@brainforge/core 3.0.0

package/dist/index.js

@@ -0,0 +1,3556 @@
+// src/state/manager.ts
+import fs from "fs/promises";
+import path from "path";
+var STATE_DIR = ".brainforge";
+var STATE_FILE = "core.json";
+var StateManager = class {
+  constructor(workingDir) {
+    this.workingDir = workingDir;
+    this.statePath = path.join(workingDir, STATE_DIR, STATE_FILE);
+  }
+  workingDir;
+  statePath;
+  state = null;
+  async load() {
+    const raw = await fs.readFile(this.statePath, "utf-8");
+    this.state = JSON.parse(raw);
+    return this.state;
+  }
+  async save() {
+    if (!this.state) throw new Error("No state loaded \u2014 call init() or load() first.");
+    this.state.metadata.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+    await fs.mkdir(path.dirname(this.statePath), { recursive: true });
+    await fs.writeFile(this.statePath, JSON.stringify(this.state, null, 2), "utf-8");
+    await this.writeDerivedViews();
+  }
+  async init(project) {
+    this.state = {
+      version: "3.0.0",
+      project,
+      phases: [],
+      context: {},
+      metadata: {
+        createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+        updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        workingDirectory: this.workingDir
+      }
+    };
+    await this.save();
+    return this.state;
+  }
+  get() {
+    if (!this.state) throw new Error("State not loaded \u2014 call load() first.");
+    return this.state;
+  }
+  set(updater) {
+    if (!this.state) throw new Error("State not loaded.");
+    updater(this.state);
+  }
+  async configureAI(config) {
+    this.get().aiConfig = config;
+    await this.save();
+  }
+  async addPhase(phase) {
+    const newPhase = { ...phase, tasks: [] };
+    this.get().phases.push(newPhase);
+    await this.save();
+    return newPhase;
+  }
+  async addTask(task) {
+    const phase = this.get().phases.find((p) => p.id === task.phaseId);
+    if (!phase) throw new Error(`Phase "${task.phaseId}" not found.`);
+    phase.tasks.push(task);
+    await this.save();
+  }
+  async updateTaskStatus(taskId, status) {
+    for (const phase of this.get().phases) {
+      const task = phase.tasks.find((t) => t.id === taskId);
+      if (task) {
+        task.status = status;
+        task.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+        await this.save();
+        return;
+      }
+    }
+    throw new Error(`Task "${taskId}" not found.`);
+  }
+  async writeDerivedViews() {
+    await Promise.all([this.writeProjectMd(), this.writeStateMd()]);
+  }
+  async writeProjectMd() {
+    const s = this.state;
+    const phaseLines = s.phases.length ? s.phases.map((p) => `- [${p.status === "completed" ? "x" : " "}] **${p.name}** \u2014 ${p.description}`) : ["- No phases yet. Run `brainforge plan` to create one."];
+    const content = [
+      `# ${s.project.name}`,
+      "",
+      `> ${s.project.description}`,
+      "",
+      `**Type:** ${s.project.type} | **Language:** ${s.project.language}${s.project.framework ? ` | **Framework:** ${s.project.framework}` : ""}${s.project.studentLevel ? ` | **Level:** ${s.project.studentLevel}` : ""}`,
+      "",
+      "## Phases",
+      "",
+      ...phaseLines,
+      "",
+      `---`,
+      `*Generated by BrainForge AI v3 \u2014 ${s.metadata.updatedAt}*`
+    ].join("\n");
+    await fs.writeFile(path.join(this.workingDir, "PROJECT.md"), content, "utf-8");
+  }
+  async writeStateMd() {
+    const s = this.state;
+    const active = s.phases.find((p) => p.id === s.activePhaseId);
+    const totalTasks = s.phases.reduce((n, p) => n + p.tasks.length, 0);
+    const doneTasks = s.phases.reduce((n, p) => n + p.tasks.filter((t) => t.status === "done").length, 0);
+    const phaseBlocks = s.phases.map((p) => {
+      const done = p.tasks.filter((t) => t.status === "done").length;
+      return `### ${p.name} \`${p.status}\`
+${p.description}
+Tasks: ${done}/${p.tasks.length}`;
+    });
+    const content = [
+      "# Project State",
+      "",
+      `**Last Updated:** ${s.metadata.updatedAt}`,
+      `**Active Phase:** ${active ? active.name : "None"}`,
+      `**Progress:** ${doneTasks}/${totalTasks} tasks complete`,
+      "",
+      "## Phases",
+      "",
+      phaseBlocks.length ? phaseBlocks.join("\n\n") : "No phases yet."
+    ].join("\n");
+    await fs.writeFile(path.join(this.workingDir, "STATE.md"), content, "utf-8");
+  }
+};
+
+// src/state/state-machine.ts
+function reduce(state, action) {
+  switch (action.type) {
+    case "SET_ACTIVE_PHASE":
+      return { ...state, activePhaseId: action.phaseId };
+    case "COMPLETE_PHASE": {
+      const phases = state.phases.map(
+        (p) => p.id === action.phaseId ? { ...p, status: "completed", completedAt: (/* @__PURE__ */ new Date()).toISOString() } : p
+      );
+      return { ...state, phases };
+    }
+    case "UPDATE_TASK": {
+      const phases = state.phases.map((p) => ({
+        ...p,
+        tasks: p.tasks.map(
+          (t) => t.id === action.taskId ? { ...t, ...action.updates, updatedAt: (/* @__PURE__ */ new Date()).toISOString() } : t
+        )
+      }));
+      return { ...state, phases };
+    }
+    case "SET_CONTEXT":
+      return { ...state, context: { ...state.context, [action.key]: action.value } };
+    default:
+      return state;
+  }
+}
+
+// src/watcher/file-watcher.ts
+import chokidar from "chokidar";
+import { EventEmitter } from "events";
+var FileWatcher = class extends EventEmitter {
+  watcher = null;
+  watch(rootDir, patterns = ["**/*"]) {
+    this.watcher = chokidar.watch(patterns, {
+      cwd: rootDir,
+      ignored: /(node_modules|\.git|\.brainforge)/,
+      persistent: true,
+      ignoreInitial: true
+    });
+    const emit = (type) => (filePath) => {
+      this.emit("change", {
+        type,
+        path: filePath,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    };
+    this.watcher.on("add", emit("add")).on("change", emit("change")).on("unlink", emit("unlink"));
+  }
+  async stop() {
+    await this.watcher?.close();
+    this.watcher = null;
+  }
+};
+
+// src/prompt-engine/engine.ts
+import Handlebars from "handlebars";
+var BUILTIN_TEMPLATES = {
+  discuss: `You are BrainForge AI, helping a {{project.type}} developer with "{{project.name}}".
+
+Project: {{project.description}}
+Language: {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}
+{{#if project.studentLevel}}Student Level: {{project.studentLevel}}{{/if}}
+
+The developer wants to discuss: {{topic}}
+
+Provide structured, actionable guidance appropriate for their level. Be concise but thorough.`,
+  plan: `You are BrainForge AI. Analyze the following task for project "{{project.name}}":
+
+Task: {{task.title}}
+Description: {{task.description}}
+
+Generate a structured implementation plan with:
+1. Files to modify/create
+2. Key functions to implement
+3. Potential risks
+4. Estimated complexity (1-10)
+
+Keep the response focused and actionable.`,
+  review: `Review this code for a {{project.type}} developer{{#if project.studentLevel}} at {{project.studentLevel}} level{{/if}}.
+
+File: {{filePath}}
+\`\`\`{{project.language}}
+{{code}}
+\`\`\`
+
+Evaluate:
+- Correctness and logic
+- Best practices for their experience level
+{{#if isStudent}}- Academic integrity flags (patterns too advanced for declared level?)
+- Can they explain every line?{{/if}}
+- Top 3 improvement suggestions`
+};
+var PromptEngine = class {
+  compiled = /* @__PURE__ */ new Map();
+  constructor() {
+    for (const [name, source] of Object.entries(BUILTIN_TEMPLATES)) {
+      this.compiled.set(name, Handlebars.compile(source));
+    }
+  }
+  render(templateName, context) {
+    const template = this.compiled.get(templateName);
+    if (!template) throw new Error(`Template "${templateName}" not found.`);
+    return template(context);
+  }
+  registerTemplate(name, source) {
+    this.compiled.set(name, Handlebars.compile(source));
+  }
+  listTemplates() {
+    return Array.from(this.compiled.keys());
+  }
+};
+
+// src/mapper/mapper.ts
+import fs2 from "fs/promises";
+import path2 from "path";
+
+// src/mapper/extractors.ts
+function extractFromFile(filePath, content, language) {
+  const normalizedPath = filePath.replace(/\\/g, "/");
+  switch (language) {
+    case "typescript":
+    case "javascript":
+      return extractJS(normalizedPath, content, language);
+    case "python":
+      return extractPython(normalizedPath, content);
+    case "java":
+      return extractJava(normalizedPath, content);
+    case "go":
+      return extractGo(normalizedPath, content);
+    case "php":
+      return extractPHP(normalizedPath, content);
+    default:
+      return emptyNode(normalizedPath, language);
+  }
+}
+function extractJS(filePath, content, language) {
+  const lines = content.split("\n");
+  const functions = [];
+  const classes = [];
+  const imports = [];
+  const exports = [];
+  let currentClass = null;
+  let braceDepth = 0;
+  let classStartDepth = -1;
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const lineNum = i + 1;
+    braceDepth += (line.match(/\{/g) || []).length;
+    braceDepth -= (line.match(/\}/g) || []).length;
+    braceDepth = Math.max(0, braceDepth);
+    if (currentClass && braceDepth <= classStartDepth) {
+      classes.push(currentClass);
+      currentClass = null;
+      classStartDepth = -1;
+    }
+    let m = line.match(/^(?:export\s+)?(?:abstract\s+)?class\s+(\w+)/);
+    if (m) {
+      currentClass = { name: m[1], line: lineNum, isExported: /\bexport\b/.test(line), methods: [] };
+      classStartDepth = braceDepth - 1;
+      continue;
+    }
+    if (currentClass) {
+      const method = line.match(/^\s{2,}(?:(?:public|private|protected|static|async|override|get|set)\s+)*(\w+)\s*\([^)]*\)\s*(?::\s*[\w<>[\]|]+)?\s*\{/);
+      if (method && !["constructor", "if", "for", "while", "switch", "catch"].includes(method[1])) {
+        currentClass.methods.push(method[1]);
+      }
+      continue;
+    }
+    m = line.match(/^(?:export\s+)?(?:async\s+)?function\s+(\w+)\s*[(<]/);
+    if (m) {
+      functions.push({ name: m[1], line: lineNum, isExported: /\bexport\b/.test(line), isAsync: /\basync\b/.test(line) });
+      continue;
+    }
+    m = line.match(/^(?:export\s+)?(?:const|let|var)\s+(\w+)\s*=\s*(?:async\s+)?\(/);
+    if (m) {
+      functions.push({ name: m[1], line: lineNum, isExported: /\bexport\b/.test(line), isAsync: /\basync\b/.test(line) });
+      continue;
+    }
+    m = line.match(/^import\s+.+?\s+from\s+['"]([^'"]+)['"]/);
+    if (m) {
+      imports.push(m[1]);
+      continue;
+    }
+    m = line.match(/^export\s+(?:default\s+)?(?:function|class|const|let|var|type|interface|enum)\s+(\w+)/);
+    if (m) {
+      exports.push(m[1]);
+      continue;
+    }
+    m = line.match(/^export\s+\{\s*([^}]+)\s*\}/);
+    if (m) {
+      exports.push(...m[1].split(",").map((e) => e.trim().split(/\s+/)[0]).filter(Boolean));
+    }
+  }
+  if (currentClass) classes.push(currentClass);
+  return { path: filePath, language, functions, classes, imports, exports, lastScanned: (/* @__PURE__ */ new Date()).toISOString() };
+}
+function extractPython(filePath, content) {
+  const lines = content.split("\n");
+  const functions = [];
+  const classes = [];
+  const imports = [];
+  const exports = [];
+  let currentClass = null;
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const lineNum = i + 1;
+    let m = line.match(/^class\s+(\w+)/);
+    if (m) {
+      if (currentClass) classes.push(currentClass);
+      currentClass = { name: m[1], line: lineNum, isExported: true, methods: [] };
+      continue;
+    }
+    if (currentClass && line.match(/^    (?:async\s+)?def\s+/)) {
+      m = line.match(/^    (?:async\s+)?def\s+(\w+)\s*\(/);
+      if (m) {
+        currentClass.methods.push(m[1]);
+        continue;
+      }
+    }
+    m = line.match(/^(?:async\s+)?def\s+(\w+)\s*\(/);
+    if (m) {
+      if (currentClass) {
+        classes.push(currentClass);
+        currentClass = null;
+      }
+      functions.push({ name: m[1], line: lineNum, isExported: true, isAsync: /^async/.test(line.trim()) });
+      continue;
+    }
+    m = line.match(/^import\s+([\w.]+)/);
+    if (m) {
+      imports.push(m[1]);
+      continue;
+    }
+    m = line.match(/^from\s+([\w.]+)\s+import/);
+    if (m) imports.push(m[1]);
+  }
+  if (currentClass) classes.push(currentClass);
+  return { path: filePath, language: "python", functions, classes, imports, exports, lastScanned: (/* @__PURE__ */ new Date()).toISOString() };
+}
+function extractJava(filePath, content) {
+  const lines = content.split("\n");
+  const functions = [];
+  const classes = [];
+  const imports = [];
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const lineNum = i + 1;
+    let m = line.match(/^import\s+([\w.]+);/);
+    if (m) {
+      imports.push(m[1]);
+      continue;
+    }
+    m = line.match(/(?:public|private|protected)?\s*(?:abstract\s+)?(?:class|interface|enum)\s+(\w+)/);
+    if (m) {
+      classes.push({ name: m[1], line: lineNum, isExported: /public/.test(line), methods: [] });
+      continue;
+    }
+    m = line.match(/(?:public|private|protected)\s+(?:static\s+)?(?:[\w<>[\]]+\s+)?(\w+)\s*\([^)]*\)\s*(?:throws\s+\w+\s*)?\{/);
+    if (m && !["if", "for", "while", "switch", "try", "catch"].includes(m[1])) {
+      functions.push({ name: m[1], line: lineNum, isExported: /public/.test(line), isAsync: false });
+    }
+  }
+  return { path: filePath, language: "java", functions, classes, imports, exports: [], lastScanned: (/* @__PURE__ */ new Date()).toISOString() };
+}
+function extractGo(filePath, content) {
+  const lines = content.split("\n");
+  const functions = [];
+  const classes = [];
+  const imports = [];
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const lineNum = i + 1;
+    let m = line.match(/^import\s+"([^"]+)"/);
+    if (m) {
+      imports.push(m[1]);
+      continue;
+    }
+    m = line.match(/^type\s+(\w+)\s+struct/);
+    if (m) {
+      classes.push({ name: m[1], line: lineNum, isExported: /^[A-Z]/.test(m[1]), methods: [] });
+      continue;
+    }
+    m = line.match(/^func\s+(?:\(\w+\s+\*?\w+\)\s+)?(\w+)\s*\(/);
+    if (m) {
+      functions.push({ name: m[1], line: lineNum, isExported: /^[A-Z]/.test(m[1]), isAsync: false });
+    }
+  }
+  return { path: filePath, language: "go", functions, classes, imports, exports: [], lastScanned: (/* @__PURE__ */ new Date()).toISOString() };
+}
+function extractPHP(filePath, content) {
+  const lines = content.split("\n");
+  const functions = [];
+  const classes = [];
+  const imports = [];
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const lineNum = i + 1;
+    let m = line.match(/^(?:use|require|include)\s+['"]?([^'";\s]+)/);
+    if (m) {
+      imports.push(m[1]);
+      continue;
+    }
+    m = line.match(/^(?:abstract\s+)?class\s+(\w+)/);
+    if (m) {
+      classes.push({ name: m[1], line: lineNum, isExported: true, methods: [] });
+      continue;
+    }
+    m = line.match(/^(?:public\s+|private\s+|protected\s+)?(?:static\s+)?function\s+(\w+)\s*\(/);
+    if (m) {
+      functions.push({ name: m[1], line: lineNum, isExported: /public/.test(line), isAsync: false });
+    }
+  }
+  return { path: filePath, language: "php", functions, classes, imports, exports: [], lastScanned: (/* @__PURE__ */ new Date()).toISOString() };
+}
+function emptyNode(filePath, language) {
+  return { path: filePath, language, functions: [], classes: [], imports: [], exports: [], lastScanned: (/* @__PURE__ */ new Date()).toISOString() };
+}
+
+// src/mapper/mapper.ts
+var MAP_FILE = path2.join(".brainforge", "codebase-map.json");
+var LANGUAGE_EXTENSIONS = {
+  typescript: [".ts", ".tsx"],
+  javascript: [".js", ".jsx", ".mjs", ".cjs"],
+  python: [".py"],
+  java: [".java"],
+  go: [".go"],
+  php: [".php"]
+};
+var IGNORED_DIRS = /* @__PURE__ */ new Set(["node_modules", ".git", ".brainforge", "dist", "build", "coverage", "__pycache__", ".venv", "vendor"]);
+var CodebaseMapper = class {
+  constructor(workingDir) {
+    this.workingDir = workingDir;
+  }
+  workingDir;
+  async scan(language) {
+    const extensions = LANGUAGE_EXTENSIONS[language];
+    const sourceFiles = await this.findFiles(extensions);
+    const fileNodes = [];
+    for (const filePath of sourceFiles) {
+      try {
+        const content = await fs2.readFile(path2.join(this.workingDir, filePath), "utf-8");
+        fileNodes.push(extractFromFile(filePath, content, language));
+      } catch {
+      }
+    }
+    const map = {
+      version: "3.0.0",
+      scannedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      rootDir: this.workingDir,
+      files: fileNodes,
+      stats: {
+        totalFiles: fileNodes.length,
+        totalFunctions: fileNodes.reduce((n, f) => n + f.functions.length, 0),
+        totalClasses: fileNodes.reduce((n, f) => n + f.classes.length, 0)
+      }
+    };
+    await this.saveMap(map);
+    return map;
+  }
+  async load() {
+    const raw = await fs2.readFile(path2.join(this.workingDir, MAP_FILE), "utf-8");
+    return JSON.parse(raw);
+  }
+  findRelevantFiles(map, query) {
+    const keywords = tokenize(query);
+    if (keywords.length === 0) return map.files.slice(0, 5);
+    const scored = map.files.map((file) => {
+      let score = 0;
+      const pathLower = file.path.toLowerCase();
+      for (const kw of keywords) {
+        if (pathLower.includes(kw)) score += 3;
+        if (file.functions.some((f) => f.name.toLowerCase().includes(kw))) score += 2;
+        if (file.classes.some((c) => c.name.toLowerCase().includes(kw))) score += 2;
+        if (file.classes.some((c) => c.methods.some((m) => m.toLowerCase().includes(kw)))) score += 1;
+      }
+      return { file, score };
+    });
+    return scored.filter((s) => s.score > 0).sort((a, b) => b.score - a.score).slice(0, 8).map((s) => s.file);
+  }
+  async findFiles(extensions) {
+    const results = [];
+    await this.walk(this.workingDir, "", extensions, results);
+    return results;
+  }
+  async walk(root, rel, extensions, results) {
+    const dir = rel ? path2.join(root, rel) : root;
+    let entries;
+    try {
+      entries = await fs2.readdir(dir, { withFileTypes: true });
+    } catch {
+      return;
+    }
+    for (const entry of entries) {
+      if (IGNORED_DIRS.has(entry.name)) continue;
+      const relPath = rel ? `${rel}/${entry.name}` : entry.name;
+      if (entry.isDirectory()) {
+        await this.walk(root, relPath, extensions, results);
+      } else if (extensions.some((ext) => entry.name.endsWith(ext))) {
+        results.push(relPath);
+      }
+    }
+  }
+  async saveMap(map) {
+    const dest = path2.join(this.workingDir, MAP_FILE);
+    await fs2.mkdir(path2.dirname(dest), { recursive: true });
+    await fs2.writeFile(dest, JSON.stringify(map, null, 2), "utf-8");
+  }
+};
+function tokenize(text) {
+  const STOP_WORDS = /* @__PURE__ */ new Set([
+    "a",
+    "an",
+    "the",
+    "and",
+    "or",
+    "but",
+    "in",
+    "on",
+    "at",
+    "to",
+    "for",
+    "of",
+    "with",
+    "by",
+    "from",
+    "as",
+    "is",
+    "was",
+    "are",
+    "were",
+    "be",
+    "been",
+    "being",
+    "have",
+    "has",
+    "had",
+    "do",
+    "does",
+    "did",
+    "will",
+    "would",
+    "could",
+    "should",
+    "may",
+    "might",
+    "i",
+    "my",
+    "we",
+    "our",
+    "it",
+    "its",
+    "this",
+    "that",
+    "which",
+    "how",
+    "what",
+    "when",
+    "where",
+    "add",
+    "create",
+    "new",
+    "implement",
+    "build",
+    "make",
+    "write",
+    "update"
+  ]);
+  return text.toLowerCase().split(/\W+/).filter((w) => w.length > 2 && !STOP_WORDS.has(w));
+}
+
+// src/planner/planner.ts
+import { randomUUID } from "crypto";
+var RISK_KEYWORDS = {
+  auth: "Authentication logic requires careful security review \u2014 never hardcode secrets.",
+  password: "Password handling must use proper hashing (bcrypt/argon2), never plain text.",
+  token: "Token validation needs expiry checks and secure storage.",
+  database: "Database changes may require migrations and backward compatibility.",
+  migration: "Migrations are irreversible \u2014 test on a copy before running in production.",
+  delete: "Deletion operations should be soft-deleted or confirmed before executing.",
+  remove: "Removal of functionality may break dependent code \u2014 check all call sites.",
+  permission: "Permission checks must be enforced on the server, not just the client.",
+  upload: "File uploads need type validation, size limits, and path sanitization.",
+  payment: "Payment flows require idempotency keys and thorough error handling.",
+  email: "Email delivery is asynchronous \u2014 queue it to avoid blocking the request.",
+  cache: "Caching logic must handle invalidation to avoid stale data.",
+  concurrent: "Concurrent access requires locks or atomic operations to prevent race conditions.",
+  async: "Unhandled promise rejections will silently fail \u2014 always await or catch."
