of direct imports.",
+            autoFixable: false
+          });
+        }
+      }
+    }
+  }
+  return findings;
+}
+function detectCsharpLayer(content, filePath) {
+  const pathLower = filePath.toLowerCase();
+  if (pathLower.includes("/domain/") || pathLower.includes("\\domain\\")) return "domain";
+  if (pathLower.includes("/application/") || pathLower.includes("\\application\\")) return "application";
+  if (pathLower.includes("/infrastructure/") || pathLower.includes("\\infrastructure\\")) return "infrastructure";
+  if (pathLower.includes("/api/") || pathLower.includes("\\api\\")) return "api";
+  for (const [layer, patterns] of Object.entries(CSHARP_LAYER_PATTERNS)) {
+    for (const pattern of patterns) {
+      if (pattern.test(content)) {
+        return layer;
+      }
+    }
+  }
+  return null;
+}
+function getSuggestionForViolation(fromLayer, toLayer) {
+  if (fromLayer === "domain" && toLayer === "application") {
+    return "Domain entities should not depend on Application layer. Move shared interfaces to Domain.";
+  }
+  if (fromLayer === "application" && toLayer === "infrastructure") {
+    return "Define an interface in Application layer and implement it in Infrastructure.";
+  }
+  if (fromLayer === "api" && toLayer === "web") {
+    return "API controllers should not depend on Web layer.";
+  }
+  if (toLayer === "infrastructure") {
+    return "Use dependency injection with interfaces defined in Application layer.";
+  }
+  return "Refactor to respect Clean Architecture layer boundaries.";
+}
+function getLineNumber4(content, index) {
+  return content.slice(0, index).split("\n").length;
+}
+function truncateCode3(code, maxLength = 100) {
+  if (code.length <= maxLength) return code;
+  return code.slice(0, maxLength - 3) + "...";
+}
+function capitalize2(str) {
+  return str.charAt(0).toUpperCase() + str.slice(1);
+}
+
+// src/tools/review-code/checks/hardcoded-values.ts
+var ACCEPTABLE_NUMBERS = /* @__PURE__ */ new Set([
+  0,
+  1,
+  -1,
+  2,
+  10,
+  100,
+  1e3,
+  // Common sizes
+  8,
+  16,
+  32,
+  64,
+  128,
+  256,
+  512,
+  1024,
+  // HTTP status codes (often used as comparisons)
+  200,
+  201,
+  204,
+  400,
+  401,
+  403,
+  404,
+  500
+]);
+var HARDCODED_URL_PATTERN = /["'](https?:\/\/(?!localhost)[^"']+)["']/gi;
+var HARDCODED_EMAIL_PATTERN = /["']([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})["']/gi;
+var HARDCODED_IP_PATTERN = /["'](\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})["']/gi;
+var TIMEOUT_PATTERNS = [
+  { pattern: /timeout\s*[=:]\s*(\d{4,})/gi, name: "Timeout value" },
+  { pattern: /TimeSpan\.FromSeconds\s*\(\s*(\d+)\s*\)/gi, name: "TimeSpan.FromSeconds" },
+  { pattern: /TimeSpan\.FromMinutes\s*\(\s*(\d+)\s*\)/gi, name: "TimeSpan.FromMinutes" },
+  { pattern: /setTimeout\s*\(\s*[^,]+,\s*(\d{4,})\s*\)/gi, name: "setTimeout" },
+  { pattern: /delay\s*[=:]\s*(\d{4,})/gi, name: "Delay value" }
+];
+var MAGIC_NUMBER_PATTERN = /(?<![a-zA-Z0-9_.])\b(\d+)\b(?![a-zA-Z0-9_])/g;
+var FEATURE_FLAG_PATTERNS = [
+  { pattern: /if\s*\(\s*(true|false)\s*\)/gi, name: "Hardcoded boolean condition" },
+  { pattern: /enabled\s*[=:]\s*(true|false)/gi, name: "Hardcoded enabled flag" }
+];
+async function checkHardcodedValues(context) {
+  const findings = [];
+  for (const file of context.files) {
+    if (isConfigOrConstFile(file.relativePath)) continue;
+    const lines = file.content.split("\n");
+    let match;
+    HARDCODED_URL_PATTERN.lastIndex = 0;
+    while ((match = HARDCODED_URL_PATTERN.exec(file.content)) !== null) {
+      const lineNumber = getLineNumber5(file.content, match.index);
+      const lineContent = lines[lineNumber - 1]?.trim() || "";
+      if (isInComment2(lineContent) || isDocExample(lineContent)) continue;
+      findings.push({
+        id: generateFindingId("hardcoded-values"),
+        category: "hardcoded-values",
+        severity: "warning",
+        title: "Hardcoded URL",
+        description: `Found hardcoded URL: ${truncateCode4(match[1], 50)}. URLs should be in configuration.`,
+        file: file.relativePath,
+        line: lineNumber,
+        code: truncateCode4(lineContent),
+        suggestion: "Move this URL to appsettings.json, environment variables, or a configuration service.",
+        autoFixable: false
+      });
+    }
+    HARDCODED_EMAIL_PATTERN.lastIndex = 0;
+    while ((match = HARDCODED_EMAIL_PATTERN.exec(file.content)) !== null) {
+      const lineNumber = getLineNumber5(file.content, match.index);
+      const lineContent = lines[lineNumber - 1]?.trim() || "";
+      if (isInComment2(lineContent) || isDocExample(lineContent)) continue;
+      if (match[1].includes("@test") || match[1].includes("@example")) continue;
+      findings.push({
+        id: generateFindingId("hardcoded-values"),
+        category: "hardcoded-values",
+        severity: "warning",
+        title: "Hardcoded Email",
+        description: `Found hardcoded email: ${match[1]}. Consider using configuration.`,
+        file: file.relativePath,
+        line: lineNumber,
+        code: truncateCode4(lineContent),
+        suggestion: "Move this email to configuration or use a configurable notification service.",
+        autoFixable: false
+      });
+    }
+    HARDCODED_IP_PATTERN.lastIndex = 0;
+    while ((match = HARDCODED_IP_PATTERN.exec(file.content)) !== null) {
+      const lineNumber = getLineNumber5(file.content, match.index);
+      const lineContent = lines[lineNumber - 1]?.trim() || "";
+      if (isInComment2(lineContent)) continue;
+      if (match[1] === "127.0.0.1" || match[1] === "0.0.0.0") continue;
+      findings.push({
+        id: generateFindingId("hardcoded-values"),
+        category: "hardcoded-values",
+        severity: "warning",
+        title: "Hardcoded IP Address",
+        description: `Found hardcoded IP address: ${match[1]}. This should be configurable.`,
+        file: file.relativePath,
+        line: lineNumber,
+        code: truncateCode4(lineContent),
+        suggestion: "Move this IP address to configuration.",
+        autoFixable: false
+      });
+    }
+    for (const { pattern, name } of TIMEOUT_PATTERNS) {
+      pattern.lastIndex = 0;
+      while ((match = pattern.exec(file.content)) !== null) {
+        const value = parseInt(match[1], 10);
+        const lineNumber = getLineNumber5(file.content, match.index);
+        const lineContent = lines[lineNumber - 1]?.trim() || "";
+        if (isInComment2(lineContent)) continue;
+        if (value > 1e3 || value > 60 && name.includes("Minutes")) {
+          findings.push({
+            id: generateFindingId("hardcoded-values"),
+            category: "hardcoded-values",
+            severity: "warning",
+            title: "Hardcoded Timeout",
+            description: `${name} with hardcoded value ${value}. Consider making timeouts configurable.`,
+            file: file.relativePath,
+            line: lineNumber,
+            code: truncateCode4(lineContent),
+            suggestion: "Extract timeout values to configuration for easier adjustment in different environments.",
+            autoFixable: false
+          });
+        }
+      }
+    }
+    if (isBusinessLogicFile(file.relativePath) && file.language === "csharp") {
+      checkMagicNumbers(file.content, file.relativePath, lines, findings);
+    }
+    for (const { pattern, name } of FEATURE_FLAG_PATTERNS) {
+      pattern.lastIndex = 0;
+      while ((match = pattern.exec(file.content)) !== null) {
+        const lineNumber = getLineNumber5(file.content, match.index);
+        const lineContent = lines[lineNumber - 1]?.trim() || "";
+        if (isInComment2(lineContent)) continue;
+        if (lineContent.includes("DEBUG") || lineContent.includes("TEST")) continue;
+        findings.push({
+          id: generateFindingId("hardcoded-values"),
+          category: "hardcoded-values",
+          severity: "warning",
+          title: "Hardcoded Feature Flag",
+          description: `${name} detected. Feature toggles should be configurable, not hardcoded.`,
+          file: file.relativePath,
+          line: lineNumber,
+          code: truncateCode4(lineContent),
+          suggestion: "Use a feature flag system or configuration service instead of hardcoded boolean values.",
+          autoFixable: false
+        });
+      }
+    }
+  }
+  return findings;
+}
+function checkMagicNumbers(content, filePath, lines, findings) {
+  const magicNumbersFound = /* @__PURE__ */ new Map();
+  let match;
+  MAGIC_NUMBER_PATTERN.lastIndex = 0;
+  while ((match = MAGIC_NUMBER_PATTERN.exec(content)) !== null) {
+    const value = parseInt(match[1], 10);
+    const lineNumber = getLineNumber5(content, match.index);
+    const lineContent = lines[lineNumber - 1]?.trim() || "";
+    if (ACCEPTABLE_NUMBERS.has(value)) continue;
+    if (isInComment2(lineContent)) continue;
+    if (/const\s+\w+\s*=/.test(lineContent) || /readonly\s+\w+\s*=/.test(lineContent)) continue;
+    if (/\[\s*\d+\s*\]/.test(lineContent)) continue;
+    if (!magicNumbersFound.has(value)) {
+      magicNumbersFound.set(value, []);
+    }
+    magicNumbersFound.get(value).push(lineNumber);
+  }
+  for (const [value, lineNumbers] of magicNumbersFound) {
+    if (lineNumbers.length >= 2) {
+      findings.push({
+        id: generateFindingId("hardcoded-values"),
+        category: "hardcoded-values",
+        severity: "warning",
+        title: "Magic Number",
+        description: `Magic number ${value} appears ${lineNumbers.length} times. Consider extracting to a named constant.`,
+        file: filePath,
+        line: lineNumbers[0],
+        suggestion: `Extract ${value} to a well-named constant that explains its purpose.`,
+        autoFixable: true
+      });
+    }
+  }
+}
+function isConfigOrConstFile(filePath) {
+  const lower = filePath.toLowerCase();
+  return lower.includes("config") || lower.includes("constant") || lower.includes("settings") || lower.includes("appsettings") || lower.includes(".json") || lower.includes("test") || lower.includes(".spec.") || lower.includes(".test.");
+}
+function isBusinessLogicFile(filePath) {
+  const lower = filePath.toLowerCase();
+  return lower.includes("service") || lower.includes("handler") || lower.includes("controller") || lower.includes("validator");
+}
+function isDocExample(line) {
+  if (line.includes("/// ") || line.includes("* ")) return true;
+  const hasExampleKeyword = /\bexample\b/i.test(line);
+  const isExampleInUrl = /example\.(com|org|net)/i.test(line);
+  return hasExampleKeyword && !isExampleInUrl;
+}
+function getLineNumber5(content, index) {
+  return content.slice(0, index).split("\n").length;
+}
+function truncateCode4(code, maxLength = 100) {
+  if (code.length <= maxLength) return code;
+  return code.slice(0, maxLength - 3) + "...";
+}
+function isInComment2(line) {
+  const trimmed = line.trim();
+  return trimmed.startsWith("//") || trimmed.startsWith("/*") || trimmed.startsWith("*");
+}
+
+// src/tools/review-code/checks/tests.ts
+var ENTITY_PATTERN = /public\s+class\s+(\w+)\s*:\s*(Base|System)Entity/gi;
+var SERVICE_PATTERN = /public\s+class\s+(\w+Service)\s*:\s*I\w+Service/gi;
+var CONTROLLER_PATTERN = /public\s+class\s+(\w+Controller)\s*:\s*ControllerBase/gi;
+var VALIDATOR_PATTERN = /public\s+class\s+(\w+Validator)\s*:\s*AbstractValidator/gi;
+var USELESS_ASSERTION_PATTERNS = [
+  /Assert\.True\s*\(\s*true\s*\)/gi,
+  /Assert\.False\s*\(\s*false\s*\)/gi,
+  /\.Should\(\)\.BeTrue\(\)/gi,
+  /expect\s*\(\s*true\s*\)\s*\.toBe\s*\(\s*true\s*\)/gi,