+};
+var TaskPlanner = class {
+  plan(title, description, map, relevantFiles, project) {
+    const id = randomUUID();
+    const steps = this.buildSteps(title, description, relevantFiles);
+    const impactedFiles = relevantFiles.map((f) => f.path);
+    const impactedFunctions = relevantFiles.flatMap((f) => [
+      ...f.functions.map((fn) => `${f.path}:${fn.name}`),
+      ...f.classes.flatMap((c) => c.methods.map((m) => `${f.path}:${c.name}.${m}`))
+    ]);
+    const risks = this.detectRisks(title + " " + description);
+    const complexity = this.estimateComplexity(steps.length, impactedFiles.length, risks.length);
+    const agentPrompt = this.buildAgentPrompt(title, description, steps, project);
+    return {
+      id,
+      title,
+      description,
+      impactedFiles,
+      impactedFunctions,
+      steps,
+      estimatedComplexity: complexity,
+      risks,
+      agentPrompt,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  }
+  buildSteps(title, description, files) {
+    const steps = [];
+    const combined = (title + " " + description).toLowerCase();
+    if (files.length === 0) {
+      steps.push({
+        id: randomUUID(),
+        order: 1,
+        action: "create",
+        file: "src/[module]/index.ts",
+        description: `Create the main module file for: ${title}`,
+        targetFunctions: []
+      });
+      return steps;
+    }
+    for (let i = 0; i < files.length; i++) {
+      const file = files[i];
+      const action = this.inferAction(combined, file);
+      const targetFns = [
+        ...file.functions.map((f) => f.name),
+        ...file.classes.flatMap((c) => c.methods)
+      ].slice(0, 5);
+      steps.push({
+        id: randomUUID(),
+        order: i + 1,
+        action,
+        file: file.path,
+        description: `${action === "modify" ? "Update" : "Review"} ${file.path} for: ${title}`,
+        targetFunctions: targetFns
+      });
+    }
+    return steps;
+  }
+  inferAction(combined, file) {
+    const hasCode = file.functions.length > 0 || file.classes.length > 0;
+    if (!hasCode) return "review";
+    if (/\b(add|create|new|implement|introduce)\b/.test(combined)) return "modify";
+    if (/\b(delete|remove|drop)\b/.test(combined)) return "modify";
+    return "modify";
+  }
+  detectRisks(text) {
+    const lower = text.toLowerCase();
+    return Object.entries(RISK_KEYWORDS).filter(([keyword]) => lower.includes(keyword)).map(([, message]) => message);
+  }
+  estimateComplexity(steps, files, risks) {
+    const base = 1 + steps * 0.8 + files * 0.5 + risks * 0.7;
+    return Math.min(10, Math.max(1, Math.round(base)));
+  }
+  buildAgentPrompt(title, description, steps, project) {
+    const stepList = steps.map((s) => `${s.order}. [${s.action.toUpperCase()}] ${s.file}
+   ${s.description}`).join("\n");
+    return `You are implementing a task for BrainForge AI.
+
+Project: ${project.name} (${project.language}${project.framework ? "/" + project.framework : ""})
+Developer Type: ${project.type}${project.studentLevel ? " / " + project.studentLevel : ""}
+
+## Task
+${title}
+
+${description}
+
+## Implementation Steps
+${stepList}
+
+## Instructions
+- Follow the steps in order.
+- After each file change, verify correctness before moving to the next step.
+- Use existing patterns and conventions already in the codebase.
+- Do not introduce dependencies not already in use unless necessary.
+${project.type === "student" ? "- Write code you can explain line-by-line \u2014 you will be asked to defend it." : ""}`;
+  }
+};
+
+// src/professor/scanner.ts
+import fs3 from "fs/promises";
+import path3 from "path";
+
+// src/professor/patterns.ts
+var PATTERNS = [
+  // ── JavaScript / TypeScript ─────────────────────────────────────────────────
+  {
+    id: "js-currying",
+    name: "Curried function",
+    explanation: "Currying (returning functions from functions) is an advanced functional programming pattern.",
+    regex: /=>\s*(?:\([^)]*\)|[a-zA-Z_$]\w*)\s*=>/,
+    languages: ["javascript", "typescript"],
+    flagForLevels: ["beginner"],
+    severity: "warn"
+  },
+  {
+    id: "js-generator",
+    name: "Generator function",
+    explanation: "`function*` and `yield` are advanced control-flow mechanisms.",
+    regex: /function\s*\*|yield\s+/,
+    languages: ["javascript", "typescript"],
+    flagForLevels: ["beginner"],
+    severity: "warn"
+  },
+  {
+    id: "js-proxy",
+    name: "Proxy / Reflect",
+    explanation: "Proxy and Reflect are advanced metaprogramming APIs.",
+    regex: /\bnew\s+Proxy\s*\(|\bReflect\./,
+    languages: ["javascript", "typescript"],
+    flagForLevels: ["beginner", "intermediate"],
+    severity: "error"
+  },
+  {
+    id: "js-symbol",
+    name: "Symbol usage",
+    explanation: "Symbols are a low-level primitive mainly used in library/framework internals.",
+    regex: /\bSymbol\s*\(/,
+    languages: ["javascript", "typescript"],
+    flagForLevels: ["beginner"],
+    severity: "warn"
+  },
+  {
+    id: "js-define-property",
+    name: "Object.defineProperty",
+    explanation: "Manual property descriptor manipulation is metaprogramming \u2014 rarely needed in application code.",
+    regex: /Object\.defineProperty\s*\(/,
+    languages: ["javascript", "typescript"],
+    flagForLevels: ["beginner", "intermediate"],
+    severity: "warn"
+  },
+  {
+    id: "js-decorator",
+    name: "Decorator",
+    explanation: "Decorators are a TypeScript/Stage-3 feature for class metaprogramming.",
+    regex: /^\s*@\w+/m,
+    languages: ["javascript", "typescript"],
+    flagForLevels: ["beginner"],
+    severity: "warn"
+  },
+  {
+    id: "ts-conditional-type",
+    name: "Conditional type / infer",
+    explanation: "`infer` in conditional types is an advanced TypeScript type-system feature.",
+    regex: /\binfer\s+\w+/,
+    languages: ["typescript"],
+    flagForLevels: ["beginner", "intermediate"],
+    severity: "warn"
+  },
+  {
+    id: "js-weakmap",
+    name: "WeakMap / WeakSet",
+    explanation: "Weak collections are a memory-management tool rarely needed in student projects.",
+    regex: /\bnew\s+Weak(?:Map|Set|Ref)\s*\(/,
+    languages: ["javascript", "typescript"],
+    flagForLevels: ["beginner"],
+    severity: "warn"
+  },
+  // ── Python ───────────────────────────────────────────────────────────────────
+  {
+    id: "py-metaclass",
+    name: "Metaclass",
+    explanation: "Metaclasses override Python class creation machinery \u2014 an expert-level feature.",
+    regex: /\bmetaclass\s*=/,
+    languages: ["python"],
+    flagForLevels: ["beginner", "intermediate"],
+    severity: "error"
+  },
+  {
+    id: "py-descriptor",
+    name: "Descriptor protocol",
+    explanation: "`__get__` / `__set__` / `__delete__` implement the descriptor protocol used in framework internals.",
+    regex: /def\s+__(?:get|set|delete)__\s*\(/,
+    languages: ["python"],
+    flagForLevels: ["beginner", "intermediate"],
+    severity: "warn"
+  },
+  {
+    id: "py-context-manager",
+    name: "Custom context manager",
+    explanation: "Implementing `__enter__` / `__exit__` is an intermediate-to-advanced pattern.",
+    regex: /def\s+__(?:enter|exit)__\s*\(/,
+    languages: ["python"],
+    flagForLevels: ["beginner"],
+    severity: "warn"
+  },
+  {
+    id: "py-abc",
+    name: "Abstract Base Class",
+    explanation: "`abc.ABC` and `@abstractmethod` are used to define interfaces \u2014 uncommon in intro projects.",
+    regex: /from\s+abc\s+import|ABC\s*\)|\@abstractmethod/,
+    languages: ["python"],
+    flagForLevels: ["beginner"],
+    severity: "warn"
+  },
+  {
+    id: "py-generator-send",
+    name: "Generator.send()",
+    explanation: "`.send()` on generators is an advanced coroutine-like pattern.",
+    regex: /\.\s*send\s*\(/,
+    languages: ["python"],
+    flagForLevels: ["beginner"],
+    severity: "warn"
+  },
+  // ── Java ──────────────────────────────────────────────────────────────────────
+  {
+    id: "java-reflection",
+    name: "Reflection API",
+    explanation: "Java Reflection bypasses compile-time checks and is a framework-level tool, not student code.",
+    regex: /\.getDeclaredMethod|\.getDeclaredField|Class\.forName\s*\(/,
+    languages: ["java"],
+    flagForLevels: ["beginner", "intermediate"],
+    severity: "error"
+  },
+  {
+    id: "java-generic-wildcard",
+    name: "Unbounded wildcard",
+    explanation: "`<?>` wildcards and generic bounds are advanced generics topics.",
+    regex: /<\s*\?\s*(?:extends|super)/,
+    languages: ["java"],
+    flagForLevels: ["beginner"],
+    severity: "warn"
+  }
+];
+
+// src/professor/scanner.ts
+var LANGUAGE_EXTENSIONS2 = {
+  typescript: [".ts", ".tsx"],
+  javascript: [".js", ".jsx", ".mjs"],
+  python: [".py"],
+  java: [".java"],
+  go: [".go"],
+  php: [".php"]
+};
+var IGNORED_DIRS2 = /* @__PURE__ */ new Set([
+  "node_modules",
+  ".git",
+  ".brainforge",
+  "dist",
+  "build",
+  "coverage",
+  "__pycache__",
+  ".venv",
+  "vendor"
+]);
+var ProfessorScanner = class {
+  constructor(workingDir) {
+    this.workingDir = workingDir;
+  }
+  workingDir;
+  async scan(language, studentLevel) {
+    const applicable = PATTERNS.filter(
+      (p) => p.languages.includes(language) && p.flagForLevels.includes(studentLevel)
+    );
+    const extensions = LANGUAGE_EXTENSIONS2[language];
+    const files = await this.findFiles(extensions);
+    const matches = [];
+    for (const relPath of files) {
+      const content = await fs3.readFile(path3.join(this.workingDir, relPath), "utf-8").catch(() => null);
+      if (!content) continue;
+      const lines = content.split("\n");
+      for (const pattern of applicable) {
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i];
+          if (pattern.regex.test(line)) {
+            matches.push({
+              patternId: pattern.id,
+              name: pattern.name,
+              explanation: pattern.explanation,
+              severity: pattern.severity,
+              file: relPath.replace(/\\/g, "/"),
+              line: i + 1,
+              snippet: line.trim().slice(0, 120)
+            });
+          }
+        }
+        pattern.regex.lastIndex = 0;
+      }
+    }
+    const errors = matches.filter((m) => m.severity === "error").length;
+    const warnings = matches.filter((m) => m.severity === "warn").length;
+    const report = {
+      scannedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      language,
+      studentLevel,
+      totalFilesScanned: files.length,
+      matches,
+      summary: { errors, warnings, clean: matches.length === 0 }
+    };
+    await this.writeReport(report);
+    return report;
+  }
+  async findFiles(extensions) {
+    const results = [];
+    await this.walk("", extensions, results);
+    return results;
+  }
+  async walk(rel, extensions, results) {
+    const dir = rel ? path3.join(this.workingDir, rel) : this.workingDir;
+    let entries;
+    try {
+      entries = await fs3.readdir(dir, { withFileTypes: true });
+    } catch {
+      return;
+    }
+    for (const entry of entries) {
+      if (IGNORED_DIRS2.has(entry.name)) continue;
+      const relPath = rel ? `${rel}/${entry.name}` : entry.name;
+      if (entry.isDirectory()) {
+        await this.walk(relPath, extensions, results);
+      } else if (extensions.some((ext) => entry.name.endsWith(ext))) {
+        results.push(relPath);
+      }
+    }
+  }
+  async writeReport(report) {
+    const lines = [
+      "# Professor Report",
+      "",
+      `**Scanned:** ${report.scannedAt}`,
+      `**Language:** ${report.language} | **Level:** ${report.studentLevel}`,
+      `**Files scanned:** ${report.totalFilesScanned}`,
+      `**Result:** ${report.summary.clean ? "CLEAN" : `${report.summary.errors} error(s), ${report.summary.warnings} warning(s)`}`,
+      ""
+    ];
+    if (report.summary.clean) {
+      lines.push("No advanced patterns detected. Your code matches your declared level.");
+    } else {
+      lines.push("## Findings", "");
+      for (const m of report.matches) {
+        const icon = m.severity === "error" ? "[ERROR]" : "[WARN]";
+        lines.push(
+          `### ${icon} ${m.name}`,
+          `**File:** \`${m.file}\` (line ${m.line})`,
+          `**Pattern:** \`${m.snippet}\``,
+          `**Why this matters:** ${m.explanation}`,
+          ""
+        );
+      }
+      lines.push(
+        "---",
+        "",
+        "> These findings do not mean your code is wrong. They mean you may be asked",
+        "> to explain these patterns in detail during a code defense.",
+        ""
+      );
+    }
+    const dest = path3.join(this.workingDir, "PROFESSOR_REPORT.md");
+    await fs3.writeFile(dest, lines.join("\n"), "utf-8");
+  }
+};
+
+// src/server/server.ts
+import http from "http";
+import fs4 from "fs/promises";
+import path4 from "path";
+import { fileURLToPath } from "url";
+import { WebSocketServer, WebSocket } from "ws";
+var MIME = {
+  ".html": "text/html; charset=utf-8",
+  ".js": "application/javascript",
+  ".css": "text/css",
+  ".json": "application/json",
+  ".svg": "image/svg+xml",
+  ".ico": "image/x-icon",
+  ".woff2": "font/woff2"
+};
+var BrainForgeServer = class {
+  constructor(workingDir, port = 3742, dashboardDir) {
+    this.workingDir = workingDir;
+    this.port = port;
+    const here = path4.dirname(fileURLToPath(import.meta.url));
+    this.dashboardDir = dashboardDir ?? path4.resolve(here, "../../../dashboard/dist");
+  }
+  workingDir;
+  port;
+  httpServer;
+  wss;
+  clients = /* @__PURE__ */ new Set();
+  dashboardDir;
+  boundPort;
+  async start() {
+    this.httpServer = http.createServer((req, res) => {
+      void this.handle(req, res);
+    });
+    this.wss = new WebSocketServer({ server: this.httpServer });
+    this.wss.on("connection", (ws) => {
+      this.clients.add(ws);
+      ws.on("close", () => this.clients.delete(ws));
+      ws.send(JSON.stringify({ type: "connected", payload: { version: "3.0.0" } }));
+    });
+    await new Promise(
+      (resolve, reject) => this.httpServer.listen(this.port, "127.0.0.1", () => {
+        this.boundPort = this.httpServer.address().port;
+        resolve();
+      }).on("error", reject)
+    );
+  }
+  stop() {
+    this.clients.forEach((ws) => ws.close());
+    this.wss?.close();
+    this.httpServer?.close();
+  }
+  broadcast(type, payload) {
+    const msg = JSON.stringify({ type, payload, ts: (/* @__PURE__ */ new Date()).toISOString() });
+    for (const ws of this.clients) {
+      if (ws.readyState === WebSocket.OPEN) ws.send(msg);
+    }
+  }
+  get url() {
+    return `http://127.0.0.1:${this.boundPort}`;
+  }
+  async handle(req, res) {
+    const { pathname } = new URL(req.url ?? "/", `http://localhost`);
+    res.setHeader("Access-Control-Allow-Origin", "*");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+    try {
+      if (pathname === "/api/health") return this.json(res, { ok: true, version: "3.0.0" });
+      if (pathname === "/api/state") return await this.fileJson(res, ".brainforge/core.json");
+      if (pathname === "/api/map") return await this.fileJson(res, ".brainforge/codebase-map.json");
+      if (pathname === "/api/scan") return await this.fileText(res, "PROFESSOR_REPORT.md");
+      await this.static(res, pathname);
+    } catch (err) {
+      res.writeHead(500, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: String(err) }));
+    }
+  }
+  json(res, data) {
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(JSON.stringify(data));
+  }
+  async fileJson(res, rel) {
+    try {
+      const raw = await fs4.readFile(path4.join(this.workingDir, rel), "utf-8");
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(raw);
+    } catch {
+      res.writeHead(404, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: "not found" }));
+    }
+  }
+  async fileText(res, rel) {
+    try {
+      const raw = await fs4.readFile(path4.join(this.workingDir, rel), "utf-8");
+      res.writeHead(200, { "Content-Type": "text/plain; charset=utf-8" });
+      res.end(raw);
+    } catch {
+      res.writeHead(404, { "Content-Type": "text/plain" });
+      res.end("");
+    }
+  }
+  async static(res, pathname) {
+    let target = path4.join(this.dashboardDir, pathname === "/" ? "index.html" : pathname);
+    let found = await exists(target);
+    if (!found) {
+      target = path4.join(this.dashboardDir, "index.html");
+      found = await exists(target);
+    }
+    if (!found) {
+      res.writeHead(404, { "Content-Type": "text/plain" });
+      res.end("Dashboard not built. Run: npm run build --workspace=packages/dashboard");
+      return;
+    }
+    const ext = path4.extname(target);
+    res.writeHead(200, { "Content-Type": MIME[ext] ?? "application/octet-stream" });
+    res.end(await fs4.readFile(target));
+  }
+};
+async function exists(p) {
+  return fs4.access(p).then(() => true).catch(() => false);
+}
+
+// src/defense/defense.ts
+import fs5 from "fs/promises";
+import path5 from "path";
+
+// src/defense/question-bank.ts
+var STATIC_QUESTIONS = [
+  // ── TypeScript / JavaScript ─────────────────────────────────────────────
+  {
+    id: "js-promise-explain",
+    text: "What is a Promise, and why did you use async/await instead of .then()/.catch()?",
+    modelAnswer: "A Promise represents a value that will be available in the future. async/await is syntactic sugar over Promises that makes asynchronous code read like synchronous code, improving readability and making error handling with try/catch more natural.",
+    difficulty: "easy",
+    languages: ["typescript", "javascript"],
+    levels: ["beginner", "intermediate"]
+  },
+  {
+    id: "js-export-explain",
+    text: "What does `export` do? What is the difference between `export default` and named exports?",
+    modelAnswer: "`export` makes a value available to other modules. Named exports (`export function foo`) let you export multiple things per file, imported with `{ foo }`. `export default` exports one main value per file, imported without braces.",
+    difficulty: "easy",
+    languages: ["typescript", "javascript"],
+    levels: ["beginner"]
+  },
+  {
+    id: "ts-interface-type",
+    text: "When would you use an `interface` versus a `type` alias in TypeScript?",
+    modelAnswer: "Both define shapes for objects. `interface` is preferred for object shapes that may be extended or implemented by classes. `type` is more flexible \u2014 it can represent unions, intersections, and primitives. In practice, either works for plain object shapes.",
+    difficulty: "medium",
+    languages: ["typescript"],
+    levels: ["beginner", "intermediate"]
+  },
+  {
+    id: "ts-any-vs-unknown",
+    text: "Why is `unknown` safer than `any` in TypeScript?",
+    modelAnswer: "`unknown` forces you to narrow the type before using it (via typeof, instanceof, or type guards), preventing accidental unsafe operations. `any` disables all type checking. Prefer `unknown` whenever the type is genuinely unknown at compile time.",
+    difficulty: "medium",
+    languages: ["typescript"],
+    levels: ["intermediate", "advanced"]
+  },
+  {
+    id: "js-closure",
+    text: "What is a closure, and can you find an example in your code?",
+    modelAnswer: "A closure is a function that captures variables from its surrounding scope even after that scope has returned. Example: a callback defined inside a function that references the outer function's variables. Closures power module patterns, event handlers, and factory functions.",
+    difficulty: "medium",
+    languages: ["javascript", "typescript"],
+    levels: ["beginner", "intermediate"]
+  },
+  {
+    id: "js-this-binding",
+    text: "Explain how `this` binding works in regular functions vs. arrow functions.",
+    modelAnswer: "In regular functions, `this` is determined at call time \u2014 it's the object before the dot, or `undefined` in strict mode. Arrow functions capture `this` lexically from their enclosing scope and never rebind it. This is why class methods often use arrow functions to avoid losing `this` context in callbacks.",
+    difficulty: "medium",
+    languages: ["javascript", "typescript"],
+    levels: ["intermediate"]
+  },
+  {
+    id: "js-event-loop",
+    text: "What is the JavaScript event loop and why can't you block it?",
+    modelAnswer: "The event loop is a single-threaded mechanism that processes one task at a time from a task queue. Blocking it (e.g., with a long synchronous loop) prevents all other code \u2014 including UI updates or incoming requests \u2014 from running. Async operations (I/O, timers) are handled off-thread and their callbacks are queued when done.",
+    difficulty: "hard",
+    languages: ["javascript", "typescript"],
+    levels: ["intermediate", "advanced"]
+  },
+  {
+    id: "js-prototype",
+    text: "How does prototypal inheritance work in JavaScript? How does `class` syntax relate to it?",
+    modelAnswer: "Every object has a `[[Prototype]]` (accessible via `__proto__`). When a property is not found on an object, JS looks up the prototype chain. `class` is syntactic sugar over prototypal inheritance \u2014 `class Foo extends Bar` sets up the prototype chain automatically.",
+    difficulty: "hard",
+    languages: ["javascript", "typescript"],
+    levels: ["intermediate", "advanced"]
+  },
+  // ── Python ───────────────────────────────────────────────────────────────
+  {
+    id: "py-decorator-explain",
+    text: "What is a Python decorator and what does it do to the function it wraps?",
+    modelAnswer: "A decorator is a function that takes a function as input and returns a modified version. `@my_decorator` before a function is syntactic sugar for `my_func = my_decorator(my_func)`. Decorators are commonly used for logging, authentication checks, caching, and input validation.",
+    difficulty: "medium",
+    languages: ["python"],
+    levels: ["intermediate", "advanced"]
+  },
+  {
+    id: "py-list-comp",
+    text: "What does this list comprehension do: `[x**2 for x in range(10) if x % 2 == 0]`?",
+    modelAnswer: "It creates a list of squares of even numbers from 0 to 9: [0, 4, 16, 36, 64]. List comprehensions combine a for loop and optional filter into a single readable expression, and are generally faster than equivalent for loops.",
+    difficulty: "easy",
+    languages: ["python"],
+    levels: ["beginner", "intermediate"]
+  },
+  {
+    id: "py-dunder",
+    text: "What are dunder (double-underscore) methods? Give two examples and explain when Python calls them.",
+    modelAnswer: "Dunder methods (like `__init__`, `__str__`, `__len__`) define how objects respond to built-in operations. `__init__` is called when an instance is created. `__str__` is called when you use `str()` or `print()` on an object. They let you make your classes behave like built-in Python types.",
+    difficulty: "medium",
+    languages: ["python"],
+    levels: ["beginner", "intermediate"]
+  },
+  {
+    id: "py-generator-basics",
+    text: "What is a generator function (`yield`)? When would you choose it over returning a list?",
+    modelAnswer: "A generator function yields values one at a time rather than building a full list in memory. Each call to `next()` resumes execution until the next `yield`. Use generators when the full collection is large or infinite \u2014 they're memory-efficient because they produce values lazily.",
+    difficulty: "medium",
+    languages: ["python"],
+    levels: ["intermediate", "advanced"]
+  },
+  // ── Java ─────────────────────────────────────────────────────────────────
+  {
+    id: "java-interface-abstract",
+    text: "What is the difference between a Java `interface` and an `abstract class`?",
+    modelAnswer: "An interface defines a contract of method signatures (all abstract by default, can have default/static methods since Java 8). An abstract class can have both abstract and concrete methods plus state (fields). A class can implement multiple interfaces but extend only one class. Use interfaces for capabilities (Comparable, Serializable), abstract classes for shared implementation.",
+    difficulty: "medium",
+    languages: ["java"],
+    levels: ["beginner", "intermediate"]
+  },
+  {
+    id: "java-generics",
+    text: "What do generics (`<T>`) provide in Java?",
+    modelAnswer: "Generics provide compile-time type safety for collections and methods. Instead of `List` (which accepts `Object` and requires casting), `List<String>` only allows Strings. The type parameter `<T>` is erased at runtime (type erasure), but the compiler enforces correctness.",
+    difficulty: "medium",
+    languages: ["java"],
+    levels: ["intermediate"]
+  }
+];
+var PATTERN_QUESTIONS = {
+  "js-currying": {
+    text: "Explain the currying pattern used in your code. What problem does it solve here?",
+    modelAnswer: "Currying transforms a function that takes multiple arguments into a chain of functions each taking one argument. It enables partial application (pre-filling some arguments) and makes code more composable. However, it reduces readability for beginners and should only be used when the functional pattern genuinely clarifies intent.",
+    difficulty: "hard"
+  },
+  "js-generator": {
+    text: "You used a generator function (`function*`). Walk me through what happens step-by-step when code calls `.next()` on it.",
+    modelAnswer: "Calling the generator returns an iterator without executing any code. Each `.next()` call runs until the next `yield` expression, pauses, and returns `{ value: yieldedValue, done: false }`. After the function returns, `done` becomes `true`. This lazy execution is why generators suit streaming or infinite sequences.",
+    difficulty: "hard"
+  },
+  "js-proxy": {
+    text: "Explain what `new Proxy(target, handler)` does. Why is it typically not found in student code?",
+    modelAnswer: "A Proxy wraps an object and intercepts fundamental operations (get, set, has, etc.) via handler traps. It's used in frameworks for reactivity, validation, and ORM magic. In student code it's rare because it's a metaprogramming tool \u2014 before using it you must fully understand the operations it intercepts and its performance implications.",
+    difficulty: "hard"
+  },
+  "py-metaclass": {
+    text: "You used a metaclass. Explain what it does and why this was the right choice over a simpler alternative.",
+    modelAnswer: 'A metaclass is "the class of a class" \u2014 it controls how classes are created. Common uses: registering subclasses, validating class definitions, adding methods automatically (like ORMs do). Alternatives like `__init_subclass__` or decorators usually achieve the same goal with less complexity. If this is in student code, the professor will ask you to justify why a metaclass was necessary.',
+    difficulty: "hard"
+  },
+  "java-reflection": {
+    text: "You used Java Reflection. Explain what it does, what the risks are, and why a direct approach wouldn't work here.",
+    modelAnswer: "Reflection lets you inspect and call methods/fields at runtime by name, bypassing compile-time type checks. Risks: it's slow, breaks type safety, can bypass access modifiers, and makes code hard to follow. It's appropriate in frameworks (dependency injection, serialization) where the type isn't known at compile time. In most student use cases, a direct method call or interface would be simpler and safer.",
+    difficulty: "hard"
+  }
+};
+function buildQuestionSet(project, map, report, maxQuestions = 8) {
+  const level = project.studentLevel ?? "intermediate";
+  const lang = project.language;
+  const questions = [];
+  if (report) {
+    for (const match of report.matches) {
+      const pq = PATTERN_QUESTIONS[match.patternId];
+      if (pq && questions.length < 4) {
+        questions.push(pq);
+      }
+    }
+  }
+  const relevant = STATIC_QUESTIONS.filter(
+    (q) => q.languages.includes(lang) && q.levels.includes(level)
+  );
+  const shuffled = relevant.sort(() => Math.random() - 0.5);
+  for (const q of shuffled) {
+    if (questions.length >= maxQuestions) break;
+    questions.push({ text: q.text, modelAnswer: q.modelAnswer, difficulty: q.difficulty });
+  }
+  const allFunctions = map.files.flatMap((f) => f.functions.map((fn) => ({ file: f.path, fn })));
+  const publicFns = allFunctions.filter((x) => x.fn.isExported).slice(0, 3);
+  for (const { file, fn } of publicFns) {
+    if (questions.length >= maxQuestions) break;
+    questions.push({
+      text: `Explain what \`${fn.name}()\` in \`${file}\` does and why it's exported.`,
+      modelAnswer: `[Code-specific \u2014 answer based on your implementation of ${fn.name}]`,
+      difficulty: "easy"
+    });
+  }
+  return questions.slice(0, maxQuestions);
+}
+
+// src/defense/defense.ts
+var MockDefense = class {
+  constructor(workingDir) {
+    this.workingDir = workingDir;
+  }
+  workingDir;
+  selectQuestions(project, map, report, count = 8) {
+    return buildQuestionSet(project, map, report, count);
+  }
+  async saveSession(session) {
+    const lines = [
+      "# Defense Prep Report",
+      "",
+      `**Project:** ${session.projectName}`,
+      `**Language:** ${session.language} | **Level:** ${session.studentLevel}`,
+      `**Completed:** ${session.completedAt}`,
+      `**Average Confidence:** ${session.averageConfidence.toFixed(1)}/5`,
+      "",
+      "---",
+      ""
+    ];
+    for (let i = 0; i < session.questions.length; i++) {
+      const q = session.questions[i];
+      const stars = "\u2605".repeat(q.confidence) + "\u2606".repeat(5 - q.confidence);
+      lines.push(
+        `## Q${i + 1} [${stars}]`,
+        "",
+        `**Question:** ${q.question}`,
+        "",
+        "**Your answer:**",
+        q.answer || "*(no answer provided)*",
+        "",
+        "**Model answer:**",
+        q.modelAnswer,
+        "",
+        "---",
+        ""
+      );
+    }
+    const lowConfidence = session.questions.filter((q) => q.confidence <= 2);
+    if (lowConfidence.length > 0) {
+      lines.push(
+        "## Areas to Review",
+        "",
+        ...lowConfidence.map((q, i) => `${i + 1}. ${q.question}`),
+        ""
+      );
+    }
+    await fs5.writeFile(
+      path5.join(this.workingDir, "DEFENSE_PREP.md"),
+      lines.join("\n"),
+      "utf-8"
+    );
+  }
+};
+
+// src/skills/registry.ts
+import fs6 from "fs/promises";
+import path6 from "path";
+import Handlebars2 from "handlebars";
+
+// src/skills/built-in.ts
+var BUILT_IN_SKILLS = [
+  // ── Backend ──────────────────────────────────────────────────────────────────
+  {
+    id: "backend/crud-service",
+    name: "CRUD Service",
+    category: "backend",
+    description: "Generate a complete CRUD service for an entity",
+    template: `Generate a complete CRUD service for "{{entity}}" in {{project.language}}{{#if project.framework}} using {{project.framework}}{{/if}}.
+
+Entity fields: {{fields}}
+
+Include:
+- createOne: validate inputs, insert, return created entity
+- findById: return entity or throw NotFoundError
+- findAll: list with pagination (page, limit) and optional filter by {{filterField}}
+- updateOne: partial update, validate changed fields, return updated entity
+- deleteOne: {{#if softDelete}}soft delete (set deletedAt timestamp){{else}}hard delete{{/if}}
+
+Requirements:
+- Full TypeScript types for the entity, CreateDTO, UpdateDTO, and responses
+- Input validation at the service boundary
+- Consistent error types (NotFoundError, ValidationError)
+- No direct database calls \u2014 use a repository/data-access abstraction
+{{#if (eq project.type "student")}}- Add JSDoc comments explaining each method{{/if}}`,
+    contextSchema: [
+      { key: "entity", label: "Entity name", type: "text", placeholder: "User" },
+      { key: "fields", label: "Entity fields", type: "text", placeholder: "id: uuid, email: string, name: string, createdAt: date" },
+      { key: "filterField", label: "Main filter field", type: "text", placeholder: "status", default: "status" },
+      { key: "softDelete", label: "Use soft delete?", type: "boolean", default: true }
+    ],
+    tags: ["crud", "service", "api", "backend"],
+    version: "1.0.0"
+  },
+  {
+    id: "backend/api-endpoint",
+    name: "REST API Endpoint",
+    category: "backend",
+    description: "Design a single REST API endpoint with full validation and error handling",
+    template: `Design a {{method}} {{route}} endpoint in {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}.
+
+Purpose: {{purpose}}
+
+Implement:
+1. Route handler with input validation (body/params/query)
+2. Business logic delegation to a service layer
+3. Success response shape: {{successShape}}
+4. Error handling: 400 (validation), 401 (auth), 404 (not found), 500 (server)
+5. Request/response TypeScript types
+6. Middleware chain: auth \u2192 validate \u2192 handle \u2192 respond
+
+Include a brief usage example (curl or fetch).`,
+    contextSchema: [
+      { key: "method", label: "HTTP method", type: "select", options: ["GET", "POST", "PUT", "PATCH", "DELETE"], default: "POST" },
+      { key: "route", label: "Route path", type: "text", placeholder: "/api/users/:id" },
+      { key: "purpose", label: "What does it do?", type: "text", placeholder: "Update a user's profile" },
+      { key: "successShape", label: "Success response shape", type: "text", placeholder: "{ user: User, updatedAt: string }" }
+    ],
+    tags: ["api", "rest", "endpoint", "backend"],
+    version: "1.0.0"
+  },
+  {
+    id: "backend/auth-middleware",
+    name: "Auth Middleware",
+    category: "backend",
+    description: "Implement authentication/authorization middleware",
+    template: `Implement {{authType}} authentication middleware in {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}.