+  /expect\s*\(\s*1\s*\)\s*\.toBe\s*\(\s*1\s*\)/gi
+];
+async function checkTests(context) {
+  const findings = [];
+  const entities = /* @__PURE__ */ new Set();
+  const services = /* @__PURE__ */ new Set();
+  const controllers = /* @__PURE__ */ new Set();
+  const validators = /* @__PURE__ */ new Set();
+  const existingTests = /* @__PURE__ */ new Set();
+  for (const file of context.files) {
+    if (file.language !== "csharp") continue;
+    let match;
+    ENTITY_PATTERN.lastIndex = 0;
+    while ((match = ENTITY_PATTERN.exec(file.content)) !== null) {
+      entities.add(match[1]);
+    }
+    SERVICE_PATTERN.lastIndex = 0;
+    while ((match = SERVICE_PATTERN.exec(file.content)) !== null) {
+      services.add(match[1]);
+    }
+    CONTROLLER_PATTERN.lastIndex = 0;
+    while ((match = CONTROLLER_PATTERN.exec(file.content)) !== null) {
+      controllers.add(match[1]);
+    }
+    VALIDATOR_PATTERN.lastIndex = 0;
+    while ((match = VALIDATOR_PATTERN.exec(file.content)) !== null) {
+      validators.add(match[1]);
+    }
+    if (file.relativePath.includes("Tests") || file.relativePath.includes(".test.")) {
+      const testClassMatch = /public\s+class\s+(\w+)Tests/gi.exec(file.content);
+      if (testClassMatch) {
+        existingTests.add(testClassMatch[1]);
+      }
+      checkTestQuality(file, findings);
+    }
+  }
+  checkMissingTests(entities, existingTests, "Entity", findings);
+  checkMissingTests(services, existingTests, "Service", findings);
+  checkMissingTests(controllers, existingTests, "Controller", findings);
+  checkMissingTests(validators, existingTests, "Validator", findings);
+  return findings;
+}
+function checkMissingTests(components, existingTests, type, findings) {
+  for (const component of components) {
+    const baseName = component.replace(/(Service|Controller|Validator)$/, "");
+    const hasTest = existingTests.has(component) || existingTests.has(baseName) || existingTests.has(`${baseName}${type}`);
+    if (!hasTest) {
+      const priority = getPriority(type);
+      findings.push({
+        id: generateFindingId("tests"),
+        category: "tests",
+        severity: priority === "critical" ? "critical" : "warning",
+        title: `Missing Tests for ${component}`,
+        description: `No test file found for ${type.toLowerCase()} ${component}. ${type}s should have comprehensive test coverage.`,
+        file: `Tests/Unit/${type}s/${component}Tests.cs`,
+        suggestion: `Create a test file: Tests/Unit/${type}s/${component}Tests.cs`,
+        autoFixable: false
+      });
+    }
+  }
+}
+function checkTestQuality(file, findings) {
+  for (const pattern of USELESS_ASSERTION_PATTERNS) {
+    let match;
+    pattern.lastIndex = 0;
+    while ((match = pattern.exec(file.content)) !== null) {
+      const lineNumber = getLineNumber6(file.content, match.index);
+      findings.push({
+        id: generateFindingId("tests"),
+        category: "tests",
+        severity: "warning",
+        title: "Useless Test Assertion",
+        description: "This assertion always passes and doesn't test any behavior.",
+        file: file.relativePath,
+        line: lineNumber,
+        code: truncateCode5(match[0]),
+        suggestion: "Replace with meaningful assertions that verify actual behavior.",
+        autoFixable: false
+      });
+    }
+  }
+  const factMatches = file.content.matchAll(/\[Fact\]\s*\n\s*public\s+(?:async\s+)?(?:Task|void)\s+(\w+)/gi);
+  for (const match of factMatches) {
+    const methodName = match[1];
+    const methodStart = match.index || 0;
+    const bodyStart = file.content.indexOf("{", methodStart);
+    const bodyEnd = findMatchingBrace(file.content, bodyStart);
+    if (bodyStart !== -1 && bodyEnd !== -1) {
+      const methodBody = file.content.slice(bodyStart, bodyEnd);
+      const hasAssertion = /Assert\./i.test(methodBody) || /\.Should\(/i.test(methodBody) || /expect\s*\(/i.test(methodBody) || /Verify\s*\(/i.test(methodBody);
+      if (!hasAssertion) {
+        const lineNumber = getLineNumber6(file.content, methodStart);
+        findings.push({
+          id: generateFindingId("tests"),
+          category: "tests",
+          severity: "warning",
+          title: "Test Without Assertions",
+          description: `Test method ${methodName} does not appear to have any assertions.`,
+          file: file.relativePath,
+          line: lineNumber,
+          suggestion: "Add assertions to verify the expected behavior. A test without assertions doesn't prove anything.",
+          autoFixable: false
+        });
+      }
+    }
+  }
+}
+function getPriority(type) {
+  switch (type) {
+    case "Service":
+      return "critical";
+    case "Controller":
+      return "high";
+    case "Validator":
+      return "high";
+    case "Entity":
+      return "medium";
+    default:
+      return "low";
+  }
+}
+function findMatchingBrace(content, start) {
+  let depth = 0;
+  for (let i = start; i < content.length; i++) {
+    if (content[i] === "{") depth++;
+    if (content[i] === "}") {
+      depth--;
+      if (depth === 0) return i;
+    }
+  }
+  return -1;
+}
+function getLineNumber6(content, index) {
+  return content.slice(0, index).split("\n").length;
+}
+function truncateCode5(code, maxLength = 100) {
+  if (code.length <= maxLength) return code;
+  return code.slice(0, maxLength - 3) + "...";
+}
+
+// src/tools/review-code/checks/ai-hallucinations.ts
+var FAKE_DOTNET_NAMESPACES = [
+  "System.AI",
+  "System.Machine",
+  "Microsoft.AI.OpenAI",
+  "Microsoft.Extensions.AI",
+  "Azure.AI.TextAnalytics",
+  // Often confused
+  "System.Data.Linq"
+  // Obsolete
+];
+var FAKE_NPM_PACKAGES = [
+  "@react/router",
+  // Should be react-router-dom
+  "@microsoft/auth",
+  // Various incorrect forms
+  "react-query/v4",
+  // Incorrect path
+  "@tanstack/query"
+  // Should be @tanstack/react-query
+];
+var AI_CODE_PATTERNS = [
+  {
+    pattern: /\/\/\s*TODO:\s*implement/gi,
+    name: "Unimplemented TODO",
+    description: "AI-generated placeholder that was not completed"
+  },
+  {
+    pattern: /throw\s+new\s+NotImplementedException\s*\(\s*\)/gi,
+    name: "NotImplementedException",
+    description: "Method stub that was not implemented"
+  },
+  {
+    pattern: /\/\/\s*\.\.\./gi,
+    name: "Ellipsis comment",
+    description: "AI placeholder comment indicating incomplete code"
+  },
+  {
+    pattern: /\/\*\s*\.\.\.\s*\*\//gi,
+    name: "Ellipsis block comment",
+    description: "AI placeholder indicating incomplete code"
+  }
+];
+var FAKE_METHODS = {
+  string: ["IsEmpty", "IsNotEmpty", "ToInt", "ToDouble", "SafeTrim"],
+  List: ["AddIfNotExists", "SafeAdd", "GetOrDefault", "FindOrCreate"],
+  Dictionary: ["GetOrAdd", "TryAdd", "SafeGet"],
+  // Some exist in ConcurrentDictionary
+  Task: ["WaitAll", "WhenAny"],
+  // Should be Task.WaitAll, Task.WhenAny (static)
+  DateTime: ["ToISOString", "FromISOString"]
+  // JavaScript confusion
+};
+var CSHARP_USING_PATTERN = /using\s+([\w.]+);/gi;
+var TS_IMPORT_PATTERN = /import\s+.*\s+from\s+['"]([^'"]+)['"]/gi;
+async function checkAiHallucinations(context) {
+  const findings = [];
+  const existingFiles = new Set(context.files.map((f) => f.relativePath.toLowerCase()));
+  const existingModules = /* @__PURE__ */ new Set();
+  for (const file of context.files) {
+    if (file.language === "csharp") {
+      const namespaceMatch = /namespace\s+([\w.]+)/gi.exec(file.content);
+      if (namespaceMatch) {
+        existingModules.add(namespaceMatch[1].toLowerCase());
+      }
+    }
+  }
+  for (const file of context.files) {
+    const lines = file.content.split("\n");
+    for (const { pattern, name, description } of AI_CODE_PATTERNS) {
+      let match;
+      pattern.lastIndex = 0;
+      while ((match = pattern.exec(file.content)) !== null) {
+        const lineNumber = getLineNumber7(file.content, match.index);
+        findings.push({
+          id: generateFindingId("ai-hallucinations"),
+          category: "ai-hallucinations",
+          severity: "critical",
+          title: `Incomplete Code: ${name}`,
+          description,
+          file: file.relativePath,
+          line: lineNumber,
+          code: truncateCode6(lines[lineNumber - 1]?.trim() || ""),
+          suggestion: "Complete the implementation or remove the placeholder.",
+          autoFixable: false
+        });
+      }
+    }
+    if (file.language === "csharp") {
+      let match;
+      CSHARP_USING_PATTERN.lastIndex = 0;
+      while ((match = CSHARP_USING_PATTERN.exec(file.content)) !== null) {
+        const namespace = match[1];
+        for (const fakeNs of FAKE_DOTNET_NAMESPACES) {
+          if (namespace.startsWith(fakeNs)) {
+            const lineNumber = getLineNumber7(file.content, match.index);
+            findings.push({
+              id: generateFindingId("ai-hallucinations"),
+              category: "ai-hallucinations",
+              severity: "blocking",
+              title: "Non-existent Namespace",
+              description: `The namespace '${namespace}' does not exist in .NET. This may be AI-hallucinated code.`,
+              file: file.relativePath,
+              line: lineNumber,
+              code: truncateCode6(match[0]),
+              suggestion: "Verify this namespace exists. Check NuGet packages or use the correct namespace.",
+              autoFixable: false
+            });
+          }
+        }
+      }
+      for (const [typeName, fakeMethods] of Object.entries(FAKE_METHODS)) {
+        for (const fakeMethod of fakeMethods) {
+          const methodPattern = new RegExp(`\\.${fakeMethod}\\s*\\(`, "gi");
+          let methodMatch;
+          while ((methodMatch = methodPattern.exec(file.content)) !== null) {
+            const lineNumber = getLineNumber7(file.content, methodMatch.index);
+            const lineContent = lines[lineNumber - 1]?.trim() || "";
+            const contextStart = Math.max(0, methodMatch.index - 50);
+            const context2 = file.content.slice(contextStart, methodMatch.index).toLowerCase();
+            if (context2.includes(typeName.toLowerCase()) || typeName === "string") {
+              findings.push({
+                id: generateFindingId("ai-hallucinations"),
+                category: "ai-hallucinations",
+                severity: "blocking",
+                title: `Non-existent Method: ${fakeMethod}`,
+                description: `The method '${fakeMethod}' does not exist on ${typeName} in .NET. This is likely AI-hallucinated code.`,
+                file: file.relativePath,
+                line: lineNumber,
+                code: truncateCode6(lineContent),
+                suggestion: `Use the correct .NET method. For example: string.IsNullOrEmpty() instead of IsEmpty().`,
+                autoFixable: false
+              });
+            }
+          }
+        }
+      }
+    }
+    if (["typescript", "javascript", "tsx", "jsx"].includes(file.language)) {
+      let match;
+      TS_IMPORT_PATTERN.lastIndex = 0;
+      while ((match = TS_IMPORT_PATTERN.exec(file.content)) !== null) {
+        const importPath = match[1];
+        for (const fakePkg of FAKE_NPM_PACKAGES) {
+          if (importPath === fakePkg || importPath.startsWith(fakePkg + "/")) {
+            const lineNumber = getLineNumber7(file.content, match.index);
+            findings.push({
+              id: generateFindingId("ai-hallucinations"),
+              category: "ai-hallucinations",
+              severity: "blocking",
+              title: "Non-existent Package",
+              description: `The package '${importPath}' does not exist. This may be AI-hallucinated code.`,
+              file: file.relativePath,
+              line: lineNumber,
+              code: truncateCode6(lines[lineNumber - 1]?.trim() || ""),
+              suggestion: "Verify this package exists on npm. Check the correct package name.",
+              autoFixable: false
+            });
+          }
+        }
+        if (importPath.startsWith("./") || importPath.startsWith("../")) {
+          const normalizedPath = resolveRelativePath(file.relativePath, importPath);
+          const possibleExtensions = [".ts", ".tsx", ".js", ".jsx", "/index.ts", "/index.tsx", "/index.js"];
+          const exists = possibleExtensions.some(
+            (ext) => existingFiles.has(normalizedPath.toLowerCase() + ext) || existingFiles.has(normalizedPath.toLowerCase())
+          );
+          if (!exists && !importPath.includes("*")) {
+            const lineNumber = getLineNumber7(file.content, match.index);
+            findings.push({
+              id: generateFindingId("ai-hallucinations"),
+              category: "ai-hallucinations",
+              severity: "critical",
+              title: "Import Path Not Found",
+              description: `The import path '${importPath}' does not resolve to an existing file.`,
+              file: file.relativePath,
+              line: lineNumber,
+              code: truncateCode6(lines[lineNumber - 1]?.trim() || ""),
+              suggestion: "Verify the file exists or fix the import path.",
+              autoFixable: false
+            });
+          }
+        }
+      }
+    }
+  }
+  return findings;
+}
+function resolveRelativePath(fromFile, importPath) {
+  fromFile = fromFile.replace(/\\/g, "/");
+  importPath = importPath.replace(/\\/g, "/");
+  const fromDir = fromFile.substring(0, fromFile.lastIndexOf("/"));
+  const parts = fromDir.split("/");
+  for (const segment of importPath.split("/")) {
+    if (segment === "..") {
+      parts.pop();
+    } else if (segment !== ".") {
+      parts.push(segment);
+    }
+  }
+  return parts.join("/");
+}
+function getLineNumber7(content, index) {
+  return content.slice(0, index).split("\n").length;
+}
+function truncateCode6(code, maxLength = 100) {
+  if (code.length <= maxLength) return code;
+  return code.slice(0, maxLength - 3) + "...";
+}
+
+// src/tools/review-code/checks/performance.ts
+var N_PLUS_ONE_PATTERNS = [
+  {
+    // Query inside foreach/for loop
+    pattern: /(?:foreach|for)\s*\([^)]+\)\s*\{[^}]*(?:await\s+)?_context\.\w+\./gi,
+    name: "Query in loop",
+    description: "Database query inside a loop can cause N+1 performance issues"
+  },
+  {
+    // Nested Select with query
+    pattern: /\.Select\s*\([^)]*=>[^)]*\.(?:First|Single|Where|Any)\s*\(/gi,
+    name: "Nested query in Select",
+    description: "Nested query inside Select projection causes N+1"
+  },
+  {
+    // Lazy loading trigger
+    pattern: /(?:foreach|for)\s*\([^)]+\)\s*\{[^}]*\.\w+Navigation\./gi,
+    name: "Navigation property in loop",
+    description: "Accessing navigation property in loop triggers lazy loading"
+  }
+];
+var OVER_FETCHING_PATTERNS = [
+  {
+    // Multiple Include calls
+    pattern: /\.Include\s*\([^)]+\)\s*\.Include\s*\([^)]+\)\s*\.Include\s*\([^)]+\)/gi,
+    name: "Triple Include",
+    description: "Too many Include calls can load excessive data"
+  },
+  {
+    // ToList before Where
+    pattern: /\.ToList(?:Async)?\s*\(\s*\)\s*\.(?:Where|Select|OrderBy)/gi,
+    name: "ToList before filtering",
+    description: "ToList() before filtering loads all records into memory"
+  },
+  {
+    // GetAll without pagination
+    pattern: /GetAll(?:Async)?\s*\(\s*\)/gi,
+    name: "GetAll without pagination",
+    description: "Fetching all records without pagination can cause memory issues"
+  }
+];
+var FRONTEND_PERF_PATTERNS = [
+  {
+    // Multiple fetch in useEffect
+    pattern: /useEffect\s*\(\s*(?:async\s*)?\(\s*\)\s*=>\s*\{[^}]*fetch[^}]*fetch/gi,
+    name: "Multiple fetches in useEffect",
+    description: "Multiple sequential API calls in useEffect should be combined or parallelized"
+  },
+  {
+    // Fetch without dependency array
+    pattern: /useEffect\s*\(\s*(?:async\s*)?\(\s*\)\s*=>\s*\{[^}]*(?:fetch|axios|api\.)[^}]*\}\s*\)/gi,
+    name: "Fetch without dependencies",
+    description: "API call in useEffect without dependency array runs on every render"
+  },
+  {
+    // setState in loop
+    pattern: /(?:for|while|forEach)\s*\([^)]*\)[^{]*\{[^}]*set\w+\s*\(/gi,
+    name: "setState in loop",
+    description: "Calling setState in a loop causes multiple re-renders"
+  },
+  {
+    // Large inline objects in JSX
+    pattern: /style\s*=\s*\{\s*\{[^}]{100,}\}/gi,
+    name: "Large inline style object",
+    description: "Large inline objects create new references on each render"
+  }
+];
+var MISSING_OPTIMIZATION_PATTERNS = [
+  {
+    // No pagination in list queries
+    pattern: /\.ToListAsync\s*\(\s*\)/gi,
+    contextCheck: (content, index) => {
+      const context = content.slice(Math.max(0, index - 200), index);
+      return !context.includes("Take") && !context.includes("Skip") && !context.includes("PageSize");
+    },
+    name: "List query without pagination",
+    description: "Large list queries should use pagination"
+  },
+  {
+    // No AsNoTracking for read-only queries
+    pattern: /\.(?:Where|Select|Include)[^;]*\.ToListAsync/gi,
+    contextCheck: (content, index) => {
+      const context = content.slice(Math.max(0, index - 300), index + 100);
+      return !context.includes("AsNoTracking") && !context.includes("Update") && !context.includes("Add");
+    },
+    name: "Missing AsNoTracking",
+    description: "Read-only queries should use AsNoTracking for better performance"
+  }
+];
+async function checkPerformance(context) {
+  const findings = [];
+  for (const file of context.files) {
+    const lines = file.content.split("\n");
+    if (file.language === "csharp") {
+      for (const { pattern, name, description } of N_PLUS_ONE_PATTERNS) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(file.content)) !== null) {
+          const lineNumber = getLineNumber8(file.content, match.index);
+          const lineContent = lines[lineNumber - 1]?.trim() || "";
+          findings.push({
+            id: generateFindingId("performance"),
+            category: "performance",
+            severity: "critical",
+            title: `N+1 Query: ${name}`,
+            description,
+            file: file.relativePath,
+            line: lineNumber,
+            code: truncateCode7(lineContent),
+            suggestion: "Use Include() or batch the queries. Consider using .Select() projection to load only needed data.",
+            autoFixable: false,
+            references: ["https://docs.microsoft.com/en-us/ef/core/querying/related-data"]
+          });
+        }
+      }
+      for (const { pattern, name, description } of OVER_FETCHING_PATTERNS) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(file.content)) !== null) {
+          const lineNumber = getLineNumber8(file.content, match.index);
+          const lineContent = lines[lineNumber - 1]?.trim() || "";
+          findings.push({
+            id: generateFindingId("performance"),
+            category: "performance",
+            severity: "warning",
+            title: `Over-fetching: ${name}`,
+            description,
+            file: file.relativePath,
+            line: lineNumber,
+            code: truncateCode7(lineContent),
+            suggestion: "Consider using .Select() projection to load only the fields you need, or split into multiple queries.",
+            autoFixable: false
+          });
+        }
+      }
+      for (const { pattern, contextCheck, name, description } of MISSING_OPTIMIZATION_PATTERNS) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(file.content)) !== null) {
+          if (contextCheck && !contextCheck(file.content, match.index)) continue;
+          const lineNumber = getLineNumber8(file.content, match.index);
+          const lineContent = lines[lineNumber - 1]?.trim() || "";
+          if (file.relativePath.includes("Test")) continue;
+          findings.push({
+            id: generateFindingId("performance"),
+            category: "performance",
+            severity: "warning",
+            title: `Performance: ${name}`,
+            description,
+            file: file.relativePath,
+            line: lineNumber,
+            code: truncateCode7(lineContent),
+            suggestion: name.includes("pagination") ? "Add .Skip() and .Take() for pagination." : "Add .AsNoTracking() for read-only queries.",
+            autoFixable: false
+          });
+        }
+      }
+    }
+    if (["typescript", "javascript", "tsx", "jsx"].includes(file.language)) {
+      for (const { pattern, name, description } of FRONTEND_PERF_PATTERNS) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(file.content)) !== null) {
+          const lineNumber = getLineNumber8(file.content, match.index);
+          const lineContent = lines[lineNumber - 1]?.trim() || "";
+          findings.push({
+            id: generateFindingId("performance"),
+            category: "performance",
+            severity: "warning",
+            title: `Frontend Performance: ${name}`,
+            description,
+            file: file.relativePath,
+            line: lineNumber,
+            code: truncateCode7(lineContent),
+            suggestion: getSuggestionForFrontendPerf(name),
+            autoFixable: false
+          });
+        }
+      }
+      checkMissingMemoization(file, lines, findings);
+    }
+  }
+  return findings;
+}
+function checkMissingMemoization(file, lines, findings) {
+  const expensivePatterns = [
+    /\.filter\s*\([^)]+\)\.map\s*\(/gi,
+    /\.reduce\s*\([^)]+\)/gi,
+    /\.sort\s*\([^)]*\)/gi,
+    /JSON\.parse\s*\(/gi
+  ];
+  for (const pattern of expensivePatterns) {
+    let match;
+    pattern.lastIndex = 0;
+    while ((match = pattern.exec(file.content)) !== null) {
+      const lineNumber = getLineNumber8(file.content, match.index);
+      const contextStart = Math.max(0, match.index - 100);
+      const context = file.content.slice(contextStart, match.index);
+      if (context.includes("useMemo") || context.includes("useCallback")) continue;
+      const beforeMatch = file.content.slice(Math.max(0, match.index - 500), match.index);
+      if (beforeMatch.includes("return (") || beforeMatch.includes("return <")) {
+        findings.push({
+          id: generateFindingId("performance"),
+          category: "performance",
+          severity: "warning",
+          title: "Expensive Computation in Render",
+          description: "Expensive array operations in render body should be memoized.",
+          file: file.relativePath,
+          line: lineNumber,
+          code: truncateCode7(lines[lineNumber - 1]?.trim() || ""),
+          suggestion: "Wrap this computation with useMemo() to prevent recalculation on every render.",
+          autoFixable: false
+        });
+      }
+    }
+  }
+}
+function getSuggestionForFrontendPerf(name) {
+  const suggestions = {
+    "Multiple fetches in useEffect": "Use Promise.all() to parallelize requests or combine into a single API call.",
+    "Fetch without dependencies": "Add a dependency array to prevent the effect from running on every render.",
+    "setState in loop": "Batch state updates or use a reducer pattern.",
+    "Large inline style object": "Extract styles to a useMemo() hook or a constant outside the component."