+
+Requirements:
+- Extract token from Authorization header (Bearer scheme)
+- Validate the token (signature, expiry, claims)
+- Attach decoded user to request context
+- Return 401 with clear message on invalid/missing token
+- Return 403 if user lacks required role: {{requiredRole}}
+- Never leak token internals in error responses
+
+Also implement:
+- A login endpoint that issues the token
+- A token refresh endpoint{{#if rememberMe}} with remember-me (long-lived refresh tokens){{/if}}
+- Logout (token invalidation/blacklist)
+
+Security requirements:
+- Store secrets in environment variables, never hardcode
+- Use a well-tested crypto library, not custom crypto
+- Set short expiry on access tokens (15 min recommended)`,
+    contextSchema: [
+      { key: "authType", label: "Auth type", type: "select", options: ["JWT", "Session", "API Key", "OAuth2"], default: "JWT" },
+      { key: "requiredRole", label: "Required role (optional)", type: "text", placeholder: "admin", default: "any authenticated user" },
+      { key: "rememberMe", label: "Include remember-me?", type: "boolean", default: false }
+    ],
+    tags: ["auth", "jwt", "security", "middleware"],
+    version: "1.0.0"
+  },
+  {
+    id: "backend/error-handler",
+    name: "Error Handler",
+    category: "backend",
+    description: "Centralized error handling with typed error classes",
+    template: `Implement centralized error handling in {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}.
+
+Create a typed error hierarchy:
+- AppError (base): message, statusCode, isOperational
+- ValidationError (400): field errors map
+- AuthenticationError (401)
+- AuthorizationError (403)
+- NotFoundError (404): resource name
+- ConflictError (409): duplicate resource
+- RateLimitError (429)
+- InternalError (500): hides internal details from clients
+
+Global error middleware/handler that:
+- Catches all thrown errors
+- Logs operational errors at WARN, unexpected errors at ERROR
+- Returns JSON: { error: { code, message, {{#if includeDetails}}details{{/if}} } }
+- Never exposes stack traces or internal messages to clients
+- Handles async errors (unhandledRejection, uncaughtException)`,
+    contextSchema: [
+      { key: "includeDetails", label: "Include error details in dev mode?", type: "boolean", default: true }
+    ],
+    tags: ["error-handling", "middleware", "backend"],
+    version: "1.0.0"
+  },
+  {
+    id: "backend/validation-schema",
+    name: "Validation Schema",
+    category: "backend",
+    description: "Create input validation schemas with a validation library",
+    template: `Create validation schemas for {{entity}} in {{project.language}} using {{library}}.
+
+Fields to validate:
+{{fields}}
+
+For each field define:
+- Type (string, number, boolean, array, object, date)
+- Required vs optional
+- Constraints (min/max length, regex pattern, enum values, range)
+- Custom error messages in plain English
+
+Also provide:
+- CreateSchema (all required fields)
+- UpdateSchema (all fields optional for PATCH)
+- QuerySchema (pagination + filters)
+- A validation utility function that returns typed errors`,
+    contextSchema: [
+      { key: "entity", label: "Entity name", type: "text", placeholder: "User" },
+      { key: "fields", label: "Fields to validate", type: "text", placeholder: "email: string email, age: number 18-120, role: admin|user|viewer" },
+      { key: "library", label: "Validation library", type: "select", options: ["Zod", "Joi", "Yup", "class-validator", "Pydantic", "built-in"], default: "Zod" }
+    ],
+    tags: ["validation", "schema", "backend"],
+    version: "1.0.0"
+  },
+  {
+    id: "backend/rate-limiter",
+    name: "Rate Limiter",
+    category: "backend",
+    description: "Implement request rate limiting middleware",
+    template: `Implement rate limiting middleware for a {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}} API.
+
+Strategy: {{strategy}}
+Limits: {{limits}}
+
+Requirements:
+- Track requests per {{window}} window per {{keyBy}}
+- Return 429 Too Many Requests with Retry-After header when exceeded
+- Include rate limit headers on every response: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset
+- Different limits for: authenticated users vs anonymous, admin vs regular endpoints
+- Storage backend: {{storage}} (must survive process restart in production)
+- Graceful degradation: if the rate limit store is unavailable, fail open (don't block requests) and log a warning
+
+Provide the middleware, a config object, and an example of applying different limits to different route groups.`,
+    contextSchema: [
+      { key: "strategy", label: "Rate limit strategy", type: "select", options: ["Fixed window", "Sliding window", "Token bucket", "Leaky bucket"], default: "Sliding window" },
+      { key: "limits", label: "Limits (e.g. 100 req/min per user)", type: "text", placeholder: "100 req/min per user, 1000 req/hour per IP" },
+      { key: "window", label: "Time window", type: "select", options: ["1 minute", "5 minutes", "1 hour", "1 day"], default: "1 minute" },
+      { key: "keyBy", label: "Key by", type: "select", options: ["IP address", "user ID", "API key", "IP + user ID"], default: "user ID" },
+      { key: "storage", label: "Storage backend", type: "select", options: ["Redis", "in-memory (dev only)", "database"], default: "Redis" }
+    ],
+    tags: ["rate-limiting", "middleware", "backend", "security"],
+    version: "1.0.0"
+  },
+  {
+    id: "backend/caching",
+    name: "Caching Layer",
+    category: "backend",
+    description: "Add a caching strategy to a service or endpoint",
+    template: `Design a caching strategy for {{target}} in {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}.
+
+What to cache: {{whatToCache}}
+Cache backend: {{cacheBackend}}
+TTL: {{ttl}}
+
+Implement:
+1. Cache-aside pattern: check cache \u2192 on miss, fetch from source \u2192 store in cache \u2192 return
+2. Cache key design: deterministic, namespaced, versioned (e.g. \`{{project.name}}:v1:users:{id}\`)
+3. Cache invalidation: {{invalidationStrategy}}
+4. Stampede protection: single-flight / mutex for concurrent misses on the same key
+5. Cache warming: pre-populate on startup for {{criticalKeys}}
+
+Edge cases to handle:
+- Null/empty result caching (negative cache) to prevent DB hammering
+- Cache unavailability: fall through to source without crashing
+- Stale-while-revalidate for non-critical data
+
+Provide helper functions for get-or-set and invalidate patterns.`,
+    contextSchema: [
+      { key: "target", label: "What to cache", type: "text", placeholder: "User profile endpoint GET /users/:id" },
+      { key: "whatToCache", label: "Data being cached", type: "text", placeholder: "User objects after DB lookup" },
+      { key: "cacheBackend", label: "Cache backend", type: "select", options: ["Redis", "Memcached", "in-memory (Map)", "CDN edge cache"], default: "Redis" },
+      { key: "ttl", label: "Time-to-live", type: "text", default: "5 minutes" },
+      { key: "invalidationStrategy", label: "Invalidation strategy", type: "select", options: ["TTL expiry only", "Event-based (on write)", "Manual + TTL", "Cache tags"], default: "Event-based (on write)" },
+      { key: "criticalKeys", label: "Keys to warm on startup", type: "text", placeholder: "top 100 users, app config" }
+    ],
+    tags: ["caching", "redis", "performance", "backend"],
+    version: "1.0.0"
+  },
+  {
+    id: "backend/file-upload",
+    name: "File Upload Handler",
+    category: "backend",
+    description: "Implement secure multipart file upload with storage and validation",
+    template: `Implement a file upload handler for {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}.
+
+Upload type: {{uploadType}}
+Storage: {{storage}}
+Allowed types: {{allowedTypes}}
+Max size: {{maxSize}}
+
+Requirements:
+- Validate file type by MIME type AND magic bytes (not just extension)
+- Enforce max file size: {{maxSize}} \u2014 reject before fully reading the stream
+- Sanitize filenames: strip path traversal characters, generate a UUID-based storage name
+- Virus scanning hook (placeholder if no scanner available)
+- Progress: emit upload progress events if using streaming
+- Store: {{storage}} with a public URL returned to the client
+- Multiple files: support up to {{maxFiles}} files per request
+
+Security checklist:
+- Never serve uploaded files from the same origin as the app (use a separate domain or CDN)
+- Set Content-Disposition: attachment for downloads
+- Strip EXIF metadata from images
+
+Return: { url, filename, size, mimeType, uploadedAt }`,
+    contextSchema: [
+      { key: "uploadType", label: "Upload type", type: "select", options: ["images only", "documents (PDF/DOC)", "any file", "videos"], default: "images only" },
+      { key: "storage", label: "Storage destination", type: "select", options: ["AWS S3", "Cloudflare R2", "local disk (dev)", "Supabase Storage"], default: "AWS S3" },
+      { key: "allowedTypes", label: "Allowed MIME types", type: "text", default: "image/jpeg, image/png, image/webp" },
+      { key: "maxSize", label: "Max file size", type: "text", default: "5 MB" },
+      { key: "maxFiles", label: "Max files per request", type: "text", default: "5" }
+    ],
+    tags: ["file-upload", "storage", "backend", "security"],
+    version: "1.0.0"
+  },
+  {
+    id: "backend/event-bus",
+    name: "Event Bus",
+    category: "backend",
+    description: "Implement an in-process or distributed event bus",
+    template: `Implement an event bus for {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}.
+
+Events to support: {{events}}
+Bus type: {{busType}}
+
+Design:
+1. Typed event definitions \u2014 each event has a name and a strict payload type
+2. Publisher: emit(eventName, payload) \u2014 fire and forget, never blocks the caller
+3. Subscriber: on(eventName, handler) \u2014 registers a handler, returns an unsubscribe function
+4. Error isolation: a handler throwing must not prevent other handlers from running
+5. Async handlers: all handlers run asynchronously, errors are caught and logged
+
+{{#if (eq busType "distributed")}}
+For distributed (message queue):
+- Use {{broker}} as the broker
+- Persistent messages: events survive process restarts
+- At-least-once delivery: handlers must be idempotent
+- Dead letter queue for failed messages after 3 retries
+{{/if}}
+
+Provide: EventBus class/module, event type definitions, and an example of wiring publisher and subscriber in the app bootstrap.`,
+    contextSchema: [
+      { key: "events", label: "Events (e.g. user.created, order.paid)", type: "text", placeholder: "user.registered, payment.succeeded, order.shipped" },
+      { key: "busType", label: "Bus type", type: "select", options: ["in-process", "distributed"], default: "in-process" },
+      { key: "broker", label: "Message broker (if distributed)", type: "select", options: ["Redis Pub/Sub", "RabbitMQ", "Kafka", "BullMQ"], default: "BullMQ" }
+    ],
+    tags: ["event-bus", "events", "architecture", "backend"],
+    version: "1.0.0"
+  },
+  {
+    id: "backend/websocket",
+    name: "WebSocket Server",
+    category: "backend",
+    description: "Implement a real-time WebSocket server with room/channel support",
+    template: `Implement a WebSocket server in {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}.
+
+Use case: {{useCase}}
+Events: {{events}}
+
+Requirements:
+- Connection lifecycle: connect \u2192 authenticate \u2192 join rooms \u2192 message \u2192 disconnect
+- Authentication: verify JWT on the initial handshake (reject unauthenticated connections)
+- Rooms/channels: clients can join/leave named rooms; broadcast to room members only
+- Message schema: { type, payload, roomId?, timestamp }
+- Heartbeat: ping/pong every 30s to detect dead connections; clean up on timeout
+- Reconnection: emit a "missed events" catch-up on reconnect using a cursor/sequence number
+- Backpressure: don't queue unlimited messages for slow clients \u2014 drop or pause after {{bufferSize}} queued messages
+
+Client events to handle: {{events}}
+Server-to-client events to emit: {{serverEvents}}
+
+Provide the server setup, a typed message protocol, and a minimal client-side connection handler.`,
+    contextSchema: [
+      { key: "useCase", label: "Use case", type: "text", placeholder: "Real-time collaborative document editing" },
+      { key: "events", label: "Client events", type: "text", placeholder: "join-room, leave-room, send-message, typing" },
+      { key: "serverEvents", label: "Server events", type: "text", placeholder: "message, user-joined, user-left, error" },
+      { key: "bufferSize", label: "Max buffer size per client", type: "text", default: "100 messages" }
+    ],
+    tags: ["websocket", "realtime", "backend"],
+    version: "1.0.0"
+  },
+  // ── Frontend ─────────────────────────────────────────────────────────────────
+  {
+    id: "frontend/react-component",
+    name: "React Component",
+    category: "frontend",
+    description: "Scaffold a typed, accessible React component",
+    template: `Create a React component called {{componentName}} in TypeScript.
+
+Purpose: {{purpose}}
+
+Props interface:
+{{props}}
+
+Requirements:
+- Full TypeScript prop types with JSDoc on each prop
+- Accessibility: semantic HTML, ARIA attributes where needed, keyboard navigation
+- Loading and error states if the component fetches data
+- Memoization (React.memo, useMemo, useCallback) where it genuinely helps
+- Export: named export + default export
+{{#if includeStory}}- Storybook story with default, loading, and error variants{{/if}}
+{{#if includeTest}}- Jest + Testing Library unit tests for key interactions{{/if}}
+
+Use the project's existing patterns \u2014 check for a component library or design system before creating primitives from scratch.`,
+    contextSchema: [
+      { key: "componentName", label: "Component name", type: "text", placeholder: "UserProfileCard" },
+      { key: "purpose", label: "What does it do?", type: "text", placeholder: "Display a user's avatar, name, and role" },
+      { key: "props", label: "Props (one per line)", type: "text", placeholder: 'userId: string\nonClick?: () => void\nsize?: "sm" | "md" | "lg"' },
+      { key: "includeStory", label: "Include Storybook story?", type: "boolean", default: false },
+      { key: "includeTest", label: "Include unit tests?", type: "boolean", default: true }
+    ],
+    tags: ["react", "component", "frontend", "typescript"],
+    version: "1.0.0"
+  },
+  {
+    id: "frontend/form-handler",
+    name: "Form Handler",
+    category: "frontend",
+    description: "Implement a form with validation, submission, and error display",
+    template: `Implement a {{formName}} form in {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}.
+
+Fields:
+{{fields}}
+
+Implement:
+- Controlled inputs with real-time validation
+- Field-level error messages shown after blur
+- Form-level error on submission failure (API error)
+- Submit button disabled while submitting
+- Success feedback after submission
+- Reset form on success
+
+Validation rules: {{validationRules}}
+On submit: call {{submitAction}}
+
+Use {{formLibrary}} for form state management if it's already in the project; otherwise use React useState.`,
+    contextSchema: [
+      { key: "formName", label: "Form name", type: "text", placeholder: "LoginForm" },
+      { key: "fields", label: "Form fields", type: "text", placeholder: "email: email, password: password (min 8 chars)" },
+      { key: "validationRules", label: "Validation rules", type: "text", placeholder: "email required valid format, password min 8 chars" },
+      { key: "submitAction", label: "Submit action", type: "text", placeholder: "authService.login(data)" },
+      { key: "formLibrary", label: "Form library", type: "select", options: ["React Hook Form", "Formik", "plain React state"], default: "React Hook Form" }
+    ],
+    tags: ["form", "validation", "frontend", "react"],
+    version: "1.0.0"
+  },
+  {
+    id: "frontend/api-client",
+    name: "API Client",
+    category: "frontend",
+    description: "Build a typed HTTP client service for a REST API",
+    template: `Create a typed API client service in {{project.language}} for the {{apiName}} API.
+
+Base URL: {{baseUrl}}
+
+Endpoints to support:
+{{endpoints}}
+
+Requirements:
+- Single axios/fetch instance with base config
+- Automatic auth token injection from storage (localStorage or cookie)
+- Request/response interceptors: add auth header, handle 401 (auto-refresh or redirect to login)
+- Response typing: each endpoint returns a typed Promise
+- Error normalization: network errors and API errors both return an ApiError type
+- Timeout: {{timeout}}ms default
+- Retry: {{retries}} retries on network failure (not on 4xx)
+
+Export individual functions, not a class.`,
+    contextSchema: [
+      { key: "apiName", label: "API name", type: "text", placeholder: "User API" },
+      { key: "baseUrl", label: "Base URL", type: "text", placeholder: "/api/v1" },
+      { key: "endpoints", label: "Endpoints (one per line)", type: "text", placeholder: "GET /users, POST /users, GET /users/:id, PUT /users/:id" },
+      { key: "timeout", label: "Timeout (ms)", type: "text", default: "10000" },
+      { key: "retries", label: "Retry count", type: "text", default: "3" }
+    ],
+    tags: ["api", "http", "client", "frontend"],
+    version: "1.0.0"
+  },
+  {
+    id: "frontend/responsive-layout",
+    name: "Responsive Layout",
+    category: "frontend",
+    description: "Create a responsive CSS layout structure",
+    template: `Design a responsive {{layoutName}} layout in {{project.language}}{{#if project.framework}} using {{project.framework}}{{/if}}.
+
+Layout description: {{description}}
+
+Breakpoints:
+- Mobile: < 640px \u2014 {{mobile}}
+- Tablet: 640px\u20131024px \u2014 {{tablet}}
+- Desktop: > 1024px \u2014 {{desktop}}
+
+Requirements:
+- CSS Grid or Flexbox (explain the choice)
+- No magic numbers \u2014 use design tokens/CSS variables for spacing and color
+- Accessible: correct heading hierarchy, landmark regions (header, main, nav, footer)
+- Dark mode support via prefers-color-scheme
+- No horizontal scroll at any viewport width
+- Print-friendly (hide navigation, show content)`,
+    contextSchema: [
+      { key: "layoutName", label: "Layout name", type: "text", placeholder: "Dashboard" },
+      { key: "description", label: "Layout description", type: "text", placeholder: "Sidebar + main content + top nav" },
+      { key: "mobile", label: "Mobile layout", type: "text", placeholder: "single column, hamburger menu" },
+      { key: "tablet", label: "Tablet layout", type: "text", placeholder: "collapsible sidebar, content" },
+      { key: "desktop", label: "Desktop layout", type: "text", placeholder: "fixed sidebar, main + right panel" }
+    ],
+    tags: ["layout", "css", "responsive", "frontend"],
+    version: "1.0.0"
+  },
+  {
+    id: "frontend/state-management",
+    name: "State Management",
+    category: "frontend",
+    description: "Set up a client-side state management store",
+    template: `Set up {{library}} state management in {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}.