+  };
+  return suggestions[name] || "Optimize this code for better performance.";
+}
+function getLineNumber8(content, index) {
+  return content.slice(0, index).split("\n").length;
+}
+function truncateCode7(code, maxLength = 100) {
+  if (code.length <= maxLength) return code;
+  return code.slice(0, maxLength - 3) + "...";
+}
+
+// src/tools/review-code/checks/dead-code.ts
+var COMMENTED_CODE_PATTERNS = [
+  {
+    pattern: /\/\/\s*(?:if|for|while|switch|return|var|let|const|public|private|async)\s+/gi,
+    name: "Commented code block"
+  },
+  {
+    pattern: /\/\*[\s\S]*?(?:if|for|while|return|function)[\s\S]*?\*\//gi,
+    name: "Commented code block"
+  }
+];
+var TODO_PATTERNS = [
+  {
+    pattern: /\/\/\s*TODO[:\s]/gi,
+    name: "TODO comment"
+  },
+  {
+    pattern: /\/\/\s*FIXME[:\s]/gi,
+    name: "FIXME comment"
+  },
+  {
+    pattern: /\/\/\s*HACK[:\s]/gi,
+    name: "HACK comment"
+  },
+  {
+    pattern: /\/\/\s*XXX[:\s]/gi,
+    name: "XXX comment"
+  }
+];
+var CSHARP_UNUSED_IMPORT_PATTERN = /using\s+([\w.]+);/gi;
+var CSHARP_PRIVATE_METHOD_PATTERN = /private\s+(?:async\s+)?(?:static\s+)?(?:Task<?\w*>?|\w+)\s+(\w+)\s*\(/gi;
+var CSHARP_PRIVATE_FIELD_PATTERN = /private\s+(?:readonly\s+)?(?:static\s+)?\w+(?:<[^>]+>)?\s+_?(\w+)\s*[;=]/gi;
+async function checkDeadCode(context) {
+  const findings = [];
+  for (const file of context.files) {
+    const lines = file.content.split("\n");
+    for (const { pattern } of COMMENTED_CODE_PATTERNS) {
+      let match;
+      pattern.lastIndex = 0;
+      while ((match = pattern.exec(file.content)) !== null) {
+        const lineNumber = getLineNumber9(file.content, match.index);
+        const lineContent = lines[lineNumber - 1]?.trim() || "";
+        if (lineContent.includes("///") || lineContent.includes("/**")) continue;
+        findings.push({
+          id: generateFindingId("dead-code"),
+          category: "dead-code",
+          severity: "warning",
+          title: "Commented Code",
+          description: "Commented-out code should be removed. Use version control to preserve history.",
+          file: file.relativePath,
+          line: lineNumber,
+          code: truncateCode8(lineContent),
+          suggestion: "Remove commented code. If needed later, it can be recovered from git history.",
+          autoFixable: true
+        });
+      }
+    }
+    for (const { pattern, name } of TODO_PATTERNS) {
+      let match;
+      pattern.lastIndex = 0;
+      while ((match = pattern.exec(file.content)) !== null) {
+        const lineNumber = getLineNumber9(file.content, match.index);
+        const lineContent = lines[lineNumber - 1]?.trim() || "";
+        findings.push({
+          id: generateFindingId("dead-code"),
+          category: "dead-code",
+          severity: "info",
+          title: `${name} Found`,
+          description: `${name} indicates incomplete or temporary code that may need attention.`,
+          file: file.relativePath,
+          line: lineNumber,
+          code: truncateCode8(lineContent),
+          suggestion: "Address the TODO/FIXME or create a ticket to track it.",
+          autoFixable: false
+        });
+      }
+    }
+    if (file.language === "csharp") {
+      const privateMethods = /* @__PURE__ */ new Map();
+      let match;
+      CSHARP_PRIVATE_METHOD_PATTERN.lastIndex = 0;
+      while ((match = CSHARP_PRIVATE_METHOD_PATTERN.exec(file.content)) !== null) {
+        privateMethods.set(match[1], getLineNumber9(file.content, match.index));
+      }
+      for (const [methodName, lineNumber] of privateMethods) {
+        const regex = new RegExp(`\\b${methodName}\\s*\\(`, "g");
+        const occurrences = (file.content.match(regex) || []).length;
+        if (occurrences === 1) {
+          findings.push({
+            id: generateFindingId("dead-code"),
+            category: "dead-code",
+            severity: "warning",
+            title: "Unused Private Method",
+            description: `Private method '${methodName}' is declared but never called.`,
+            file: file.relativePath,
+            line: lineNumber,
+            suggestion: "Remove the unused method or make it public if it should be accessible.",
+            autoFixable: true
+          });
+        }
+      }
+      const privateFields = /* @__PURE__ */ new Map();
+      CSHARP_PRIVATE_FIELD_PATTERN.lastIndex = 0;
+      while ((match = CSHARP_PRIVATE_FIELD_PATTERN.exec(file.content)) !== null) {
+        const fieldName = match[1];
+        if (fieldName.startsWith("_") && fieldName.length > 1) {
+          privateFields.set(fieldName, getLineNumber9(file.content, match.index));
+        }
+      }
+      for (const [fieldName, lineNumber] of privateFields) {
+        const regex = new RegExp(`\\b${fieldName}\\b`, "g");
+        const occurrences = (file.content.match(regex) || []).length;
+        if (occurrences === 1) {
+          findings.push({
+            id: generateFindingId("dead-code"),
+            category: "dead-code",
+            severity: "warning",
+            title: "Unused Private Field",
+            description: `Private field '${fieldName}' is declared but never used.`,
+            file: file.relativePath,
+            line: lineNumber,
+            suggestion: "Remove the unused field.",
+            autoFixable: true
+          });
+        }
+      }
+      checkUnusedCsharpUsings(file, lines, findings);
+    }
+    if (["typescript", "javascript", "tsx", "jsx"].includes(file.language)) {
+      checkUnusedJsImports(file, lines, findings);
+      checkUnusedJsVariables(file, lines, findings);
+    }
+  }
+  return findings;
+}
+function checkUnusedCsharpUsings(file, _lines, findings) {
+  const usings = /* @__PURE__ */ new Map();
+  let match;
+  CSHARP_UNUSED_IMPORT_PATTERN.lastIndex = 0;
+  while ((match = CSHARP_UNUSED_IMPORT_PATTERN.exec(file.content)) !== null) {
+    const namespace = match[1];
+    usings.set(namespace, getLineNumber9(file.content, match.index));
+  }
+  const contentAfterUsings = file.content.replace(/using\s+[\w.]+;/g, "");
+  for (const [namespace, lineNumber] of usings) {
+    const parts = namespace.split(".");
+    const lastPart = parts[parts.length - 1];
+    const isUsed = contentAfterUsings.includes(lastPart) || contentAfterUsings.includes(namespace);
+    const alwaysNeeded = ["System", "System.Collections.Generic", "System.Linq", "System.Threading.Tasks"];
+    if (alwaysNeeded.includes(namespace)) continue;
+    if (!isUsed) {
+      findings.push({
+        id: generateFindingId("dead-code"),
+        category: "dead-code",
+        severity: "info",
+        title: "Potentially Unused Using",
+        description: `The using '${namespace}' may not be needed in this file.`,
+        file: file.relativePath,
+        line: lineNumber,
+        suggestion: "Remove unused using statements to keep the file clean.",
+        autoFixable: true
+      });
+    }
+  }
+}
+function checkUnusedJsImports(file, _lines, findings) {
+  const imports = /* @__PURE__ */ new Map();
+  let match;
+  const importPattern = /import\s+(?:\{([^}]+)\}|(\w+)(?:\s*,\s*\{([^}]+)\})?)\s+from\s+['"][^'"]+['"]/gi;
+  while ((match = importPattern.exec(file.content)) !== null) {
+    const lineNumber = getLineNumber9(file.content, match.index);
+    const namedImports = match[1] || match[3];
+    const defaultImport = match[2];
+    if (namedImports) {
+      const names = namedImports.split(",").map((n) => {
+        const parts = n.trim().split(/\s+as\s+/);
+        return parts[parts.length - 1].trim();
+      });
+      for (const name of names) {
+        if (name) imports.set(name, { line: lineNumber, full: match[0] });
+      }
+    }
+    if (defaultImport && defaultImport !== "React") {
+      imports.set(defaultImport, { line: lineNumber, full: match[0] });
+    }
+  }
+  const contentAfterImports = file.content.replace(/import\s+.*from\s+['"][^'"]+['"]/g, "");
+  for (const [name, { line }] of imports) {
+    const regex = new RegExp(`\\b${name}\\b`, "g");
+    const occurrences = (contentAfterImports.match(regex) || []).length;
+    if (occurrences === 0) {
+      findings.push({
+        id: generateFindingId("dead-code"),
+        category: "dead-code",
+        severity: "warning",
+        title: "Unused Import",
+        description: `Import '${name}' is declared but never used.`,
+        file: file.relativePath,
+        line,
+        suggestion: "Remove unused imports.",
+        autoFixable: true
+      });
+    }
+  }
+}
+function checkUnusedJsVariables(file, _lines, findings) {
+  const varPattern = /(?:const|let)\s+(\w+)\s*=\s*(?!function|async\s+function)/gi;
+  const variables = /* @__PURE__ */ new Map();
+  let match;
+  while ((match = varPattern.exec(file.content)) !== null) {
+    const varName = match[1];
+    if (varName.startsWith("_") || varName === "i" || varName === "j") continue;
+    variables.set(varName, getLineNumber9(file.content, match.index));
+  }
+  for (const [varName, lineNumber] of variables) {
+    const regex = new RegExp(`\\b${varName}\\b`, "g");
+    const occurrences = (file.content.match(regex) || []).length;
+    if (occurrences === 1) {
+      findings.push({
+        id: generateFindingId("dead-code"),
+        category: "dead-code",
+        severity: "warning",
+        title: "Unused Variable",
+        description: `Variable '${varName}' is declared but never used.`,
+        file: file.relativePath,
+        line: lineNumber,
+        suggestion: "Remove unused variables or prefix with underscore if intentionally unused.",
+        autoFixable: true
+      });
+    }
+  }
+}
+function getLineNumber9(content, index) {
+  return content.slice(0, index).split("\n").length;
+}
+function truncateCode8(code, maxLength = 100) {
+  if (code.length <= maxLength) return code;
+  return code.slice(0, maxLength - 3) + "...";
+}
+
+// src/tools/review-code/checks/i18n.ts
+var JSX_TEXT_PATTERN = />([A-Z][a-z]+(?:\s+[a-z]+)*[.!?]?)</gi;
+var JSX_ATTR_PATTERNS = [
+  { pattern: /placeholder\s*=\s*["']([^"']+)["']/gi, name: "placeholder" },
+  { pattern: /title\s*=\s*["']([A-Z][^"']+)["']/gi, name: "title" },
+  { pattern: /aria-label\s*=\s*["']([^"']+)["']/gi, name: "aria-label" },
+  { pattern: /alt\s*=\s*["']([A-Z][^"']+)["']/gi, name: "alt" },
+  { pattern: /label\s*=\s*["']([A-Z][^"']+)["']/gi, name: "label" }
+];
+var CSHARP_ERROR_PATTERNS = [
+  { pattern: /throw\s+new\s+\w*Exception\s*\(\s*["']([^"']+)["']/gi, name: "Exception message" },
+  { pattern: /ModelState\.AddModelError\s*\([^,]+,\s*["']([^"']+)["']/gi, name: "Validation error" },
+  { pattern: /\.WithMessage\s*\(\s*["']([^"']+)["']/gi, name: "FluentValidation message" },
+  { pattern: /BadRequest\s*\(\s*["']([^"']+)["']/gi, name: "BadRequest message" },
+  { pattern: /NotFound\s*\(\s*["']([^"']+)["']/gi, name: "NotFound message" }
+];
+var NOTIFICATION_PATTERNS = [
+  { pattern: /toast\.\w+\s*\(\s*["']([^"']+)["']/gi, name: "Toast notification" },
+  { pattern: /notify\s*\(\s*["']([^"']+)["']/gi, name: "Notification" },
+  { pattern: /alert\s*\(\s*["']([^"']+)["']/gi, name: "Alert" },
+  { pattern: /confirm\s*\(\s*["']([^"']+)["']/gi, name: "Confirm dialog" }
+];
+var EXCLUDED_PATTERNS = [
+  /^[a-z]+$/i,
+  // Single words (likely identifiers)
+  /^[A-Z_]+$/,
+  // CONSTANTS
+  /^\d+$/,
+  // Numbers
+  /^[a-z0-9-_]+$/i,
+  // IDs, slugs
+  /^https?:\/\//i,
+  // URLs
+  /^[a-zA-Z0-9._%+-]+@/,
+  // Emails
+  /^\{.*\}$/,
+  // Template variables
+  /^#[0-9a-f]+$/i
+  // Color codes
+];
+async function checkI18n(context) {
+  const findings = [];
+  for (const file of context.files) {
+    if (!isUiFile(file.relativePath)) continue;
+    const lines = file.content.split("\n");
+    if (["tsx", "jsx"].includes(file.language)) {
+      let match;
+      JSX_TEXT_PATTERN.lastIndex = 0;
+      while ((match = JSX_TEXT_PATTERN.exec(file.content)) !== null) {
+        const text = match[1].trim();
+        if (!shouldExclude(text) && text.length > 2) {
+          const lineNumber = getLineNumber10(file.content, match.index);
+          findings.push({
+            id: generateFindingId("i18n"),
+            category: "i18n",
+            severity: "warning",
+            title: "Hardcoded UI Text",
+            description: `Text "${truncateCode9(text, 30)}" should use translation function.`,
+            file: file.relativePath,
+            line: lineNumber,
+            code: truncateCode9(lines[lineNumber - 1]?.trim() || ""),
+            suggestion: `Use {t('key')} instead of hardcoded text. Example: {t('buttons.submit')}`,
+            autoFixable: false
+          });
+        }
+      }
+      for (const { pattern, name } of JSX_ATTR_PATTERNS) {
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(file.content)) !== null) {
+          const text = match[1].trim();
+          if (!shouldExclude(text) && text.length > 2) {
+            const lineNumber = getLineNumber10(file.content, match.index);
+            findings.push({
+              id: generateFindingId("i18n"),
+              category: "i18n",
+              severity: "warning",
+              title: `Non-translated ${name}`,
+              description: `The ${name} attribute "${truncateCode9(text, 30)}" should be translated.`,
+              file: file.relativePath,
+              line: lineNumber,
+              code: truncateCode9(lines[lineNumber - 1]?.trim() || ""),
+              suggestion: `Use {t('key')} for the ${name} attribute.`,
+              autoFixable: false
+            });
+          }
+        }
+      }
+      for (const { pattern, name } of NOTIFICATION_PATTERNS) {
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(file.content)) !== null) {
+          const text = match[1].trim();
+          if (!shouldExclude(text) && text.length > 2) {
+            const lineNumber = getLineNumber10(file.content, match.index);
+            findings.push({
+              id: generateFindingId("i18n"),
+              category: "i18n",
+              severity: "warning",
+              title: `Non-translated ${name}`,
+              description: `${name} message "${truncateCode9(text, 30)}" should be translated.`,
+              file: file.relativePath,
+              line: lineNumber,
+              code: truncateCode9(lines[lineNumber - 1]?.trim() || ""),
+              suggestion: `Use t('key') for notification messages.`,
+              autoFixable: false
+            });
+          }
+        }
+      }
+      if (!file.content.includes("useTranslation") && !file.content.includes("from 'react-i18next'")) {
+        const hasHardcodedStrings = JSX_TEXT_PATTERN.test(file.content);
+        if (hasHardcodedStrings) {
+          findings.push({
+            id: generateFindingId("i18n"),
+            category: "i18n",
+            severity: "info",
+            title: "Missing i18n Setup",
+            description: "This file has UI text but does not import useTranslation hook.",
+            file: file.relativePath,
+            line: 1,
+            suggestion: "Add: import { useTranslation } from 'react-i18next';",
+            autoFixable: true
+          });
+        }
+      }
+    }
+    if (file.language === "csharp") {
+      for (const { pattern, name } of CSHARP_ERROR_PATTERNS) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(file.content)) !== null) {
+          const text = match[1].trim();
+          if (text.length > 10 && !shouldExclude(text)) {
+            const lineNumber = getLineNumber10(file.content, match.index);
+            findings.push({
+              id: generateFindingId("i18n"),
+              category: "i18n",
+              severity: "warning",
+              title: `Non-translated ${name}`,
+              description: `${name} "${truncateCode9(text, 30)}" should use localization.`,
+              file: file.relativePath,
+              line: lineNumber,
+              code: truncateCode9(lines[lineNumber - 1]?.trim() || ""),
+              suggestion: "Use IStringLocalizer or resource files for error messages.",
+              autoFixable: false
+            });
+          }
+        }
+      }
+    }
+  }
+  return findings;
+}
+function isUiFile(filePath) {
+  const lower = filePath.toLowerCase();
+  return lower.includes("/pages/") || lower.includes("/components/") || lower.includes("/views/") || lower.includes("/ui/") || lower.endsWith(".tsx") || lower.endsWith(".jsx") || lower.includes("controller") && lower.endsWith(".cs");
+}
+function shouldExclude(text) {
+  for (const pattern of EXCLUDED_PATTERNS) {
+    if (pattern.test(text)) return true;
+  }
+  if (text.length <= 2) return true;
+  if (text.includes("(") || text.includes(")") || text.includes("{")) return true;
+  const alphaChars = text.replace(/[^a-zA-Z]/g, "").length;
+  if (alphaChars < text.length * 0.5) return true;
+  return false;
+}
+function getLineNumber10(content, index) {
+  return content.slice(0, index).split("\n").length;
+}
+function truncateCode9(code, maxLength = 100) {
+  if (code.length <= maxLength) return code;
+  return code.slice(0, maxLength - 3) + "...";
+}
+
+// src/tools/review-code/checks/accessibility.ts
+var IMG_WITHOUT_ALT = /<img(?![^>]*\balt\s*=)[^>]*>/gi;
+var IMG_EMPTY_ALT = /<img[^>]*\balt\s*=\s*["']\s*["'][^>]*>/gi;
+var LINK_WITHOUT_TEXT = /<a[^>]*>\s*<\/a>/gi;
+var LINK_ONLY_ICON = /<a[^>]*>\s*<(?:svg|i|span[^>]*class="[^"]*icon)[^>]*>\s*<\/a>/gi;
+var BUTTON_WITHOUT_TEXT = /<button[^>]*>\s*<(?:svg|i|span[^>]*icon)[^>]*>\s*<\/button>/gi;
+var ONCLICK_ON_DIV = /<div[^>]*onClick[^>]*>/gi;
+var ONCLICK_ON_SPAN = /<span[^>]*onClick[^>]*>/gi;
+var HEADING_PATTERN = /<h([1-6])/gi;
+var POSITIVE_TABINDEX = /tabIndex\s*=\s*\{?\s*["']?([1-9]\d*)["']?\s*\}?/gi;
+var OUTLINE_NONE = /outline\s*:\s*none|outline\s*:\s*0/gi;
+var ARIA_HIDDEN_FOCUSABLE = /aria-hidden\s*=\s*["']true["'][^>]*(?:tabIndex|onClick|onKeyDown)/gi;
+async function checkAccessibility(context) {
+  const findings = [];
+  for (const file of context.files) {
+    if (!["tsx", "jsx", "typescript", "javascript"].includes(file.language)) continue;
+    if (!isUiFile2(file.relativePath)) continue;
+    const lines = file.content.split("\n");
+    checkPattern(file, lines, IMG_WITHOUT_ALT, {
+      title: "Image Missing Alt Text",
+      description: "Images must have an alt attribute for screen readers.",
+      severity: "critical",
+      suggestion: 'Add alt="description" to the image. Use alt="" only for decorative images.',
+      cweId: void 0
+    }, findings);
+    let match;
+    IMG_EMPTY_ALT.lastIndex = 0;
+    while ((match = IMG_EMPTY_ALT.exec(file.content)) !== null) {
+      if (match[0].includes("aria-hidden") || match[0].includes('role="presentation"')) continue;
+      const lineNumber = getLineNumber11(file.content, match.index);
+      findings.push({
+        id: generateFindingId("accessibility"),
+        category: "accessibility",
+        severity: "warning",
+        title: "Empty Alt on Potentially Informative Image",
+        description: "Empty alt text should only be used for decorative images.",
+        file: file.relativePath,
+        line: lineNumber,
+        code: truncateCode10(lines[lineNumber - 1]?.trim() || ""),
+        suggestion: 'Add descriptive alt text or add role="presentation" if truly decorative.',
+        autoFixable: false
+      });
+    }
+    checkPattern(file, lines, LINK_WITHOUT_TEXT, {
+      title: "Empty Link",
+      description: "Links must have accessible text content.",
+      severity: "critical",
+      suggestion: "Add text content or aria-label to the link."
+    }, findings);
+    checkPattern(file, lines, LINK_ONLY_ICON, {
+      title: "Icon-Only Link",
+      description: "Links containing only icons need accessible labels.",
+      severity: "warning",
+      suggestion: "Add aria-label or visually hidden text to describe the link."
+    }, findings);
+    checkPattern(file, lines, BUTTON_WITHOUT_TEXT, {
+      title: "Icon-Only Button",
+      description: "Buttons containing only icons need accessible labels.",
+      severity: "warning",
+      suggestion: "Add aria-label or visually hidden text to describe the button action."
+    }, findings);
+    checkPattern(file, lines, ONCLICK_ON_DIV, {
+      title: "Click Handler on Non-Interactive Element",
+      description: "div elements with onClick are not keyboard accessible by default.",
+      severity: "warning",
+      suggestion: 'Use a button element, or add role="button", tabIndex={0}, and onKeyDown handler.'
+    }, findings);
+    checkPattern(file, lines, ONCLICK_ON_SPAN, {
+      title: "Click Handler on Non-Interactive Element",
+      description: "span elements with onClick are not keyboard accessible by default.",
+      severity: "warning",
+      suggestion: 'Use a button element, or add role="button", tabIndex={0}, and onKeyDown handler.'
+    }, findings);
+    POSITIVE_TABINDEX.lastIndex = 0;
+    while ((match = POSITIVE_TABINDEX.exec(file.content)) !== null) {
+      const lineNumber = getLineNumber11(file.content, match.index);
+      findings.push({
+        id: generateFindingId("accessibility"),
+        category: "accessibility",
+        severity: "warning",
+        title: "Positive tabIndex",
+        description: `tabIndex="${match[1]}" disrupts natural tab order and confuses keyboard users.`,
+        file: file.relativePath,
+        line: lineNumber,
+        code: truncateCode10(lines[lineNumber - 1]?.trim() || ""),
+        suggestion: "Use tabIndex={0} to add to natural tab order, or tabIndex={-1} to remove. Avoid positive values.",
+        autoFixable: true
+      });
+    }
+    OUTLINE_NONE.lastIndex = 0;
+    while ((match = OUTLINE_NONE.exec(file.content)) !== null) {
+      const lineNumber = getLineNumber11(file.content, match.index);
+      const context2 = file.content.slice(Math.max(0, match.index - 100), match.index + 200);
+      if (context2.includes(":focus") && (context2.includes("box-shadow") || context2.includes("border"))) continue;
+      findings.push({
+        id: generateFindingId("accessibility"),
+        category: "accessibility",
+        severity: "critical",
+        title: "Focus Indicator Removed",
+        description: "Removing outline without an alternative makes it impossible for keyboard users to see focus.",
+        file: file.relativePath,
+        line: lineNumber,
+        code: truncateCode10(lines[lineNumber - 1]?.trim() || ""),
+        suggestion: "Provide an alternative focus indicator using box-shadow or border on :focus state.",
+        autoFixable: false
+      });
+    }
+    checkPattern(file, lines, ARIA_HIDDEN_FOCUSABLE, {
+      title: "Focusable Element Hidden from Assistive Technology",
+      description: 'Elements with aria-hidden="true" should not be focusable.',
+      severity: "critical",
+      suggestion: 'Remove aria-hidden="true" or add tabIndex={-1} and remove click handlers.'