+
+State to manage: {{stateDescription}}
+Slices/stores: {{slices}}
+
+Requirements:
+- Separate concerns: server state (API data) vs client/UI state (modals, selected items)
+- Async actions: loading / success / error states for each API slice
+- Selectors: memoized derived state \u2014 don't recompute on unrelated changes
+- Persistence: {{persistence}} using localStorage/sessionStorage
+- DevTools integration: time-travel debugging in development
+- TypeScript: full type coverage \u2014 no \`any\` in store or selectors
+
+For each slice provide:
+1. State shape with TypeScript interface
+2. Actions / reducers / thunks
+3. Selectors
+4. Example component consuming the slice
+
+Also explain: when should this state live in the global store vs local component state?`,
+    contextSchema: [
+      { key: "library", label: "State library", type: "select", options: ["Zustand", "Redux Toolkit", "Jotai", "Recoil", "MobX"], default: "Zustand" },
+      { key: "stateDescription", label: "What state to manage", type: "text", placeholder: "Current user auth, shopping cart, UI theme" },
+      { key: "slices", label: "Slices / stores", type: "text", placeholder: "auth, cart, ui" },
+      { key: "persistence", label: "Persist to storage?", type: "select", options: ["none", "auth only", "full store"], default: "auth only" }
+    ],
+    tags: ["state", "zustand", "redux", "frontend"],
+    version: "1.0.0"
+  },
+  {
+    id: "frontend/data-table",
+    name: "Data Table",
+    category: "frontend",
+    description: "Build a data table with sorting, filtering, and pagination",
+    template: `Build a {{tableName}} data table in {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}.
+
+Data shape: {{dataShape}}
+Columns: {{columns}}
+
+Features to implement:
+- Column sorting (click header to toggle asc/desc, multi-column sort optional)
+- Column filtering: text search + {{filterType}} per column
+- Pagination: {{paginationType}} with configurable page size
+- Row selection: {{selection}}
+- Column visibility toggle (show/hide columns)
+- Loading skeleton (not just a spinner \u2014 show column widths)
+- Empty state with helpful message
+
+Performance:
+- Virtualize rows if dataset > 1000 items
+- Debounce filter inputs (300ms)
+- Memoize sort/filter computations
+
+Accessibility:
+- Role="grid" with aria-sort on sortable headers
+- Keyboard navigation: arrow keys to move between cells
+- Announce sort/filter changes to screen readers`,
+    contextSchema: [
+      { key: "tableName", label: "Table name", type: "text", placeholder: "UsersTable" },
+      { key: "dataShape", label: "Row data shape", type: "text", placeholder: "id, name, email, role, createdAt, status" },
+      { key: "columns", label: "Visible columns", type: "text", placeholder: "Name, Email, Role, Status, Created At, Actions" },
+      { key: "filterType", label: "Filter type", type: "select", options: ["text search only", "dropdown select", "date range", "text + dropdown"], default: "text + dropdown" },
+      { key: "paginationType", label: "Pagination type", type: "select", options: ["page numbers", "cursor-based", "infinite scroll", "load more button"], default: "page numbers" },
+      { key: "selection", label: "Row selection", type: "select", options: ["none", "single row", "multi-select with checkbox"], default: "multi-select with checkbox" }
+    ],
+    tags: ["table", "data-grid", "frontend"],
+    version: "1.0.0"
+  },
+  {
+    id: "frontend/auth-flow",
+    name: "Auth UI Flow",
+    category: "frontend",
+    description: "Implement login, register, and protected route UI flow",
+    template: `Implement the authentication UI flow in {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}.
+
+Backend auth API: {{authApi}}
+Token storage: {{tokenStorage}}
+
+Screens to build:
+1. **Login form** \u2014 email + password, remember me, forgot password link
+2. **Register form** \u2014 name, email, password + confirm, terms checkbox
+3. **Forgot password** \u2014 email input, confirmation message
+4. **Protected route wrapper** \u2014 redirect to /login if not authenticated, preserve intended URL
+
+Auth state management:
+- Store: user profile + access token + refresh token + expiry
+- On app load: restore session from {{tokenStorage}}, validate token expiry
+- Auto-refresh: silently refresh access token {{refreshWindow}} before expiry
+- Logout: clear all tokens, invalidate session on server, redirect to /login
+
+UX requirements:
+- Show loading state during auth operations
+- Surface backend error messages (wrong password, email taken)
+- Redirect to originally requested page after login
+- Logout confirmation only if user has unsaved work`,
+    contextSchema: [
+      { key: "authApi", label: "Auth API base", type: "text", placeholder: "/api/auth (POST /login, POST /register, POST /refresh)" },
+      { key: "tokenStorage", label: "Token storage", type: "select", options: ["localStorage", "httpOnly cookie", "in-memory + refresh cookie"], default: "httpOnly cookie" },
+      { key: "refreshWindow", label: "Refresh how early before expiry", type: "text", default: "2 minutes" }
+    ],
+    tags: ["auth", "login", "frontend", "react"],
+    version: "1.0.0"
+  },
+  {
+    id: "frontend/toast-notifications",
+    name: "Toast Notifications",
+    category: "frontend",
+    description: "Implement a toast/snackbar notification system",
+    template: `Implement a toast notification system in {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}.
+
+Requirements:
+- Types: success, error, warning, info (with distinct colors and icons)
+- Auto-dismiss after {{autoDismiss}}s (configurable per toast)
+- Manual dismiss button on each toast
+- Stack multiple toasts (max {{maxToasts}} visible at once, queue the rest)
+- Position: {{position}}
+- Animations: slide-in on appear, fade-out on dismiss
+- Accessibility: role="alert" for errors, role="status" for info; auto-focus management
+
+API design (imperative, usable anywhere in the app):
+\`\`\`
+toast.success("Profile saved")
+toast.error("Failed to save", { duration: 0 }) // persistent
+toast.promise(saveProfile(), { loading: "Saving...", success: "Saved!", error: "Failed" })
+\`\`\`
+
+Provide: ToastProvider, useToast hook, and the individual Toast component.`,
+    contextSchema: [
+      { key: "position", label: "Toast position", type: "select", options: ["top-right", "top-center", "bottom-right", "bottom-center"], default: "top-right" },
+      { key: "autoDismiss", label: "Auto-dismiss delay (seconds)", type: "text", default: "5" },
+      { key: "maxToasts", label: "Max visible toasts", type: "text", default: "3" }
+    ],
+    tags: ["toast", "notifications", "ui", "frontend"],
+    version: "1.0.0"
+  },
+  {
+    id: "frontend/infinite-scroll",
+    name: "Infinite Scroll",
+    category: "frontend",
+    description: "Implement infinite scroll with intersection observer",
+    template: `Implement infinite scroll for {{listName}} in {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}.
+
+Data source: {{dataSource}}
+Item component: {{itemComponent}}
+
+Implementation:
+- Use IntersectionObserver (not scroll events) to detect when the sentinel element enters the viewport
+- Trigger next page load when sentinel is within {{threshold}}px of the viewport
+- Show a loading skeleton for new items (not a full-page spinner)
+- Handle: initial load, loading next page, no more pages, network error with retry
+- Preserve scroll position on browser back/forward navigation
+- Cleanup: disconnect observer on unmount
+
+Cursor-based pagination:
+- Use cursor (not page number) to avoid duplicate/missing items if data changes
+- API call: GET {{dataSource}}?cursor={{cursor}}&limit={{pageSize}}
+- Response shape: { items: T[], nextCursor: string | null }
+
+Provide: useInfiniteScroll hook + ItemList component + sentinel element pattern.`,
+    contextSchema: [
+      { key: "listName", label: "List name", type: "text", placeholder: "PostFeed" },
+      { key: "dataSource", label: "API endpoint", type: "text", placeholder: "/api/posts" },
+      { key: "itemComponent", label: "Item component", type: "text", placeholder: "PostCard" },
+      { key: "threshold", label: "Load trigger threshold (px from bottom)", type: "text", default: "200" },
+      { key: "pageSize", label: "Items per page", type: "text", default: "20" }
+    ],
+    tags: ["infinite-scroll", "pagination", "performance", "frontend"],
+    version: "1.0.0"
+  },
+  // ── Database ─────────────────────────────────────────────────────────────────
+  {
+    id: "database/schema-design",
+    name: "Database Schema",
+    category: "database",
+    description: "Design a normalized relational database schema",
+    template: `Design a database schema for {{domain}} in {{dbType}}.
+
+Entities to model: {{entities}}
+
+Requirements:
+- Normalize to 3NF unless there's a documented performance reason to denormalize
+- Primary keys: {{pkStrategy}}
+- All tables must have: created_at, updated_at timestamps
+- Foreign key constraints with ON DELETE behavior specified
+- Indexes: primary key (auto), foreign keys, and {{indexColumns}}
+- Soft delete pattern where data must be auditable
+
+Provide:
+1. Entity-relationship description
+2. CREATE TABLE statements
+3. Explanation of relationships and cardinality
+4. Query for the most common access pattern: {{commonQuery}}`,
+    contextSchema: [
+      { key: "domain", label: "Domain / system name", type: "text", placeholder: "e-commerce order management" },
+      { key: "entities", label: "Entities (comma-separated)", type: "text", placeholder: "User, Order, Product, OrderItem" },
+      { key: "dbType", label: "Database", type: "select", options: ["PostgreSQL", "MySQL", "SQLite", "MongoDB"], default: "PostgreSQL" },
+      { key: "pkStrategy", label: "Primary key strategy", type: "select", options: ["UUID", "auto-increment integer", "ULID"], default: "UUID" },
+      { key: "indexColumns", label: "Columns to index", type: "text", placeholder: "email (unique), status, created_at" },
+      { key: "commonQuery", label: "Most common query", type: "text", placeholder: "Get all orders for a user with product details" }
+    ],
+    tags: ["database", "schema", "sql"],
+    version: "1.0.0"
+  },
+  {
+    id: "database/migration-script",
+    name: "Migration Script",
+    category: "database",
+    description: "Write a safe, reversible database migration",
+    template: `Write a database migration for {{description}} in {{migrationTool}}.
+
+Change: {{change}}
+
+Safety requirements:
+- The migration must be fully reversible (down() must exactly undo up())
+- No data loss without explicit confirmation comment
+- For large tables (>1M rows), use batched operations to avoid lock timeouts
+- If adding a NOT NULL column to an existing table, provide a backfill default
+- If renaming a column, do it in 3 steps: add new \u2192 backfill \u2192 remove old (separate migrations)
+- Test the rollback: does down() leave the schema identical to before up()?
+
+Also provide:
+- SQL preview of both up() and down()
+- Risk assessment: what breaks if this migration fails mid-way?`,
+    contextSchema: [
+      { key: "description", label: "Migration description", type: "text", placeholder: "Add email verification to users table" },
+      { key: "change", label: "Specific change", type: "text", placeholder: "Add verified_at TIMESTAMP NULL and verification_token VARCHAR(64)" },
+      { key: "migrationTool", label: "Migration tool", type: "select", options: ["Knex", "Flyway", "Liquibase", "Alembic", "Prisma", "TypeORM", "raw SQL"], default: "Knex" }
+    ],
+    tags: ["database", "migration", "sql"],
+    version: "1.0.0"
+  },
+  {
+    id: "database/orm-model",
+    name: "ORM Model",
+    category: "database",
+    description: "Define ORM models with relations, validations, and hooks",
+    template: `Define ORM models for {{entities}} in {{project.language}} using {{orm}}.
+
+For each entity provide:
+1. Model/schema definition with all fields, types, and constraints
+2. Relations: one-to-one, one-to-many, many-to-many with junction tables
+3. Indexes: primary key, unique constraints, compound indexes for common queries
+4. Hooks/middleware: {{hooks}}
+5. Virtual fields / computed properties
+6. Serialization: toJSON() that excludes sensitive fields (passwords, tokens)
+
+Entity descriptions:
+{{entityDescriptions}}
+
+Also provide:
+- Repository pattern wrapper with typed CRUD methods
+- Example of an eager-loaded query with nested relations
+- Explain your choice of cascade settings (ON DELETE behavior for each FK)`,
+    contextSchema: [
+      { key: "entities", label: "Entities to model", type: "text", placeholder: "User, Post, Comment, Tag" },
+      { key: "orm", label: "ORM / ODM", type: "select", options: ["Prisma", "TypeORM", "Drizzle", "Sequelize", "Mongoose", "SQLAlchemy"], default: "Prisma" },
+      { key: "hooks", label: "Lifecycle hooks needed", type: "text", placeholder: "hash password before save, set updatedAt, log deletes" },
+      { key: "entityDescriptions", label: "Entity descriptions", type: "text", placeholder: "User: has email, password hash, role. Post: belongs to User, has title, body, tags. Comment: belongs to Post and User." }
+    ],
+    tags: ["orm", "database", "prisma", "typeorm"],
+    version: "1.0.0"
+  },
+  {
+    id: "database/query-optimization",
+    name: "Query Optimization",
+    category: "database",
+    description: "Diagnose and optimize a slow database query",
+    template: `Diagnose and optimize the following slow {{dbType}} query.
+
+Query:
+{{query}}
+
+Context:
+- Table sizes: {{tableSizes}}
+- Current indexes: {{currentIndexes}}
+- Query execution time: {{currentTime}}
+- Called: {{callFrequency}}
+
+Analysis steps:
+1. **EXPLAIN / EXPLAIN ANALYZE** \u2014 interpret the query plan, identify sequential scans and high row estimates
+2. **Index recommendations** \u2014 which columns to index, composite index column order (selectivity first), partial index if applicable
+3. **Query rewrite** \u2014 can the same result be achieved with a more efficient query?
+4. **N+1 detection** \u2014 is this query inside a loop? Replace with a JOIN or subquery
+5. **Covering index** \u2014 can we avoid heap fetches by including all needed columns in the index?
+6. **Pagination** \u2014 if this is a list query, use cursor pagination not OFFSET for large tables
+
+Provide:
+- Optimized query
+- Index DDL statements
+- Expected improvement estimate
+- Trade-offs (write overhead for new indexes)`,
+    contextSchema: [
+      { key: "query", label: "Slow query (SQL or ORM)", type: "text", placeholder: "SELECT * FROM orders JOIN users ON ..." },
+      { key: "dbType", label: "Database", type: "select", options: ["PostgreSQL", "MySQL", "SQLite"], default: "PostgreSQL" },
+      { key: "tableSizes", label: "Table sizes", type: "text", placeholder: "orders: 2M rows, users: 50k rows" },
+      { key: "currentIndexes", label: "Current indexes", type: "text", placeholder: "PRIMARY KEY on id, INDEX on user_id" },
+      { key: "currentTime", label: "Current execution time", type: "text", placeholder: "3.2 seconds" },
+      { key: "callFrequency", label: "How often is it called?", type: "text", placeholder: "500 times/minute" }
+    ],
+    tags: ["database", "performance", "sql", "optimization"],
+    version: "1.0.0"
+  },
+  {
+    id: "database/seed-data",
+    name: "Seed Data",
+    category: "database",
+    description: "Write database seed scripts for development and testing",
+    template: `Write database seed scripts for {{project.language}} using {{orm}}.
+
+Entities to seed: {{entities}}
+
+Requirements:
+- Idempotent: running the seed twice must not create duplicates (upsert or check-before-insert)
+- Ordered: respect foreign key constraints (seed parent records before children)
+- Realistic data: use a faker library for names, emails, dates \u2014 no "Test User 1"
+- Separate seeds: one file per entity + a master seed that runs them in order
+- Environment-aware: dev seeds create {{devCount}} records; test seeds create minimal fixture data
+- Relationships: ensure seeded records form valid, queryable relationships
+
+For each entity provide:
+1. Factory function: \`createFakeUser(overrides?)\` for use in tests
+2. Bulk seed function that inserts N records efficiently (batch insert, not N queries)
+3. Teardown function to reset to a clean state in tests
+
+Include a seed for the default admin user with documented credentials.`,
+    contextSchema: [
+      { key: "entities", label: "Entities to seed", type: "text", placeholder: "User, Product, Category, Order" },
+      { key: "orm", label: "ORM / query builder", type: "select", options: ["Prisma", "Knex", "TypeORM", "Sequelize", "raw SQL"], default: "Prisma" },
+      { key: "devCount", label: "Records per entity in dev", type: "text", default: "50" }
+    ],
+    tags: ["database", "seed", "testing", "fixtures"],
+    version: "1.0.0"
+  },
+  // ── Testing ───────────────────────────────────────────────────────────────────
+  {
+    id: "testing/unit-test",
+    name: "Unit Test Suite",
+    category: "testing",
+    description: "Write a complete unit test suite for a function or class",
+    template: `Write a complete unit test suite for {{target}} in {{project.language}} using {{testFramework}}.
+
+Code to test:
+{{codeDescription}}
+
+Test cases to cover:
+1. Happy path: {{happyPath}}
+2. Edge cases: {{edgeCases}}
+3. Error cases: {{errorCases}}
+4. Boundary values
+
+Requirements:
+- Mock all external dependencies (database, HTTP, file system)
+- Each test should have one assertion focus (Arrange-Act-Assert)
+- Descriptive test names: "should [action] when [condition]"
+- Test data factories for complex inputs (don't inline large objects)
+- Coverage target: all branches + all exported functions
+{{#if (eq project.type "student")}}- Comments explaining what each describe block is testing and why{{/if}}`,
+    contextSchema: [
+      { key: "target", label: "Function/class to test", type: "text", placeholder: "UserService.createUser()" },
+      { key: "codeDescription", label: "Describe what it does", type: "text", placeholder: "Validates input, hashes password, saves to DB, sends welcome email" },
+      { key: "testFramework", label: "Test framework", type: "select", options: ["Jest", "Vitest", "Mocha", "pytest", "JUnit"], default: "Jest" },
+      { key: "happyPath", label: "Happy path", type: "text", placeholder: "valid input creates and returns user" },
+      { key: "edgeCases", label: "Edge cases", type: "text", placeholder: "duplicate email, empty name, very long input" },
+      { key: "errorCases", label: "Error cases", type: "text", placeholder: "DB failure, email service down" }
+    ],
+    tags: ["testing", "unit-test", "tdd"],
+    version: "1.0.0"
+  },
+  {
+    id: "testing/tdd-plan",
+    name: "TDD Plan",
+    category: "testing",
+    description: "Design a test-first implementation plan (London School TDD)",
+    template: `Design a TDD implementation plan for {{feature}} in {{project.language}}.
+
+Feature: {{description}}
+
+Follow London School TDD (outside-in, mock collaborators):
+
+1. Start with an acceptance test that describes the feature from the outside
+2. Identify the collaborators (dependencies) and mock them
+3. Write the first failing unit test
+4. Implement the minimum code to make it pass
+5. Refactor
+6. Repeat inward until the acceptance test passes
+
+Produce:
+- Acceptance test skeleton
+- Unit test skeletons for each layer (controller \u2192 service \u2192 repository)
+- Mock definitions for each boundary
+- Implementation order (outermost layer first)
+- Definition of Done: what must be true for this feature to be "complete"?`,
+    contextSchema: [
+      { key: "feature", label: "Feature name", type: "text", placeholder: "User login with JWT" },
+      { key: "description", label: "Feature description", type: "text", placeholder: "User provides email + password, receives JWT access token and refresh token" }
+    ],
+    tags: ["testing", "tdd", "london-school"],
+    version: "1.0.0"
+  },
+  {
+    id: "testing/integration-test",
+    name: "Integration Test",
+    category: "testing",
+    description: "Write integration tests against a real database or service",
+    template: `Write integration tests for {{target}} in {{project.language}} using {{testFramework}}.