+    }, findings);
+    checkHeadingHierarchy(file, lines, findings);
+  }
+  return findings;
+}
+function checkPattern(file, lines, pattern, issue, findings) {
+  let match;
+  pattern.lastIndex = 0;
+  while ((match = pattern.exec(file.content)) !== null) {
+    const lineNumber = getLineNumber11(file.content, match.index);
+    findings.push({
+      id: generateFindingId("accessibility"),
+      category: "accessibility",
+      severity: issue.severity,
+      title: issue.title,
+      description: issue.description,
+      file: file.relativePath,
+      line: lineNumber,
+      code: truncateCode10(lines[lineNumber - 1]?.trim() || ""),
+      suggestion: issue.suggestion,
+      autoFixable: false,
+      cweId: issue.cweId
+    });
+  }
+}
+function checkHeadingHierarchy(file, lines, findings) {
+  const headings = [];
+  let match;
+  HEADING_PATTERN.lastIndex = 0;
+  while ((match = HEADING_PATTERN.exec(file.content)) !== null) {
+    headings.push({
+      level: parseInt(match[1], 10),
+      line: getLineNumber11(file.content, match.index)
+    });
+  }
+  for (let i = 1; i < headings.length; i++) {
+    const current = headings[i];
+    const previous = headings[i - 1];
+    if (current.level > previous.level + 1) {
+      findings.push({
+        id: generateFindingId("accessibility"),
+        category: "accessibility",
+        severity: "warning",
+        title: "Heading Level Skipped",
+        description: `Heading jumps from h${previous.level} to h${current.level}. Screen reader users may think content is missing.`,
+        file: file.relativePath,
+        line: current.line,
+        code: truncateCode10(lines[current.line - 1]?.trim() || ""),
+        suggestion: `Use h${previous.level + 1} instead of h${current.level}.`,
+        autoFixable: true
+      });
+    }
+  }
+  if (headings.length > 0 && headings[0].level !== 1) {
+    findings.push({
+      id: generateFindingId("accessibility"),
+      category: "accessibility",
+      severity: "info",
+      title: "Page Does Not Start with h1",
+      description: "Pages should typically start with an h1 heading.",
+      file: file.relativePath,
+      line: headings[0].line,
+      suggestion: "Consider adding an h1 as the main page heading.",
+      autoFixable: false
+    });
+  }
+}
+function isUiFile2(filePath) {
+  const lower = filePath.toLowerCase();
+  return lower.includes("/pages/") || lower.includes("/components/") || lower.includes("/views/") || lower.includes("/ui/") || lower.endsWith(".tsx") || lower.endsWith(".jsx");
+}
+function getLineNumber11(content, index) {
+  return content.slice(0, index).split("\n").length;
+}
+function truncateCode10(code, maxLength = 100) {
+  if (code.length <= maxLength) return code;
+  return code.slice(0, maxLength - 3) + "...";
+}
+
+// src/tools/review-code/formatters/markdown.ts
+var SEVERITY_EMOJI = {
+  blocking: "\u{1F534}",
+  critical: "\u{1F7E0}",
+  warning: "\u{1F7E1}",
+  info: "\u{1F535}"
+};
+var GRADE_EMOJI = {
+  A: "\u{1F7E2}",
+  B: "\u{1F7E2}",
+  C: "\u{1F7E1}",
+  D: "\u{1F7E0}",
+  F: "\u{1F534}"
+};
+function formatMarkdownReport(result) {
+  const lines = [];
+  lines.push("# Code Review Report");
+  lines.push("");
+  lines.push("## Summary");
+  lines.push("");
+  lines.push("| Metric | Value |");
+  lines.push("|--------|-------|");
+  lines.push(`| Status | ${result.summary.status === "passed" ? "\u2705 PASSED" : result.summary.status === "failed" ? "\u274C FAILED" : "\u26A0\uFE0F WARNING"} |`);
+  lines.push(`| Score | ${result.summary.score}/100 |`);
+  lines.push(`| Grade | ${GRADE_EMOJI[result.summary.grade]} ${result.summary.grade} |`);
+  lines.push(`| Files Scanned | ${result.stats.filesScanned} |`);
+  lines.push(`| Lines Scanned | ${result.stats.linesScanned.toLocaleString()} |`);
+  lines.push(`| Duration | ${result.stats.duration}ms |`);
+  lines.push("");
+  lines.push("### Issues Found");
+  lines.push("");
+  lines.push("| Severity | Count |");
+  lines.push("|----------|-------|");
+  lines.push(`| ${SEVERITY_EMOJI.blocking} Blocking | ${result.stats.findingsCount.blocking} |`);
+  lines.push(`| ${SEVERITY_EMOJI.critical} Critical | ${result.stats.findingsCount.critical} |`);
+  lines.push(`| ${SEVERITY_EMOJI.warning} Warning | ${result.stats.findingsCount.warning} |`);
+  lines.push(`| ${SEVERITY_EMOJI.info} Info | ${result.stats.findingsCount.info} |`);
+  lines.push("");
+  const categoriesWithIssues = Object.entries(result.stats.byCategory).filter(([_, count]) => count > 0).sort((a, b) => b[1] - a[1]);
+  if (categoriesWithIssues.length > 0) {
+    lines.push("### By Category");
+    lines.push("");
+    lines.push("| Category | Count |");
+    lines.push("|----------|-------|");
+    for (const [category, count] of categoriesWithIssues) {
+      lines.push(`| ${formatCategoryName(category)} | ${count} |`);
+    }
+    lines.push("");
+  }
+  const blockingFindings = result.findings.filter((f) => f.severity === "blocking");
+  const criticalFindings = result.findings.filter((f) => f.severity === "critical");
+  const warningFindings = result.findings.filter((f) => f.severity === "warning");
+  const infoFindings = result.findings.filter((f) => f.severity === "info");
+  if (blockingFindings.length > 0) {
+    lines.push("---");
+    lines.push("");
+    lines.push(`## ${SEVERITY_EMOJI.blocking} Blocking Issues (${blockingFindings.length})`);
+    lines.push("");
+    lines.push("> These issues MUST be fixed before merging.");
+    lines.push("");
+    formatFindings(lines, blockingFindings);
+  }
+  if (criticalFindings.length > 0) {
+    lines.push("---");
+    lines.push("");
+    lines.push(`## ${SEVERITY_EMOJI.critical} Critical Issues (${criticalFindings.length})`);
+    lines.push("");
+    lines.push("> These issues should be fixed as soon as possible.");
+    lines.push("");
+    formatFindings(lines, criticalFindings);
+  }
+  if (warningFindings.length > 0) {
+    lines.push("---");
+    lines.push("");
+    lines.push(`## ${SEVERITY_EMOJI.warning} Warnings (${warningFindings.length})`);
+    lines.push("");
+    formatFindings(lines, warningFindings);
+  }
+  if (infoFindings.length > 0) {
+    lines.push("---");
+    lines.push("");
+    lines.push(`## ${SEVERITY_EMOJI.info} Info (${infoFindings.length})`);
+    lines.push("");
+    formatFindings(lines, infoFindings);
+  }
+  if (result.findings.length === 0) {
+    lines.push("---");
+    lines.push("");
+    lines.push("## \u2728 No Issues Found");
+    lines.push("");
+    lines.push("Great job! Your code passed all checks.");
+    lines.push("");
+  }
+  return lines.join("\n");
+}
+function formatFindings(lines, findings) {
+  for (const finding of findings) {
+    lines.push(`### ${finding.id}: ${finding.title}`);
+    lines.push("");
+    lines.push(`**Category**: ${formatCategoryName(finding.category)}`);
+    lines.push(`**File**: \`${finding.file}${finding.line ? `:${finding.line}` : ""}\``);
+    if (finding.cweId) {
+      lines.push(`**CWE**: ${finding.cweId}`);
     }
-    if (func.cyclomaticComplexity > thresholds.cyclomaticComplexity) {
-      issues.push(`Cyclomatic complexity: ${func.cyclomaticComplexity} (threshold: ${thresholds.cyclomaticComplexity})`);
+    lines.push("");
+    lines.push(finding.description);
+    lines.push("");
+    if (finding.code) {
+      lines.push("**Code**:");
+      lines.push("```");
+      lines.push(finding.code);
+      lines.push("```");
+      lines.push("");
     }
-    if (func.lineCount > thresholds.functionSize) {
-      issues.push(`Lines: ${func.lineCount} (threshold: ${thresholds.functionSize})`);
+    lines.push(`**Fix**: ${finding.suggestion}`);
+    if (finding.autoFixable) {
+      lines.push("");
+      lines.push("> \u{1F4A1} This issue can be auto-fixed.");
     }
-    if (func.maxNestingDepth > thresholds.nestingDepth) {
-      issues.push(`Nesting depth: ${func.maxNestingDepth} (threshold: ${thresholds.nestingDepth})`);
+    if (finding.references && finding.references.length > 0) {
+      lines.push("");
+      lines.push("**References**:");
+      for (const ref of finding.references) {
+        lines.push(`- ${ref}`);
+      }
     }
-    if (issues.length > 0) {
-      const severity = issues.length >= 3 ? "high" : issues.length === 2 ? "medium" : "low";
-      hotspots.push({
-        file: func.file,
-        function: func.name,
-        issues,
-        severity,
-        metrics: {
-          cognitiveComplexity: func.cognitiveComplexity,
-          cyclomaticComplexity: func.cyclomaticComplexity,
-          lineCount: func.lineCount,
-          nestingDepth: func.maxNestingDepth
-        }
+    lines.push("");
+  }
+}
+function formatCategoryName(category) {
+  const names = {
+    security: "Security",
+    architecture: "Architecture",
+    "hardcoded-values": "Hardcoded Values",
+    tests: "Tests",
+    "ai-hallucinations": "AI Hallucinations",
+    performance: "Performance",
+    "dead-code": "Dead Code",
+    i18n: "Internationalization",
+    accessibility: "Accessibility"
+  };
+  return names[category] || category;
+}
+
+// src/tools/review-code.ts
+var reviewCodeTool = {
+  name: "review_code",
+  description: `Comprehensive code review tool for SmartStack projects.
+
+Analyzes code for 9 categories of issues:
+- **security**: OWASP vulnerabilities, hardcoded secrets, SQL injection, XSS
+- **architecture**: Clean Architecture layer violations
+- **hardcoded-values**: Magic numbers, hardcoded URLs, feature flags
+- **tests**: Missing tests, test quality issues
+- **ai-hallucinations**: Non-existent imports, phantom methods
+- **performance**: N+1 queries, over-fetching, missing memoization
+- **dead-code**: Unused imports, functions, variables
+- **i18n**: Non-internationalized UI text
+- **accessibility**: Missing alt text, ARIA issues, focus indicators
+
+Returns a markdown report with findings grouped by severity (blocking, critical, warning, info).`,
+  inputSchema: {
+    type: "object",
+    properties: {
+      path: {
+        type: "string",
+        description: "Project path to review (default: SmartStack.app path)"
+      },
+      scope: {
+        type: "string",
+        enum: ["all", "changed", "staged"],
+        default: "all",
+        description: "Files to review: all, only changed (git diff), or staged files"
+      },
+      checks: {
+        type: "array",
+        items: {
+          type: "string",
+          enum: [
+            "security",
+            "architecture",
+            "hardcoded-values",
+            "tests",
+            "ai-hallucinations",
+            "performance",
+            "dead-code",
+            "i18n",
+            "accessibility",
+            "all"
+          ]
+        },
+        default: ["all"],
+        description: "Categories of checks to run"
+      },
+      severity: {
+        type: "string",
+        enum: ["blocking", "critical", "warning", "all"],
+        default: "all",
+        description: "Filter results by minimum severity"
+      }
+    }
+  }
+};
+async function handleReviewCode(args, config) {
+  const startTime = Date.now();
+  const input = ReviewCodeInputSchema.parse(args);
+  const projectPath = input.path || config.smartstack.projectPath;
+  logger.info("Starting code review", { projectPath, scope: input.scope, checks: input.checks });
+  resetFindingCounters();
+  const structure = await findSmartStackStructure(projectPath);
+  if (!structure) {
+    return "# Code Review Error\n\nCould not detect SmartStack project structure at the specified path.";
+  }
+  const files = await getFilesToAnalyze(projectPath, input.scope, structure);
+  if (files.length === 0) {
+    return "# Code Review Report\n\nNo files to analyze for the specified scope.";
+  }
+  logger.info(`Analyzing ${files.length} files`);
+  const context = {
+    projectPath,
+    files,
+    scope: input.scope
+  };
+  const checksToRun = input.checks.includes("all") ? ["security", "architecture", "hardcoded-values", "tests", "ai-hallucinations", "performance", "dead-code", "i18n", "accessibility"] : input.checks;
+  const checkFunctions = {
+    security: checkSecurity,
+    architecture: checkArchitecture,
+    "hardcoded-values": checkHardcodedValues,
+    tests: checkTests,
+    "ai-hallucinations": checkAiHallucinations,
+    performance: checkPerformance,
+    "dead-code": checkDeadCode,
+    i18n: checkI18n,
+    accessibility: checkAccessibility
+  };
+  const checkPromises = checksToRun.filter((check) => checkFunctions[check]).map(async (check) => {
+    try {
+      logger.debug(`Running ${check} check`);
+      return await checkFunctions[check](context);
+    } catch (error) {
+      logger.error(`Error in ${check} check`, { error });
+      return [];
+    }
+  });
+  const checkResults = await Promise.all(checkPromises);
+  const allFindings = checkResults.flat();
+  const filteredFindings = filterBySeverity(allFindings, input.severity);
+  const stats = calculateStats(filteredFindings, files, startTime);
+  const summary = calculateSummary2(filteredFindings, stats);
+  const result = {
+    summary,
+    findings: filteredFindings,
+    stats
+  };
+  logger.info("Code review complete", {
+    filesScanned: stats.filesScanned,
+    issuesFound: filteredFindings.length,
+    duration: stats.duration
+  });
+  return formatMarkdownReport(result);
+}
+async function getFilesToAnalyze(projectPath, scope, _structure) {
+  let filePaths = [];
+  if (scope === "changed") {
+    filePaths = await getChangedFiles(projectPath);
+  } else if (scope === "staged") {
+    filePaths = await getStagedFiles(projectPath);
+  } else {
+    const patterns = ["**/*.cs", "**/*.ts", "**/*.tsx", "**/*.js", "**/*.jsx"];
+    const excludePatterns = ["**/bin/**", "**/obj/**", "**/node_modules/**", "**/dist/**", "**/*.d.ts", "**/Migrations/**"];
+    for (const pattern of patterns) {
+      const found = await findFiles(pattern, {
+        cwd: projectPath,
+        ignore: excludePatterns
       });
+      filePaths.push(...found);
     }
   }
-  for (const [file, metrics] of fileMetrics) {
-    if (metrics.lineCount > thresholds.fileSize) {
-      hotspots.push({
-        file,
-        issues: [`File size: ${metrics.lineCount} lines (threshold: ${thresholds.fileSize})`],
-        severity: "medium",
-        metrics: {
-          lineCount: metrics.lineCount
-        }
+  const files = [];
+  for (const filePath of filePaths) {
+    try {
+      const fullPath = filePath.startsWith(projectPath) ? filePath : `${projectPath}/${filePath}`;
+      const content = await readText(fullPath);
+      const relativePath = filePath.replace(projectPath, "").replace(/^[/\\]/, "");
+      files.push({
+        path: fullPath,
+        relativePath,
+        content,
+        language: detectLanguage(filePath),
+        layer: detectLayer(relativePath),
+        lineCount: content.split("\n").length
       });
+    } catch {
+      logger.debug(`Could not read file: ${filePath}`);
     }
   }
-  const severityOrder = { high: 0, medium: 1, low: 2 };
-  hotspots.sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);
-  return hotspots.slice(0, 20);
+  return files;
 }
-function calculateSummary(functions, fileMetrics, metrics, hotspots) {
-  const totalViolations = metrics.cognitiveComplexity.violations + metrics.cyclomaticComplexity.violations + metrics.functionSize.violations + metrics.nestingDepth.violations + metrics.fileSize.violations;
-  const totalFunctions = functions.length;
-  const totalFiles = fileMetrics.size;
-  const violationRate = totalFunctions > 0 ? totalViolations / totalFunctions : 0;
-  const score = Math.max(0, Math.round(100 - violationRate * 100));
+function detectLanguage(filePath) {
+  const ext = filePath.toLowerCase().split(".").pop();
+  switch (ext) {
+    case "cs":
+      return "csharp";
+    case "ts":
+      return "typescript";
+    case "tsx":
+      return "tsx";
+    case "js":
+      return "javascript";
+    case "jsx":
+      return "jsx";
+    case "css":
+      return "css";
+    case "json":
+      return "json";
+    default:
+      return "other";
+  }
+}
+function detectLayer(relativePath) {
+  const lower = relativePath.toLowerCase();
+  if (lower.includes("/domain/") || lower.includes("\\domain\\")) return "domain";
+  if (lower.includes("/application/") || lower.includes("\\application\\")) return "application";
+  if (lower.includes("/infrastructure/") || lower.includes("\\infrastructure\\")) return "infrastructure";
+  if (lower.includes("/api/") || lower.includes("\\api\\")) return "api";
+  if (lower.includes("/web/") || lower.includes("\\web\\") || lower.includes("/src/")) return "web";
+  return void 0;
+}
+function filterBySeverity(findings, minSeverity) {
+  if (minSeverity === "all") return findings;
+  const severityOrder = ["blocking", "critical", "warning", "info"];
+  const minIndex = severityOrder.indexOf(minSeverity);
+  return findings.filter((f) => severityOrder.indexOf(f.severity) <= minIndex);
+}
+function calculateStats(findings, files, startTime) {
+  const byCategory = {
+    security: 0,
+    architecture: 0,
+    "hardcoded-values": 0,
+    tests: 0,
+    "ai-hallucinations": 0,
+    performance: 0,
+    "dead-code": 0,
+    i18n: 0,
+    accessibility: 0
+  };
+  const findingsCount = {
+    blocking: 0,
+    critical: 0,
+    warning: 0,
+    info: 0
+  };
+  for (const finding of findings) {
+    findingsCount[finding.severity]++;
+    byCategory[finding.category]++;
+  }
+  return {
+    filesScanned: files.length,
+    linesScanned: files.reduce((sum, f) => sum + f.lineCount, 0),
+    duration: Date.now() - startTime,
+    findingsCount,
+    byCategory
+  };
+}
+function calculateSummary2(_findings, stats) {
+  let score = 100;
+  score -= stats.findingsCount.blocking * 20;
+  score -= stats.findingsCount.critical * 5;
+  score -= stats.findingsCount.warning * 1;
+  score = Math.max(0, Math.min(100, score));
   let grade;
   if (score >= 90) grade = "A";
   else if (score >= 80) grade = "B";
   else if (score >= 70) grade = "C";
   else if (score >= 60) grade = "D";
   else grade = "F";
-  return {
-    score,
-    grade,
-    filesAnalyzed: totalFiles,
-    functionsAnalyzed: totalFunctions,
-    issuesFound: hotspots.length
-  };
-}
-function isExcludedPath(filePath) {
-  const exclusions = [
-    /[/\\]bin[/\\]/,
-    /[/\\]obj[/\\]/,
-    /[/\\]node_modules[/\\]/,
-    /[/\\]Migrations[/\\]/,
-    /\.test\./,
-    /\.spec\./,
-    /Tests[/\\]/,
-    /\.d\.ts$/,
-    /\.min\./
-  ];
-  return exclusions.some((pattern) => pattern.test(filePath));
-}
-function getLineNumber2(content, index) {
-  const normalizedContent = content.substring(0, index).replace(/\r\n/g, "\n");
-  return normalizedContent.split("\n").length;
-}
-function formatQualityReport(result, thresholds) {
-  const lines = [];
-  lines.push("# Code Quality Report");
-  lines.push("");
-  lines.push("## Summary");
-  lines.push(`- **Score**: ${result.summary.score}/100 (Grade: ${result.summary.grade})`);
-  lines.push(`- **Files analyzed**: ${result.summary.filesAnalyzed}`);
-  lines.push(`- **Functions analyzed**: ${result.summary.functionsAnalyzed}`);
-  lines.push(`- **Issues found**: ${result.summary.issuesFound}`);
-  lines.push("");
-  lines.push("## Metrics Overview");
-  lines.push("");
-  lines.push("| Metric | Average | Max | Threshold | Status |");
-  lines.push("|--------|---------|-----|-----------|--------|");
-  const formatMetricRow = (name, stat2) => {
-    const status = stat2.violations > 0 ? `${stat2.violations} violations` : "\u2705 OK";
-    return `| ${name} | ${stat2.average} | ${stat2.max} | ${stat2.threshold} | ${status} |`;
-  };
-  lines.push(formatMetricRow("Cognitive Complexity", result.metrics.cognitiveComplexity));
-  lines.push(formatMetricRow("Cyclomatic Complexity", result.metrics.cyclomaticComplexity));
-  lines.push(formatMetricRow("Function Size", result.metrics.functionSize));
-  lines.push(formatMetricRow("Nesting Depth", result.metrics.nestingDepth));
-  lines.push(formatMetricRow("File Size", result.metrics.fileSize));
-  lines.push("");
-  if (result.hotspots.length > 0) {
-    lines.push("## Hotspots (Needs Attention)");
-    lines.push("");
-    for (const hotspot of result.hotspots) {
-      const severityEmoji = hotspot.severity === "high" ? "\u{1F534}" : hotspot.severity === "medium" ? "\u{1F7E1}" : "\u{1F7E2}";
-      const location = hotspot.function ? `\`${hotspot.function}\` (${hotspot.file})` : `\`${hotspot.file}\``;
-      lines.push(`### ${severityEmoji} ${hotspot.severity.toUpperCase()}: ${location}`);
-      for (const issue of hotspot.issues) {
-        lines.push(`- ${issue}`);
-      }
-      if (hotspot.function) {
-        if (hotspot.metrics.cognitiveComplexity && hotspot.metrics.cognitiveComplexity > thresholds.cognitiveComplexity) {
-          lines.push(`- **Recommendation**: Extract logic into smaller, focused methods`);
-        } else if (hotspot.metrics.lineCount && hotspot.metrics.lineCount > thresholds.functionSize) {
-          lines.push(`- **Recommendation**: Split into multiple functions with single responsibilities`);
-        }
-      } else {
-        lines.push(`- **Recommendation**: Consider splitting this file into smaller modules`);
-      }
-      lines.push("");
-    }
+  let status;
+  if (stats.findingsCount.blocking > 0) {
+    status = "failed";
+  } else if (stats.findingsCount.critical > 0) {
+    status = "warning";
   } else {
-    lines.push("No hotspots found. Code quality is within acceptable thresholds.");
+    status = "passed";
   }
-  return lines.join("\n");
+  let message;
+  if (status === "failed") {
+    message = `Review failed with ${stats.findingsCount.blocking} blocking issue(s). These must be fixed before merging.`;
+  } else if (status === "warning") {
+    message = `Review passed with warnings. ${stats.findingsCount.critical} critical issue(s) should be addressed.`;
+  } else {
+    message = "Code review passed. Great job!";
+  }
+  return { status, score, grade, message };
 }
 
 // src/resources/conventions.ts
@@ -11650,12 +14961,141 @@ const { activeTab, setActiveTab } = useTabNavigation<TabId>('info', VALID_TABS);
 - Invalid tabs fallback to default
 - Uses \`replace: true\` to avoid polluting browser history
 
+#### Lazy Loading for Tabs (Performance)
+
+Pages with tabs MUST implement lazy loading to avoid fetching all tab data upfront.