+
+Test scope: {{scope}}
+
+Setup requirements:
+- Spin up a test database: {{dbSetup}}
+- Run migrations before the test suite; roll back (or truncate) after each test
+- No mocking of the database \u2014 test the full stack from service to DB
+- Use a dedicated test schema/database to never affect development data
+
+Test cases:
+{{testCases}}
+
+Test structure:
+- beforeAll: start test DB, run migrations
+- beforeEach: seed minimal required fixtures
+- afterEach: truncate tables (faster than re-migrating)
+- afterAll: close DB connection, stop test server
+
+Isolation: each test must be independent \u2014 never rely on state from a previous test
+
+Provide: test helpers for creating fixtures, a test DB configuration, and the test file.`,
+    contextSchema: [
+      { key: "target", label: "Feature to test", type: "text", placeholder: "User registration and login flow" },
+      { key: "scope", label: "Test scope", type: "text", placeholder: "POST /api/users and POST /api/auth/login" },
+      { key: "testFramework", label: "Test framework", type: "select", options: ["Jest", "Vitest", "pytest", "JUnit", "Go testing"], default: "Jest" },
+      { key: "dbSetup", label: "DB setup method", type: "select", options: ["Docker container", "SQLite in-memory", "test schema on dev DB", "Testcontainers"], default: "Docker container" },
+      { key: "testCases", label: "Test cases to cover", type: "text", placeholder: "successful registration, duplicate email, invalid password, login with wrong password" }
+    ],
+    tags: ["integration-test", "testing", "database"],
+    version: "1.0.0"
+  },
+  {
+    id: "testing/e2e-test",
+    name: "E2E Test Plan",
+    category: "testing",
+    description: "Create end-to-end tests for a user-facing flow",
+    template: `Write end-to-end tests for the {{flow}} flow using {{e2eFramework}}.
+
+User flow to test:
+{{flowDescription}}
+
+Test scenarios:
+1. **Happy path**: full successful flow with real user inputs
+2. **Validation errors**: missing fields, invalid formats \u2014 UI shows error messages
+3. **Server errors**: simulate network failure or 500 \u2014 UI shows error state
+4. **Edge cases**: {{edgeCases}}
+
+Requirements:
+- Use Page Object Model (POM) \u2014 separate UI interaction logic from test assertions
+- Never use \`sleep\` \u2014 use proper await conditions (element visible, network request complete)
+- Test IDs: use \`data-testid\` attributes on interactive elements, not CSS selectors or text
+- Viewport: test on {{viewports}}
+- Record a video / screenshot on failure for CI debugging
+
+For each scenario provide:
+- Page Object methods
+- Test steps in plain English then code
+- What to assert (not just "page loaded" but specific data visible)`,
+    contextSchema: [
+      { key: "flow", label: "User flow name", type: "text", placeholder: "Checkout" },
+      { key: "flowDescription", label: "Flow description", type: "text", placeholder: "User adds item to cart \u2192 enters shipping \u2192 pays \u2192 sees confirmation" },
+      { key: "e2eFramework", label: "E2E framework", type: "select", options: ["Playwright", "Cypress", "Selenium", "Puppeteer"], default: "Playwright" },
+      { key: "edgeCases", label: "Edge cases", type: "text", placeholder: "empty cart, expired payment card, address validation failure" },
+      { key: "viewports", label: "Viewports to test", type: "text", default: "desktop (1280x720) and mobile (390x844)" }
+    ],
+    tags: ["e2e", "testing", "playwright", "cypress"],
+    version: "1.0.0"
+  },
+  {
+    id: "testing/mock-strategy",
+    name: "Mock Strategy",
+    category: "testing",
+    description: "Design a consistent mocking strategy for a module or service",
+    template: `Design a mocking strategy for {{target}} in {{project.language}} using {{testFramework}}.
+
+Dependencies to mock: {{dependencies}}
+
+Strategy:
+1. **What to mock**: only cross-boundary dependencies (external APIs, databases, file system, time)
+2. **What NOT to mock**: internal modules, pure functions \u2014 test them for real
+3. **Mock fidelity**: mocks must have the same interface as the real thing \u2014 no drifting
+
+For each dependency provide:
+- Mock factory: a reusable function that returns a pre-configured mock
+- Default behavior: what the mock returns when not configured otherwise
+- Per-test override: how to configure specific behavior for edge case tests
+- Spy assertions: how to assert that the mock was called with the right arguments
+
+Patterns:
+- For HTTP: {{httpMockStrategy}}
+- For database: use an in-memory SQLite or a repository mock
+- For time: mock Date.now() / clock for deterministic tests
+- For env vars: use a test environment config, never modify process.env directly
+
+Provide the mock factory implementations and an example test using each mock.`,
+    contextSchema: [
+      { key: "target", label: "Module to write tests for", type: "text", placeholder: "PaymentService" },
+      { key: "dependencies", label: "Dependencies to mock", type: "text", placeholder: "Stripe SDK, UserRepository, EmailService, logger" },
+      { key: "testFramework", label: "Test framework", type: "select", options: ["Jest", "Vitest", "Sinon", "pytest-mock"], default: "Jest" },
+      { key: "httpMockStrategy", label: "HTTP mock strategy", type: "select", options: ["MSW (Mock Service Worker)", "nock", "jest.fn()", "fetch-mock"], default: "MSW (Mock Service Worker)" }
+    ],
+    tags: ["mocking", "testing", "jest", "strategy"],
+    version: "1.0.0"
+  },
+  {
+    id: "testing/api-test",
+    name: "API Test Suite",
+    category: "testing",
+    description: "Write tests for a REST API endpoint",
+    template: `Write a test suite for the {{endpoint}} API endpoint in {{project.language}} using {{testFramework}}.
+
+Endpoint: {{method}} {{route}}
+Expected behavior: {{behavior}}
+
+Test cases to cover:
+- **200/201**: valid request returns expected response shape
+- **400**: missing required fields, invalid types, constraint violations
+- **401**: missing/invalid/expired auth token
+- **403**: valid auth but insufficient permissions
+- **404**: resource does not exist
+- **409**: conflict (e.g., duplicate creation)
+- **500**: upstream failure (mock the DB/service to throw)
+
+For each test:
+1. Setup: create required DB fixtures
+2. Request: set headers, body, path params
+3. Assert: status code + response body shape + side effects (DB state, events emitted)
+4. Teardown: no side effects left for next test
+
+Provide: test server setup, auth helper (create + login test user), and request helpers.`,
+    contextSchema: [
+      { key: "endpoint", label: "Endpoint to test", type: "text", placeholder: "Create Order" },
+      { key: "method", label: "HTTP method", type: "select", options: ["GET", "POST", "PUT", "PATCH", "DELETE"], default: "POST" },
+      { key: "route", label: "Route", type: "text", placeholder: "/api/orders" },
+      { key: "behavior", label: "What it should do", type: "text", placeholder: "Creates an order, deducts inventory, sends confirmation email" },
+      { key: "testFramework", label: "Test framework", type: "select", options: ["Jest + Supertest", "Vitest + Supertest", "pytest + requests", "Rest Assured"], default: "Jest + Supertest" }
+    ],
+    tags: ["api-testing", "testing", "rest", "supertest"],
+    version: "1.0.0"
+  },
+  // ── DevOps ────────────────────────────────────────────────────────────────────
+  {
+    id: "devops/dockerfile",
+    name: "Dockerfile",
+    category: "devops",
+    description: "Write an optimized multi-stage Dockerfile",
+    template: `Write an optimized multi-stage Dockerfile for a {{project.language}} application{{#if project.framework}} using {{project.framework}}{{/if}}.
+
+App type: {{appType}}
+Port: {{port}}
+
+Requirements:
+- Multi-stage: builder stage + minimal runtime stage
+- Use the smallest viable base image (alpine or distroless)
+- Run as a non-root user
+- Layer cache optimization: copy package files + install before copying source
+- .dockerignore to exclude node_modules, .env, .git, test files
+- Health check endpoint: {{healthCheck}}
+- Build args for environment (dev/staging/prod)
+- Environment variables documented with ENV defaults
+
+Also provide the .dockerignore and a docker-compose.yml for local development with a database service.`,
+    contextSchema: [
+      { key: "appType", label: "App type", type: "select", options: ["web server", "worker/background job", "CLI tool"], default: "web server" },
+      { key: "port", label: "Exposed port", type: "text", default: "3000" },
+      { key: "healthCheck", label: "Health check path", type: "text", placeholder: "/api/health", default: "/health" }
+    ],
+    tags: ["docker", "devops", "deployment"],
+    version: "1.0.0"
+  },
+  {
+    id: "devops/github-action",
+    name: "GitHub Actions CI",
+    category: "devops",
+    description: "Create a CI/CD pipeline with GitHub Actions",
+    template: `Create a GitHub Actions CI/CD workflow for a {{project.language}} project.
+
+Pipeline stages: {{stages}}
+
+Requirements:
+- Trigger: push to main + all pull requests
+- Cache: dependency cache (npm/pip/maven) keyed to lock file hash
+- Matrix: test on Node {{nodeVersions}} (if applicable)
+- Fail fast: if linting fails, don't run tests
+- PR checks: lint, type-check, test, coverage threshold ({{coverageThreshold}}%)
+- Deploy job: runs only on push to main, requires all checks to pass
+- Secrets: never echo secrets; use GitHub Secrets for API keys
+- Notifications: comment on PR with test results summary
+
+Deploy target: {{deployTarget}}`,
+    contextSchema: [
+      { key: "stages", label: "Pipeline stages", type: "text", default: "lint, type-check, test, build, deploy" },
+      { key: "nodeVersions", label: "Node versions to test", type: "text", default: "20, 22" },
+      { key: "coverageThreshold", label: "Coverage threshold (%)", type: "text", default: "80" },
+      { key: "deployTarget", label: "Deploy target", type: "select", options: ["Vercel", "Railway", "AWS ECS", "Fly.io", "none"], default: "none" }
+    ],
+    tags: ["ci-cd", "github-actions", "devops"],
+    version: "1.0.0"
+  },
+  {
+    id: "devops/env-config",
+    name: "Environment Config",
+    category: "devops",
+    description: "Design environment variable management across dev/staging/prod",
+    template: `Design environment configuration management for a {{project.language}} project.
+
+Environments: {{environments}}
+Config values needed: {{configValues}}
+
+Requirements:
+1. **Schema validation on startup**: use a schema (Zod/Joi/env-schema) to validate all required env vars at boot \u2014 fail fast with a clear message listing missing vars
+2. **Type safety**: typed config object derived from validated env vars \u2014 no raw process.env in business logic
+3. **Secrets vs config**: distinguish between secrets (API keys, DB passwords) and non-secret config (port, log level)
+4. **Local development**: .env.example with all required vars documented but no real values; .env is git-ignored
+5. **Environment hierarchy**: .env < .env.local < .env.{NODE_ENV} (explain override order)
+6. **CI/CD**: document which vars go in GitHub Secrets vs non-secret CI variables
+
+File structure to create:
+- \`config/env.ts\` \u2014 schema + validation + typed export
+- \`.env.example\` \u2014 all vars with placeholder values and comments
+- CI environment setup instructions
+
+Never log environment variables, even in debug mode.`,
+    contextSchema: [
+      { key: "environments", label: "Environments", type: "text", default: "development, test, staging, production" },
+      { key: "configValues", label: "Config values needed", type: "text", placeholder: "DATABASE_URL, JWT_SECRET, SMTP_HOST, REDIS_URL, PORT, LOG_LEVEL" }
+    ],
+    tags: ["config", "environment", "devops", "security"],
+    version: "1.0.0"
+  },
+  {
+    id: "devops/monitoring",
+    name: "Monitoring Setup",
+    category: "devops",
+    description: "Add application monitoring, logging, and alerting",
+    template: `Design a monitoring and observability setup for a {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}} application.
+
+Stack: {{monitoringStack}}
+
+The three pillars of observability:
+
+**1. Logging**
+- Structured JSON logs with: timestamp, level, requestId, userId, duration, error
+- Log levels: ERROR (alerts), WARN (investigate), INFO (audit trail), DEBUG (dev only)
+- Never log: passwords, tokens, PII, full request/response bodies
+- Correlation ID: propagate through all async operations and service calls
+
+**2. Metrics**
+- Key metrics to track: {{metrics}}
+- USE method for each service: Utilization, Saturation, Errors
+- Expose a /metrics endpoint in Prometheus format
+
+**3. Traces**
+- Distributed tracing across: {{services}}
+- Trace: HTTP request \u2192 service \u2192 DB query \u2192 external API call
+- Sampling: 100% in dev, {{traceSampling}}% in production
+
+Alerting rules:
+- P99 latency > 2s \u2192 page oncall
+- Error rate > 1% \u2192 alert
+- Disk > 85% \u2192 warning
+
+Provide: logger setup, middleware instrumentation, and health check endpoint.`,
+    contextSchema: [
+      { key: "monitoringStack", label: "Monitoring stack", type: "select", options: ["Datadog", "Grafana + Prometheus", "New Relic", "AWS CloudWatch", "OpenTelemetry (vendor-neutral)"], default: "OpenTelemetry (vendor-neutral)" },
+      { key: "metrics", label: "Key metrics", type: "text", default: "request rate, error rate, p50/p95/p99 latency, DB pool usage" },
+      { key: "services", label: "Services to trace", type: "text", placeholder: "API server, PostgreSQL, Redis, Stripe API" },
+      { key: "traceSampling", label: "Trace sampling % in production", type: "text", default: "10" }
+    ],
+    tags: ["monitoring", "logging", "observability", "devops"],
+    version: "1.0.0"
+  },
+  {
+    id: "devops/deploy-checklist",
+    name: "Deploy Checklist",
+    category: "devops",
+    description: "Generate a pre-deployment and rollback checklist",
+    template: `Generate a deployment checklist for {{project.name}} deploying to {{environment}}.
+
+Change being deployed: {{changeDescription}}
+Deploy method: {{deployMethod}}
+
+**Pre-deploy checklist**
+- [ ] All tests pass (unit, integration, E2E)
+- [ ] Migration plan reviewed (is it backward-compatible with current production code?)
+- [ ] Feature flags in place for risky changes
+- [ ] Runbook updated for new operational behavior
+- [ ] On-call engineer notified of deploy window
+- [ ] Rollback procedure documented and tested
+- [ ] Dependencies updated and audited for CVEs
+- [ ] Performance tested under production-like load if traffic-path change
+
+**During deploy**
+- [ ] Deploy to staging first; smoke test critical paths
+- [ ] Monitor error rate and p99 latency during rollout
+- [ ] Watch for increased DB CPU / slow queries from migrations
+
+**Post-deploy verification**
+- [ ] Health check endpoints return 200
+- [ ] Run smoke test against production: {{smokeTests}}
+- [ ] Verify new feature works as expected in production
+
+**Rollback procedure for {{deployMethod}}**:
+{{rollbackSteps}}
+
+**Estimated deploy risk**: {{riskLevel}} \u2014 based on scope of change`,
+    contextSchema: [
+      { key: "environment", label: "Target environment", type: "select", options: ["staging", "production", "canary"], default: "production" },
+      { key: "changeDescription", label: "What is being deployed", type: "text", placeholder: "New checkout flow with Stripe integration" },
+      { key: "deployMethod", label: "Deploy method", type: "select", options: ["blue/green", "rolling update", "canary", "in-place"], default: "rolling update" },
+      { key: "smokeTests", label: "Post-deploy smoke tests", type: "text", placeholder: "login, create order, view dashboard" },
+      { key: "rollbackSteps", label: "Rollback steps", type: "text", placeholder: "git revert + redeploy, then run down migrations" },
+      { key: "riskLevel", label: "Risk level", type: "select", options: ["low", "medium", "high", "critical"], default: "medium" }
+    ],
+    tags: ["deployment", "devops", "checklist", "release"],
+    version: "1.0.0"
+  },
+  // ── Academic ──────────────────────────────────────────────────────────────────
+  {
+    id: "academic/complexity-analysis",
+    name: "Complexity Analysis",
+    category: "academic",
+    description: "Analyze time and space complexity of an algorithm",
+    template: `Analyze the time and space complexity of the following algorithm in {{project.language}}.
+
+Algorithm: {{algorithm}}
+Code:
+{{code}}
+
+Provide:
+1. **Time complexity** \u2014 worst case, best case, average case with Big-O notation
+2. **Space complexity** \u2014 auxiliary space used (excluding input)
+3. **Step-by-step derivation** \u2014 show how you counted operations, don't just state the answer
+4. **Dominant terms** \u2014 which loops/recursion drives the complexity?
+5. **Comparison** \u2014 is there a known better algorithm for this problem? What is its complexity?
+6. **When it matters** \u2014 at what input size (n) does this become a problem in practice?
+
+Use concrete examples: for n=10, n=1000, n=1,000,000 \u2014 approximately how many operations?`,
+    contextSchema: [
+      { key: "algorithm", label: "Algorithm name", type: "text", placeholder: "Bubble sort" },
+      { key: "code", label: "Paste your code here", type: "text", placeholder: "def bubble_sort(arr): ..." }
+    ],
+    tags: ["complexity", "big-o", "academic", "algorithms"],
+    version: "1.0.0"
+  },
+  {
+    id: "academic/algorithm-explain",
+    name: "Algorithm Explanation",
+    category: "academic",
+    description: "Get a step-by-step explanation of an algorithm",
+    template: `Explain the {{algorithm}} algorithm to a {{project.studentLevel}} computer science student.
+
+Structure the explanation as:
+1. **Problem it solves** \u2014 one sentence, concrete
+2. **Intuition** \u2014 explain the core idea without code (analogy or visual)
+3. **Step-by-step walkthrough** \u2014 trace through this example: {{example}}
+4. **Pseudocode** \u2014 language-agnostic, focusing on logic not syntax
+5. **Implementation in {{project.language}}** \u2014 clean, commented code
+6. **Complexity** \u2014 time and space, with brief justification
+7. **When to use it** \u2014 and when NOT to use it (what's the alternative?)
+8. **Defense question** \u2014 "What would a professor ask you about this?"