+
+**Pattern 1: useQuery with enabled condition (Recommended)**
+
+\`\`\`tsx
+// \u274C BAD - Loads all data on mount
+const { data: info } = useQuery(['info', id], fetchInfo);
+const { data: settings } = useQuery(['settings', id], fetchSettings);
+
+// \u2705 GOOD - Only loads active tab data
+const { data: info } = useQuery(
+  ['info', id],
+  fetchInfo,
+  { enabled: activeTab === 'info' }
+);
+
+const { data: settings } = useQuery(
+  ['settings', id],
+  fetchSettings,
+  { enabled: activeTab === 'settings' }
+);
+\`\`\`
+
+**Pattern 2: React.lazy() for heavy tab components**
+
+\`\`\`tsx
+// Lazy load tab components
+const TabInfo = React.lazy(() => import('./tabs/TabInfo'));
+const TabSettings = React.lazy(() => import('./tabs/TabSettings'));
+
+// In JSX with Suspense
+<TabsContent value="info">
+  <Suspense fallback={<Skeleton />}>
+    <TabInfo entityId={id} />
+  </Suspense>
+</TabsContent>
+\`\`\`
+
+**Pattern 3: Conditional rendering**
+
+\`\`\`tsx
+// Render tab content only when active
+{activeTab === 'settings' && <SettingsTab entityId={id} />}
+\`\`\`
+
+| Pattern | Use Case |
+|---------|----------|
+| useQuery enabled | Simple data fetching per tab |
+| React.lazy + Suspense | Heavy components with own data fetching |
+| Conditional rendering | Light components, quick tab switches |
+
+### Breadcrumb Navigation
+
+All pages MUST include a Breadcrumb component for consistent navigation and user orientation.
+
+#### Breadcrumb Component
+
+\`\`\`tsx
+import { Breadcrumb } from '@/components/ui/Breadcrumb';
+
+// In your page component
+<Breadcrumb
+  items={[
+    { label: t('nav.administration'), href: '/platform/administration' },
+    { label: t('nav.users'), href: '/platform/administration/users' },
+    { label: user.fullName }  // Last item = current page (no href)
+  ]}
+/>
+\`\`\`
+
+#### Breadcrumb Rules
+
+| Rule | Description |
+|------|-------------|
+| First item | Context/Application level with Home icon (auto-added if no icon) |
+| Intermediate items | Clickable links to parent pages |
+| Last item | Current page name, no href, bold text |
+| Labels | Use i18n translation keys from \`navigation.json\` |
+| Detail pages | Include entity name (e.g., user's full name) |
+
+#### Hierarchy Pattern
+
+\`\`\`
+Context > Application > Module > [Section] > [Entity Name]
+\`\`\`
+
+**Examples:**
+
+| Page Type | Breadcrumb Items |
+|-----------|------------------|
+| List page | Administration > Users |
+| Detail page | Administration > Users > John Doe |
+| Nested page | Administration > Users > John Doe > Permissions |
+
+#### BreadcrumbItem Interface
+
+\`\`\`tsx
+interface BreadcrumbItem {
+  label: string;      // Display text (use t() for i18n)
+  href?: string;      // Link destination (omit for current page)
+  icon?: ReactNode;   // Optional icon (Home auto-added to first item)
+}
+\`\`\`
+
+#### Page Position
+
+Breadcrumb should be the FIRST element in the page content:
+
+\`\`\`tsx
+return (
+  <div className="space-y-6">
+    {/* 1. Breadcrumb - always first */}
+    <Breadcrumb items={[...]} />
+
+    {/* 2. Scope Banner (if multi-tenant) */}
+    <ScopeBanner />
+
+    {/* 3. Page Header */}
+    <div className="flex items-center gap-4">...</div>
+
+    {/* 4. Page Content */}
+    ...
+  </div>
+);
+\`\`\`
+
 ### Frontend Validation Checks
 
 | Check | Description |
 |-------|-------------|
 | \`layouts\` | Verify no \`max-w-*\` in content wrapper, standard padding present |
-| \`tabs\` | Verify \`useTabNavigation\` hook usage for pages with tabs |
+| \`tabs\` | Verify \`useTabNavigation\` hook usage AND lazy loading patterns for pages with tabs |
+| \`breadcrumb\` | Verify Breadcrumb component present as first element in page |
 
 ---
 
@@ -11695,6 +15135,9 @@ const { activeTab, setActiveTab } = useTabNavigation<TabId>('info', VALID_TABS);
 | Layout padding | \`lg:px-10\` | Standard horizontal padding |
 | Tab navigation | \`useTabNavigation\` hook | Sync tabs with URL |
 | Tab URL | \`?tab=name\` | Shareable deep links to tabs |
+| Tab lazy loading | \`enabled: activeTab === 'x'\` | Load data only for active tab |
+| Breadcrumb | \`<Breadcrumb items={[...]}/>\` | Navigation hierarchy, first page element |
+| Breadcrumb items | \`{ label, href?, icon? }\` | Last item without href = current page |
 
 ---
 
@@ -11859,7 +15302,7 @@ Run specific or all checks:
 }
 
 // src/resources/project-info.ts
-import path22 from "path";
+import path23 from "path";
 var projectInfoResourceTemplate = {
   uri: "smartstack://project",
   name: "SmartStack Project Info",
@@ -11896,16 +15339,16 @@ async function getProjectInfoResource(config) {
   lines.push("```");
   lines.push(`${projectInfo.name}/`);
   if (structure.domain) {
-    lines.push(`\u251C\u2500\u2500 ${path22.basename(structure.domain)}/          # Domain layer (entities)`);
+    lines.push(`\u251C\u2500\u2500 ${path23.basename(structure.domain)}/          # Domain layer (entities)`);
   }
   if (structure.application) {
-    lines.push(`\u251C\u2500\u2500 ${path22.basename(structure.application)}/     # Application layer (services)`);
+    lines.push(`\u251C\u2500\u2500 ${path23.basename(structure.application)}/     # Application layer (services)`);
   }
   if (structure.infrastructure) {
-    lines.push(`\u251C\u2500\u2500 ${path22.basename(structure.infrastructure)}/  # Infrastructure (EF Core)`);
+    lines.push(`\u251C\u2500\u2500 ${path23.basename(structure.infrastructure)}/  # Infrastructure (EF Core)`);
   }
   if (structure.api) {
-    lines.push(`\u251C\u2500\u2500 ${path22.basename(structure.api)}/             # API layer (controllers)`);
+    lines.push(`\u251C\u2500\u2500 ${path23.basename(structure.api)}/             # API layer (controllers)`);
   }
   if (structure.web) {
     lines.push(`\u2514\u2500\u2500 web/smartstack-web/      # React frontend`);
@@ -11918,8 +15361,8 @@ async function getProjectInfoResource(config) {
     lines.push("| Project | Path |");
     lines.push("|---------|------|");
     for (const csproj of projectInfo.csprojFiles) {
-      const name = path22.basename(csproj, ".csproj");
-      const relativePath = path22.relative(projectPath, csproj);
+      const name = path23.basename(csproj, ".csproj");
+      const relativePath = path23.relative(projectPath, csproj);
       lines.push(`| ${name} | \`${relativePath}\` |`);
     }
     lines.push("");
@@ -11929,10 +15372,10 @@ async function getProjectInfoResource(config) {
       cwd: structure.migrations,
       ignore: ["*.Designer.cs"]
     });
-    const migrations = migrationFiles.map((f) => path22.basename(f)).filter((f) => !f.includes("ModelSnapshot") && !f.includes(".Designer.")).sort();
+    const migrations = migrationFiles.map((f) => path23.basename(f)).filter((f) => !f.includes("ModelSnapshot") && !f.includes(".Designer.")).sort();
     lines.push("## EF Core Migrations");
     lines.push("");
-    lines.push(`**Location**: \`${path22.relative(projectPath, structure.migrations)}\``);
+    lines.push(`**Location**: \`${path23.relative(projectPath, structure.migrations)}\``);
     lines.push(`**Total Migrations**: ${migrations.length}`);
     lines.push("");
     if (migrations.length > 0) {
@@ -11967,11 +15410,11 @@ async function getProjectInfoResource(config) {
   lines.push("dotnet build");
   lines.push("");
   lines.push("# Run API");
-  lines.push(`cd ${structure.api ? path22.relative(projectPath, structure.api) : "src/Api"}`);
+  lines.push(`cd ${structure.api ? path23.relative(projectPath, structure.api) : "src/Api"}`);
   lines.push("dotnet run");
   lines.push("");
   lines.push("# Run frontend");
-  lines.push(`cd ${structure.web ? path22.relative(projectPath, structure.web) : "web"}`);
+  lines.push(`cd ${structure.web ? path23.relative(projectPath, structure.web) : "web"}`);
   lines.push("npm run dev");
   lines.push("");
   lines.push("# Create migration");
@@ -11994,7 +15437,7 @@ async function getProjectInfoResource(config) {
 }
 
 // src/resources/api-endpoints.ts
-import path23 from "path";
+import path24 from "path";
 var apiEndpointsResourceTemplate = {
   uri: "smartstack://api/",
   name: "SmartStack API Endpoints",
@@ -12019,7 +15462,7 @@ async function getApiEndpointsResource(config, endpointFilter) {
 }
 async function parseController(filePath, _rootPath) {
   const content = await readText(filePath);
-  const fileName = path23.basename(filePath, ".cs");
+  const fileName = path24.basename(filePath, ".cs");
   const controllerName = fileName.replace("Controller", "");
   const endpoints = [];
   const routeMatch = content.match(/\[Route\s*\(\s*"([^"]+)"\s*\)\]/);
@@ -12166,7 +15609,7 @@ function getMethodEmoji(method) {
 }
 
 // src/resources/db-schema.ts
-import path24 from "path";
+import path25 from "path";
 var dbSchemaResourceTemplate = {
   uri: "smartstack://schema/",
   name: "SmartStack Database Schema",
@@ -12182,7 +15625,7 @@ async function getDbSchemaResource(config, tableFilter) {
   if (structure.domain) {
     const entityFiles = await findEntityFiles(structure.domain);
     for (const file of entityFiles) {
-      const entity = await parseEntity(file, structure.root, config);
+      const entity = await parseEntity2(file, structure.root, config);
       if (entity) {
         entities.push(entity);
       }
@@ -12196,7 +15639,7 @@ async function getDbSchemaResource(config, tableFilter) {
   ) : entities;
   return formatSchema(filteredEntities, tableFilter, config);
 }
-async function parseEntity(filePath, rootPath, _config) {
+async function parseEntity2(filePath, rootPath, _config) {
   const content = await readText(filePath);
   const classMatch = content.match(/public\s+(?:class|record)\s+(\w+)(?:\s*:\s*(\w+))?/);
   if (!classMatch) return null;
@@ -12256,7 +15699,7 @@ async function parseEntity(filePath, rootPath, _config) {
     tableName,
     properties,
     relationships,
-    file: path24.relative(rootPath, filePath)
+    file: path25.relative(rootPath, filePath)
   };
 }
 async function enrichFromConfigurations(entities, infrastructurePath, _config) {
@@ -12402,7 +15845,7 @@ function formatSchema(entities, filter, _config) {
 }
 
 // src/resources/entities.ts
-import path25 from "path";
+import path26 from "path";
 var entitiesResourceTemplate = {
   uri: "smartstack://entities/",
   name: "SmartStack Entities",
@@ -12462,7 +15905,7 @@ async function parseEntitySummary(filePath, rootPath, config) {
     hasSoftDelete,
     hasRowVersion,
     file: filePath,
-    relativePath: path25.relative(rootPath, filePath)
+    relativePath: path26.relative(rootPath, filePath)
   };
 }
 function inferTableInfo(entityName, config) {
@@ -12665,7 +16108,11 @@ async function createServer() {
         analyzeExtensionPointsTool,
         // Security & Code Quality Tools
         validateSecurityTool,
-        analyzeCodeQualityTool
+        analyzeCodeQualityTool,
+        // Hierarchy Analysis Tools
+        analyzeHierarchyPatternsTool,
+        // Code Review Tool
+        reviewCodeTool
       ]
     };
   });
@@ -12731,6 +16178,14 @@ async function createServer() {
         case "analyze_code_quality":
           result = await handleAnalyzeCodeQuality(args ?? {}, config);
           break;
+        // Hierarchy Analysis Tools
+        case "analyze_hierarchy_patterns":
+          result = await handleAnalyzeHierarchyPatterns(args ?? {}, config);
+          break;
+        // Code Review Tool
+        case "review_code":
+          result = await handleReviewCode(args ?? {}, config);
+          break;
         default:
           throw new Error(`Unknown tool: ${name}`);
       }