+
+Use concrete numbers, not vague descriptions. Show the state of data structures at each step.`,
+    contextSchema: [
+      { key: "algorithm", label: "Algorithm name", type: "text", placeholder: "Binary search" },
+      { key: "example", label: "Concrete example input", type: "text", placeholder: "array [1, 3, 5, 7, 9], searching for 7" }
+    ],
+    tags: ["algorithms", "explanation", "academic"],
+    version: "1.0.0"
+  },
+  {
+    id: "academic/design-pattern",
+    name: "Design Pattern",
+    category: "academic",
+    description: "Explain and implement a design pattern",
+    template: `Explain the {{pattern}} design pattern to a {{project.studentLevel}} developer and implement it in {{project.language}}.
+
+Include:
+1. **Category** \u2014 Creational, Structural, or Behavioral
+2. **Problem it solves** \u2014 what goes wrong without it?
+3. **Structure** \u2014 participants, their roles, and relationships
+4. **Implementation** \u2014 complete {{project.language}} code for {{useCase}}
+5. **Before vs. After** \u2014 show the messy code it replaces
+6. **Trade-offs** \u2014 when to use it vs. when it's overkill
+7. **Real-world examples** \u2014 name 2 places this is used in popular frameworks/libraries
+8. **Common mistakes** \u2014 what do beginners misunderstand?
+{{#if (eq project.type "student")}}9. **Defense question** \u2014 "What would your professor ask?"{{/if}}`,
+    contextSchema: [
+      { key: "pattern", label: "Pattern name", type: "text", placeholder: "Observer" },
+      { key: "useCase", label: "Your specific use case", type: "text", placeholder: "event system for a game where multiple UI components react to game state changes" }
+    ],
+    tags: ["design-patterns", "oop", "academic"],
+    version: "1.0.0"
+  },
+  {
+    id: "academic/pseudocode-to-code",
+    name: "Pseudocode to Code",
+    category: "academic",
+    description: "Translate pseudocode or a description into working code",
+    template: `Translate the following pseudocode/description into working {{project.language}} code.
+
+Pseudocode:
+{{pseudocode}}
+
+Requirements:
+- Implement exactly what the pseudocode describes \u2014 no extra features
+- Variable and function names should be descriptive, not p1, p2, x, y
+- Handle edge cases mentioned in the pseudocode
+- Add type annotations (for typed languages)
+
+After the implementation, provide:
+1. **What it does** \u2014 one sentence
+2. **Example run** \u2014 trace through with: {{example}}
+3. **Edge cases handled** \u2014 what happens with empty input, negative numbers, etc.
+4. **What a student should be able to explain** \u2014 3 specific questions a professor might ask`,
+    contextSchema: [
+      { key: "pseudocode", label: "Your pseudocode or description", type: "text", placeholder: "function fibonacci(n):\n  if n <= 1 return n\n  return fibonacci(n-1) + fibonacci(n-2)" },
+      { key: "example", label: "Example input to trace", type: "text", placeholder: "fibonacci(5)" }
+    ],
+    tags: ["pseudocode", "implementation", "academic"],
+    version: "1.0.0"
+  },
+  {
+    id: "academic/data-structure",
+    name: "Data Structure Guide",
+    category: "academic",
+    description: "Deep explanation and implementation of a data structure",
+    template: `Explain the {{dataStructure}} data structure to a {{project.studentLevel}} student and implement it in {{project.language}}.
+
+Structure the guide:
+1. **What problem does it solve?** \u2014 why does this structure exist? What's awkward without it?
+2. **Mental model** \u2014 the simplest analogy (physical world or everyday experience)
+3. **Anatomy** \u2014 the key components: nodes, pointers, invariants that must always hold
+4. **Core operations** with complexity:
+   - Insert: how + O(?)
+   - Delete: how + O(?)
+   - Search/Access: how + O(?)
+   - Any structure-specific operations (e.g., push/pop, enqueue/dequeue, heapify)
+5. **Full implementation in {{project.language}}** \u2014 including all core operations
+6. **Step-by-step trace** \u2014 walk through this example: {{example}}
+7. **When to use it** \u2014 and the alternatives (what data structure competes with it and when?)
+8. **Common bugs** \u2014 what mistakes do beginners make when implementing it?
+{{#if (eq project.type "student")}}9. **Defense questions** \u2014 3 questions a professor would ask{{/if}}`,
+    contextSchema: [
+      { key: "dataStructure", label: "Data structure", type: "text", placeholder: "Binary Search Tree" },
+      { key: "example", label: "Example to trace through", type: "text", placeholder: "Insert 5, 3, 7, 1, 4 then delete 3" }
+    ],
+    tags: ["data-structures", "academic", "algorithms"],
+    version: "1.0.0"
+  },
+  {
+    id: "academic/system-design",
+    name: "System Design",
+    category: "academic",
+    description: "Walk through a simplified system design problem",
+    template: `Walk through a system design for {{system}} appropriate for a {{project.studentLevel}} student.
+
+Scale requirements: {{scale}}
+Key features: {{features}}
+
+Structure (adapted for student level):
+
+**1. Requirements clarification**
+- Functional requirements: what the system must do
+- Non-functional requirements: scale, availability, consistency needs
+
+**2. Capacity estimation**
+- Traffic: {{scale}} \u2014 requests/second estimate
+- Storage: data size estimate for 1 year
+- Bandwidth: read vs write ratio
+
+**3. High-level design**
+- Components and their responsibilities
+- Data flow diagram (describe in text/ASCII)
+- Database choice and why (SQL vs NoSQL for this use case)
+
+**4. Deep dive on the hardest part**
+- The component with the most design decisions: {{hardestPart}}
+- Trade-offs made and why
+
+**5. Bottlenecks and scaling**
+- Where will this break first as scale increases?
+- One solution for each bottleneck
+
+**6. What you'd do differently with more time**
+
+Keep explanations concrete \u2014 use numbers, not vague terms like "a lot of traffic".`,
+    contextSchema: [
+      { key: "system", label: "System to design", type: "text", placeholder: "URL shortener like bit.ly" },
+      { key: "scale", label: "Scale", type: "text", placeholder: "1M URLs created/day, 100M redirects/day" },
+      { key: "features", label: "Key features", type: "text", placeholder: "shorten URL, redirect, track click analytics, expiry" },
+      { key: "hardestPart", label: "Hardest design part", type: "text", placeholder: "generating unique short codes at high write volume" }
+    ],
+    tags: ["system-design", "architecture", "academic", "interview"],
+    version: "1.0.0"
+  },
+  {
+    id: "academic/recursion",
+    name: "Recursion Explained",
+    category: "academic",
+    description: "Visual explanation of recursive thinking and implementation",
+    template: `Explain recursive thinking and solve {{problem}} recursively in {{project.language}}.
+
+Level: {{project.studentLevel}}
+
+Structure:
+1. **The core idea** \u2014 base case + recursive case in plain language (before any code)
+2. **The call stack** \u2014 draw (in ASCII) the call stack for this input: {{example}}
+   - Show each frame: function name, parameters, return value
+   - Show when frames are popped (where the "magic" happens)
+3. **Implementation** \u2014 clean recursive solution with comments on WHY each line exists
+4. **Trace table** \u2014 step-by-step execution for {{example}}
+5. **Common mistakes**:
+   - Forgetting the base case (infinite recursion)
+   - Wrong return value
+   - Mutating shared state across calls
+6. **Memoization** \u2014 if this has overlapping subproblems, show the memoized version
+7. **Iterative equivalent** \u2014 rewrite using a stack/loop; explain the trade-off
+8. **Complexity** \u2014 time and space, including call stack space
+
+The "aha moment": recursive functions trust that the recursive call works \u2014 just define what the function does for one case.`,
+    contextSchema: [
+      { key: "problem", label: "Problem to solve recursively", type: "text", placeholder: "merge sort" },
+      { key: "example", label: "Example input to trace", type: "text", placeholder: "[5, 2, 8, 1, 9]" }
+    ],
+    tags: ["recursion", "algorithms", "academic"],
+    version: "1.0.0"
+  },
+  {
+    id: "academic/sorting",
+    name: "Sorting Algorithms",
+    category: "academic",
+    description: "Compare sorting algorithms and implement the right one for the use case",
+    template: `Compare sorting algorithms and implement the best one for {{useCase}} in {{project.language}}.
+
+Constraint: {{constraint}}
+
+Comparison table for the algorithms most relevant to this use case:
+
+| Algorithm | Best | Average | Worst | Space | Stable? | When to use |
+|-----------|------|---------|-------|-------|---------|-------------|
+(fill in for: bubble, insertion, selection, merge, quick, heap, counting, radix \u2014 only include the ones relevant to {{useCase}})
+
+**For {{useCase}}, the best choice is {{algorithm}} because:**
+- [Justify based on constraints and data properties]
+
+**Full implementation in {{project.language}}:**
+- The algorithm with comments
+- Step-by-step trace on: {{example}}
+
+**When the built-in sort beats everything:**
+- Language built-in sorts (Array.sort, sorted(), Collections.sort) are highly optimized
+- Only roll your own when you need: stable sort with custom comparator, partial sort, or external sort
+
+**Debugging tip:** write a test that verifies: sorted output matches Array.from(input).sort()`,
+    contextSchema: [
+      { key: "useCase", label: "Use case / constraint", type: "text", placeholder: "sorting 10k user records by last name" },
+      { key: "constraint", label: "Key constraint", type: "text", placeholder: "must be stable (preserve original order of ties), memory limited" },
+      { key: "example", label: "Example input", type: "text", placeholder: "[64, 25, 12, 22, 11]" }
+    ],
+    tags: ["sorting", "algorithms", "academic", "complexity"],
+    version: "1.0.0"
+  },
+  // ── Review ────────────────────────────────────────────────────────────────────
+  {
+    id: "review/code-review",
+    name: "Code Review",
+    category: "review",
+    description: "Full code review for correctness, style, and best practices",
+    template: `Perform a thorough code review of the following {{project.language}} code.
+
+Context: {{context}}
+
+Code:
+{{code}}
+
+Review dimensions:
+1. **Correctness** \u2014 does it do what it claims? Are there bugs?
+2. **Edge cases** \u2014 what inputs would break it?
+3. **Security** \u2014 injection, auth bypass, data exposure, secret leaks
+4. **Performance** \u2014 O(n\xB2) loops, N+1 queries, unnecessary allocations
+5. **Readability** \u2014 naming, structure, comments (are they accurate?)
+6. **Testability** \u2014 is it easy to unit test? Hard dependencies?
+7. **Maintainability** \u2014 what breaks when requirements change?
+{{#if isStudent}}8. **Academic integrity** \u2014 does the complexity match a {{project.studentLevel}} student? Could they explain every line?{{/if}}
+
+Format: severity [CRITICAL|MAJOR|MINOR|NIT] + file:line + explanation + suggested fix`,
+    contextSchema: [
+      { key: "code", label: "Code to review", type: "text", placeholder: "Paste your code here..." },
+      { key: "context", label: "Context / what it does", type: "text", placeholder: "Authentication service for a REST API" },
+      { key: "isStudent", label: "Academic integrity check?", type: "boolean", default: false }
+    ],
+    tags: ["code-review", "review", "quality"],
+    version: "1.0.0"
+  },
+  {
+    id: "review/security-audit",
+    name: "Security Audit",
+    category: "review",
+    description: "Security audit for OWASP Top 10 vulnerabilities",
+    template: `Perform a security audit of the following {{project.language}} code{{#if project.framework}} using {{project.framework}}{{/if}}.
+
+Code / feature: {{description}}
+
+Check for OWASP Top 10 and beyond:
+1. **Injection** \u2014 SQL, NoSQL, command, LDAP injection
+2. **Broken Authentication** \u2014 weak sessions, token storage, password policies
+3. **Sensitive Data Exposure** \u2014 PII in logs, unencrypted data at rest/transit
+4. **Broken Access Control** \u2014 missing authorization checks, IDOR
+5. **Security Misconfiguration** \u2014 default creds, verbose errors, open CORS
+6. **XSS** \u2014 reflected, stored, DOM-based
+7. **CSRF** \u2014 state-changing requests without CSRF tokens
+8. **Insecure Dependencies** \u2014 known CVEs in dependencies
+9. **Insufficient Logging** \u2014 failed logins, privilege changes not logged
+
+For each finding: [CRITICAL|HIGH|MEDIUM|LOW] + attack vector + proof-of-concept + remediation`,
+    contextSchema: [
+      { key: "description", label: "Feature / code to audit", type: "text", placeholder: "User authentication and session management" }
+    ],
+    tags: ["security", "audit", "owasp"],
+    version: "1.0.0"
+  },
+  {
+    id: "review/performance-review",
+    name: "Performance Review",
+    category: "review",
+    description: "Profile and identify performance bottlenecks in code",
+    template: `Review the following {{project.language}} code for performance issues.
+
+Context: {{context}}
+Code:
+{{code}}
+
+Analysis dimensions:
+1. **Algorithmic complexity** \u2014 is there a better algorithm? O(n\xB2) hidden in innocent-looking code?
+2. **Database** \u2014 N+1 queries, missing indexes, fetching more columns/rows than needed
+3. **Memory** \u2014 large allocations, memory leaks (unclosed streams, retained event listeners), unintended object retention
+4. **CPU** \u2014 blocking the event loop (Node.js), synchronous I/O, excessive JSON serialization
+5. **Network** \u2014 unnecessary round trips, large payloads, missing compression, no caching headers
+6. **Render performance** (if frontend) \u2014 unnecessary re-renders, missing memoization, layout thrashing
+
+For each finding:
+- [CRITICAL|HIGH|MEDIUM|LOW] severity
+- What is slow and why
+- Profiling technique to confirm: how to measure it
+- Optimized code or approach
+- Expected improvement magnitude
+
+Profiling tip: measure first, optimize second. Profile with realistic data sizes, not toy examples.`,
+    contextSchema: [
+      { key: "code", label: "Code to review", type: "text", placeholder: "Paste the code or describe the function..." },
+      { key: "context", label: "Context (what the code does, current perf numbers)", type: "text", placeholder: "Endpoint that lists orders, takes 3s at 10k orders" }
+    ],
+    tags: ["performance", "profiling", "review", "optimization"],
+    version: "1.0.0"
+  },
+  {
+    id: "review/accessibility-audit",
+    name: "Accessibility Audit",
+    category: "review",
+    description: "Audit UI code for WCAG 2.1 accessibility compliance",
+    template: `Perform an accessibility audit of the following {{project.language}} UI code.
+
+Component/page: {{componentDescription}}
+Code:
+{{code}}
+
+Check against WCAG 2.1 Level AA:
+
+**Perceivable**
+- [ ] Images have descriptive alt text (or alt="" if decorative)
+- [ ] Color contrast ratio \u2265 4.5:1 for normal text, 3:1 for large text
+- [ ] Content not conveyed by color alone
+- [ ] Videos have captions
+
+**Operable**
+- [ ] All functionality reachable by keyboard (Tab, Enter, Space, Arrow keys)
+- [ ] No keyboard traps (user can always Tab out)
+- [ ] Visible focus indicator on interactive elements
+- [ ] No content that flashes > 3 times/second
+
+**Understandable**
+- [ ] Form inputs have visible labels (not just placeholder)
+- [ ] Error messages identify which field and how to fix it
+- [ ] Language attribute set on <html>
+
+**Robust**
+- [ ] Semantic HTML (button not div for clicks, nav/main/header landmarks)
+- [ ] ARIA used correctly (role, aria-label, aria-describedby, aria-live)
+- [ ] Works with screen reader (NVDA/VoiceOver mental walkthrough)
+
+For each issue: [CRITICAL|MAJOR|MINOR] + specific element + WCAG criterion + fix.`,
+    contextSchema: [
+      { key: "code", label: "UI code to audit", type: "text", placeholder: "Paste the component or HTML here..." },
+      { key: "componentDescription", label: "What the component does", type: "text", placeholder: "Login form with email and password fields" }
+    ],
+    tags: ["accessibility", "wcag", "a11y", "review"],
+    version: "1.0.0"
+  },
+  {
+    id: "review/api-design",
+    name: "API Design Review",
+    category: "review",
+    description: "Review REST API design for consistency and best practices",
+    template: `Review the following API design for {{project.name}}.
+
+API endpoints:
+{{endpoints}}
+
+Review dimensions:
+
+**Naming & Structure**
+- [ ] Resources are nouns, not verbs (/users not /getUsers)
+- [ ] Consistent pluralization (/users/{id}/orders not mixed)
+- [ ] Nested resources max 2 levels deep
+- [ ] Query params for filtering/sorting, path params for identity
+
+**HTTP Semantics**
+- [ ] Correct HTTP methods (GET=read, POST=create, PUT=replace, PATCH=partial, DELETE=remove)
+- [ ] Idempotent operations use PUT/DELETE correctly
+- [ ] Correct status codes (201 for create, 204 for no-body delete, 409 for conflict)
+
+**Request/Response**
+- [ ] Consistent response envelope (data, meta, errors)
+- [ ] Pagination: cursor-based preferred; always include total count and nextCursor
+- [ ] Error shape: { error: { code, message, details? } }
+- [ ] Versioning strategy (URI v1 vs Accept header)
+
+**Security**
+- [ ] No sensitive data in URLs (tokens, passwords, PII)
+- [ ] Rate limiting headers documented
+- [ ] Auth scheme documented (Bearer JWT)
+
+For each issue: severity + endpoint + what's wrong + suggested fix.`,
+    contextSchema: [
+      { key: "endpoints", label: "API endpoints to review", type: "text", placeholder: "GET /getUsers, POST /createOrder/:id, DELETE /user?id=123" }
+    ],
+    tags: ["api", "rest", "design", "review"],
+    version: "1.0.0"
+  },
+  // ── General ───────────────────────────────────────────────────────────────────
+  {
+    id: "general/refactor",
+    name: "Refactor Plan",
+    category: "general",
+    description: "Plan a safe, incremental refactoring",
+    template: `Plan a safe refactoring of {{target}} in {{project.language}}.
+
+Current problem: {{problem}}
+Goal: {{goal}}
+
+Produce a step-by-step refactoring plan where each step:
+- Is independently deployable (the codebase works after each step)
+- Has a clear rollback path
+- Can be reviewed in a small PR
+
+Steps should cover:
+1. Add tests to cover current behavior (before changing anything)
+2. Incremental structural changes
+3. Rename/move phase
+4. Cleanup phase (remove dead code)
+
+Also flag: which step has the highest risk of regression, and how to detect it?`,
+    contextSchema: [
+      { key: "target", label: "What to refactor", type: "text", placeholder: "UserController (God class with 800 lines)" },
+      { key: "problem", label: "Current problem", type: "text", placeholder: "All user logic is in one file, hard to test, one class does too much" },
+      { key: "goal", label: "Goal after refactoring", type: "text", placeholder: "Split into UserService, UserRepository, UserValidator with clear responsibilities" }
+    ],
+    tags: ["refactoring", "code-quality", "general"],
+    version: "1.0.0"
+  },
+  {
+    id: "general/debug-session",
+    name: "Debug Session",
+    category: "general",
+    description: "Structured debugging guide for a bug or unexpected behavior",
+    template: `Guide me through debugging the following issue in {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}.
+
+Bug description: {{bugDescription}}
+
+Symptom: {{symptom}}
+Expected: {{expected}}
+Actual: {{actual}}
+
+Apply the scientific debugging method:
+1. **Hypothesis** \u2014 what are the 3 most likely root causes?
+2. **Observation points** \u2014 where to add logging/breakpoints to confirm/deny each hypothesis
+3. **Bisection** \u2014 how to narrow the problem to the smallest failing case
+4. **Common traps** \u2014 async timing issues, mutation bugs, off-by-one, encoding issues related to this symptom
+5. **Fix** \u2014 once root cause is identified, what's the minimal fix?
+6. **Prevention** \u2014 what test would have caught this before it shipped?`,
+    contextSchema: [
+      { key: "bugDescription", label: "Bug description", type: "text", placeholder: "Login fails silently for users with special characters in their email" },
+      { key: "symptom", label: "Symptom", type: "text", placeholder: "POST /login returns 200 but no token is returned" },
+      { key: "expected", label: "Expected behavior", type: "text", placeholder: 'Returns { token: "..." } and redirects to dashboard' },
+      { key: "actual", label: "Actual behavior", type: "text", placeholder: "Returns { } and shows a blank page" }
+    ],
+    tags: ["debugging", "bug", "general"],
+    version: "1.0.0"
+  },
+  {
+    id: "general/documentation",
+    name: "Documentation",
+    category: "general",
+    description: "Generate developer documentation for code or a system",
+    template: `Write developer documentation for {{target}} in {{project.language}}.
+
+Type of documentation needed: {{docType}}
+
+Code/system description: {{description}}
+
+Documentation should include:
+- **Overview** \u2014 what it is, what problem it solves, who uses it
+- **Quick start** \u2014 minimum code to get it working in 3 minutes
+- **API reference** \u2014 every public function/method: signature, parameters, return value, throws
+- **Examples** \u2014 at least 3 realistic usage examples
+- **Configuration** \u2014 all options, their types, defaults, and effects
+- **Common errors** \u2014 top 5 errors users hit and how to fix them
+- **Architecture note** \u2014 key design decisions and why
+
+Tone: peer developer, not corporate. Assume they can read code but don't know YOUR code.`,
+    contextSchema: [
+      { key: "target", label: "What to document", type: "text", placeholder: "BrainForgeClient npm package" },
+      { key: "description", label: "What it does", type: "text", placeholder: "A client library for the BrainForge AI API" },
+      { key: "docType", label: "Documentation type", type: "select", options: ["README", "API reference", "tutorial", "architecture doc"], default: "README" }
+    ],
+    tags: ["documentation", "readme", "general"],
+    version: "1.0.0"
+  },
+  {
+    id: "general/architecture-decision",
+    name: "Architecture Decision Record",
+    category: "general",
+    description: "Document a technical decision as a structured ADR",
+    template: `Write an Architecture Decision Record (ADR) for the following decision in {{project.name}}.
+
+Decision: {{decision}}
+Date: today
+
+# ADR: {{decision}}
+
+## Status
+Proposed
+
+## Context
+{{context}}
+
+What is the problem or opportunity that requires a decision? What forces are at play (technical constraints, team skills, budget, deadlines)?
+
+## Decision
+We will {{chosenOption}}.
+
+## Options Considered
+
+**Option A: {{optionA}}**
+- Pros: [analyze]
+- Cons: [analyze]
+- Risk: [what could go wrong]
+
+**Option B: {{optionB}}**
+- Pros: [analyze]
+- Cons: [analyze]
+- Risk: [what could go wrong]
+
+{{#if optionC}}**Option C: {{optionC}}**
+- Pros: [analyze]
+- Cons: [analyze]{{/if}}
+
+## Rationale
+Why {{chosenOption}} over the alternatives. Be specific \u2014 reference the context forces.
+
+## Consequences
+**Positive:** what gets better
+**Negative:** what gets harder or costs more
+**Neutral:** things that change but are neither better nor worse
+
+## Review Trigger
+This decision should be revisited if: {{reviewTrigger}}`,
+    contextSchema: [
+      { key: "decision", label: "Decision to document", type: "text", placeholder: "Use PostgreSQL instead of MongoDB for primary data store" },
+      { key: "context", label: "Context / problem", type: "text", placeholder: "We need to choose a database before starting the data layer" },
+      { key: "chosenOption", label: "Chosen option", type: "text", placeholder: "PostgreSQL" },
+      { key: "optionA", label: "Option A", type: "text", placeholder: "PostgreSQL" },
+      { key: "optionB", label: "Option B", type: "text", placeholder: "MongoDB" },
+      { key: "optionC", label: "Option C (optional)", type: "text", placeholder: "DynamoDB" },
+      { key: "reviewTrigger", label: "Review trigger", type: "text", placeholder: "query performance degrades below 100ms P99 at 10M records" }
+    ],
+    tags: ["adr", "architecture", "decision", "documentation"],
+    version: "1.0.0"
+  },
+  {
+    id: "general/tech-debt",
+    name: "Tech Debt Inventory",
+    category: "general",
+    description: "Identify, prioritize, and plan a tech debt paydown",
+    template: `Create a tech debt inventory and paydown plan for {{project.name}} in {{project.language}}.
+
+Area of concern: {{area}}
+
+**Step 1 \u2014 Identify debt items**
+Analyze the described codebase area for:
+- Design debt: poor abstractions, wrong patterns, violated SOLID/DRY
+- Code debt: duplicated logic, dead code, magic numbers, missing types
+- Test debt: missing tests, brittle tests, slow test suite
+- Documentation debt: outdated docs, missing ADRs, no onboarding guide
+- Dependency debt: outdated packages, deprecated APIs, security CVEs
+- Infrastructure debt: manual processes that should be automated
+
+**Step 2 \u2014 Prioritize by impact \xD7 effort**
+For each item:
+| Debt Item | Type | Impact (1-5) | Effort (days) | Risk if ignored | Priority |
+|-----------|------|--------------|---------------|-----------------|----------|
+
+**Step 3 \u2014 Paydown plan for {{sprint}} sprints**
+- Items to tackle this sprint (highest impact/effort ratio)
+- Items to defer with a trigger condition for when to revisit
+- Items to accept and document as intentional constraints
+
+**Step 4 \u2014 Prevention**
+- What process change prevents this class of debt from re-accumulating?
+- Suggest a definition of done that includes tech debt hygiene`,
+    contextSchema: [
+      { key: "area", label: "Codebase area with debt", type: "text", placeholder: "Authentication module \u2014 was written in a hackathon, never cleaned up" },
+      { key: "sprint", label: "Planning horizon (sprints)", type: "text", default: "3" }
+    ],
+    tags: ["tech-debt", "refactoring", "planning", "general"],
+    version: "1.0.0"
+  },
+  {
+    id: "general/onboarding",
+    name: "Developer Onboarding",
+    category: "general",
+    description: "Create a new developer onboarding guide for a codebase",
+    template: `Write a developer onboarding guide for {{project.name}}.
+
+Role being onboarded: {{role}}
+Stack: {{project.language}}{{#if project.framework}} / {{project.framework}}{{/if}}
+
+The guide should get a developer from "just joined" to "merged first PR" in {{targetDays}} days.
+
+**Day 1 \u2014 Environment setup**
+1. Prerequisites (what must be installed)
+2. Clone + install: exact commands, not "install dependencies"
+3. Environment variables: copy .env.example \u2192 .env, document which vars need real values for local dev
+4. Run the app: exact command + expected output + URL
+5. Run the tests: expect all green
+
+**First week \u2014 Mental model**
+- Architecture overview: the 3 most important concepts to understand first
+- Key directories and what lives where
+- How data flows: from HTTP request to database and back
+- The 3 files to read first
+
+**First PR checklist**
+- Good first issues: what type of task is appropriate for the first contribution?
+- PR process: branch naming, commit format, review expectations
+- Definition of done for this project
+
+**Common pitfalls**
+- Top 3 things that trip up new developers on this codebase
+- Local gotchas (Windows/Mac differences, port conflicts, etc.)
+
+**Who to ask for what** \u2014 map topics to team members/channels`,
+    contextSchema: [
+      { key: "role", label: "Developer role being onboarded", type: "text", placeholder: "junior fullstack developer" },
+      { key: "targetDays", label: "Days to first PR", type: "text", default: "3" }
+    ],
+    tags: ["onboarding", "documentation", "team", "general"],
+    version: "1.0.0"
+  },
+  {
+    id: "general/api-design",
+    name: "API Design",
+    category: "general",
+    description: "Design a RESTful API from scratch with consistent conventions",
+    template: `Design a REST API for {{resource}} in {{project.name}}.
+
+Purpose: {{purpose}}
+Consumers: {{consumers}}
+
+**Resource model**
+- Primary resource: {{resource}}
+- Relationships: {{relationships}}
+- Actions that don't map to CRUD: {{customActions}}
+
+**Endpoint design**
+
+For each endpoint provide: method + path + description + request body + response shape + possible error codes
+
+Standard CRUD:
+- List (with filtering, sorting, pagination)
+- Get by ID
+- Create
+- Update (full replacement)
+- Partial update
+- Delete
+
+Custom actions: {{customActions}}
+
+**Conventions to follow**
+- Response envelope: { data, meta: { total, page, limit } } for lists; { data } for single
+- Error envelope: { error: { code, message, details? } }
+- Timestamps: ISO 8601 (2024-01-15T10:30:00Z)
+- IDs: UUID v4
+- Soft delete: return 404 for deleted resources (don't expose deleted=true)
+
+**Versioning strategy**: URI prefix /v1/
+
+Produce a full OpenAPI-style endpoint list with example request/response JSON.`,
+    contextSchema: [
+      { key: "resource", label: "Primary resource", type: "text", placeholder: "Blog Post" },
+      { key: "purpose", label: "API purpose", type: "text", placeholder: "Content management for a blog platform" },
+      { key: "consumers", label: "API consumers", type: "text", placeholder: "React SPA, iOS app, third-party webhook integrations" },
+      { key: "relationships", label: "Relationships", type: "text", placeholder: "Post belongs to User, has many Comments and Tags" },
+      { key: "customActions", label: "Non-CRUD actions", type: "text", placeholder: "publish, unpublish, duplicate" }
+    ],
+    tags: ["api", "rest", "design", "openapi"],
+    version: "1.0.0"
+  },
+  {
+    id: "general/incident-postmortem",
+    name: "Incident Post-mortem",
+    category: "general",
+    description: "Write a blameless post-mortem for a production incident",
+    template: `Write a blameless post-mortem for a production incident affecting {{project.name}}.
+
+Incident summary: {{summary}}
+Duration: {{duration}}
+Impact: {{impact}}
+
+# Post-mortem: {{summary}}
+
+## Timeline (UTC)
+| Time | Event |
+|------|-------|
+(fill in detection \u2192 diagnosis \u2192 mitigation \u2192 resolution)
+
+## Impact
+- Users affected: {{impact}}
+- Duration: {{duration}}
+- Services affected: {{services}}
+
+## Root Cause
+(The single technical root cause \u2014 not "human error")
+
+## Contributing Factors
+(Conditions that made the incident worse or harder to detect)
+
+## What Went Well
+- Fast detection
+- Clear communication
+- Effective rollback
+
+## What Went Poorly
+- (Honest assessment without blame)
+
+## Action Items
+| Action | Owner | Due Date | Priority |
+|--------|-------|----------|----------|
+| Add alert for [metric] | | | HIGH |
+| Add test for [scenario] | | | HIGH |
+| Update runbook for [procedure] | | | MEDIUM |
+
+## Lessons Learned
+Three concrete changes that will prevent this class of incident.
+
+## Blameless Culture Note
+Systems fail. This post-mortem focuses on fixing systems, not assigning blame. The people involved made reasonable decisions given what they knew at the time.`,
+    contextSchema: [
+      { key: "summary", label: "Incident summary", type: "text", placeholder: "Database connection pool exhaustion caused 15-minute outage" },
+      { key: "duration", label: "Incident duration", type: "text", placeholder: "47 minutes" },
+      { key: "impact", label: "User impact", type: "text", placeholder: "2,300 users unable to login; ~$8k revenue impact" },
+      { key: "services", label: "Services affected", type: "text", placeholder: "API server, dashboard, mobile app" }
+    ],
+    tags: ["incident", "postmortem", "sre", "general"],
+    version: "1.0.0"
+  }
+];
+
+// src/skills/registry.ts
+var SkillRegistry = class {
+  skills = /* @__PURE__ */ new Map();
+  compiled = /* @__PURE__ */ new Map();
+  constructor() {
+    Handlebars2.registerHelper("eq", (a, b) => a === b);
+    Handlebars2.registerHelper("ne", (a, b) => a !== b);
+    for (const skill of BUILT_IN_SKILLS) {
+      this.register(skill);
+    }
+  }
+  register(skill) {
+    this.skills.set(skill.id, skill);
+    this.compiled.set(skill.id, Handlebars2.compile(skill.template));
+  }
+  async loadUserSkills(skillsDir) {
+    try {
+      const entries = await fs6.readdir(skillsDir, { withFileTypes: true });
+      for (const entry of entries) {
+        if (!entry.name.endsWith(".json")) continue;
+        try {
+          const raw = await fs6.readFile(path6.join(skillsDir, entry.name), "utf-8");
+          const skill = JSON.parse(raw);
+          this.register(skill);
+        } catch {
+        }
+      }
+    } catch {
+    }
+  }
+  get(id) {
+    return this.skills.get(id);
+  }
+  list(filter) {
+    let skills = Array.from(this.skills.values());
+    if (filter?.category) skills = skills.filter((s) => s.category === filter.category);
+    if (filter?.tag) skills = skills.filter((s) => s.tags.includes(filter.tag));
+    return skills.sort((a, b) => a.category.localeCompare(b.category) || a.name.localeCompare(b.name));
+  }
+  listByCategory() {
+    const map = /* @__PURE__ */ new Map();
+    for (const skill of this.list()) {
+      const group = map.get(skill.category) ?? [];
+      group.push(skill);
+      map.set(skill.category, group);
+    }
+    return map;
+  }
+  render(id, context) {
+    const template = this.compiled.get(id);
+    if (!template) throw new Error(`Skill "${id}" not found.`);
+    return template(context);
+  }
+  count() {
+    const builtin = BUILT_IN_SKILLS.length;
+    return { builtin, custom: this.skills.size - builtin };
+  }
+  search(query) {
+    const q = query.toLowerCase();
+    return this.list().filter(
+      (s) => s.name.toLowerCase().includes(q) || s.description.toLowerCase().includes(q) || s.tags.some((t) => t.includes(q)) || s.id.toLowerCase().includes(q)
+    );
+  }
+};
+
+// src/adapters/types.ts
+var DEFAULT_MODELS = {
+  claude: "claude-sonnet-4-6",
+  openai: "gpt-4o",
+  gemini: "gemini-1.5-pro",
+  deepseek: "deepseek-chat"
+};
+
+// src/adapters/claude.ts
+var ClaudeAdapter = class {
+  provider = "claude";
+  model;
+  apiKeyEnv;
+  constructor(config) {
+    this.model = config.model ?? DEFAULT_MODELS.claude;
+    this.apiKeyEnv = config.apiKeyEnv;
+  }
+  isConfigured() {
+    return Boolean(process.env[this.apiKeyEnv]);
+  }
+  async complete(prompt, options = {}) {
+    const apiKey = process.env[this.apiKeyEnv];
+    if (!apiKey) {
+      throw new Error(
+        `Anthropic API key not found. Set the ${this.apiKeyEnv} environment variable.
+Get your key at https://console.anthropic.com/`
+      );
+    }
+    let Anthropic;
+    try {
+      ({ default: Anthropic } = await import("@anthropic-ai/sdk"));
+    } catch {
+      throw new Error(
+        "Anthropic SDK not installed. Run: npm install @anthropic-ai/sdk"
+      );
+    }
+    const client = new Anthropic({ apiKey });
+    const response = await client.messages.create({
+      model: this.model,
+      max_tokens: options.maxTokens ?? 4096,
+      ...options.system ? { system: options.system } : {},
+      messages: [{ role: "user", content: prompt }]
+    });
+    const block = response.content[0];
+    return block?.type === "text" ? block.text : "";
+  }
+};
+
+// src/adapters/openai.ts
+var OpenAIAdapter = class {
+  provider = "openai";
+  model;
+  apiKeyEnv;
+  constructor(config) {
+    this.model = config.model ?? DEFAULT_MODELS.openai;
+    this.apiKeyEnv = config.apiKeyEnv;
+  }
+  isConfigured() {
+    return Boolean(process.env[this.apiKeyEnv]);
+  }
+  async complete(prompt, options = {}) {
+    const apiKey = process.env[this.apiKeyEnv];
+    if (!apiKey) {
+      throw new Error(
+        `OpenAI API key not found. Set the ${this.apiKeyEnv} environment variable.
+Get your key at https://platform.openai.com/api-keys`
+      );
+    }
+    let OpenAI;
+    try {
+      ({ default: OpenAI } = await import("openai"));
+    } catch {
+      throw new Error("OpenAI SDK not installed. Run: npm install openai");
+    }
+    const client = new OpenAI({ apiKey });
+    const response = await client.chat.completions.create({
+      model: this.model,
+      max_tokens: options.maxTokens ?? 4096,
+      temperature: options.temperature ?? 0.7,
+      messages: [
+        ...options.system ? [{ role: "system", content: options.system }] : [],
+        { role: "user", content: prompt }
+      ]
+    });
+    return response.choices[0]?.message.content ?? "";
+  }
+};
+
+// src/adapters/gemini.ts
+var GeminiAdapter = class {
+  provider = "gemini";
+  model;
+  apiKeyEnv;
+  constructor(config) {
+    this.model = config.model ?? DEFAULT_MODELS.gemini;
+    this.apiKeyEnv = config.apiKeyEnv;
+  }
+  isConfigured() {
+    return Boolean(process.env[this.apiKeyEnv]);
+  }
+  async complete(prompt, options = {}) {
+    const apiKey = process.env[this.apiKeyEnv];
+    if (!apiKey) {
+      throw new Error(
+        `Gemini API key not found. Set the ${this.apiKeyEnv} environment variable.
+Get your key at https://aistudio.google.com/app/apikey`
+      );
+    }
+    let GoogleGenerativeAI;
+    try {
+      ({ GoogleGenerativeAI } = await import("@google/generative-ai"));
+    } catch {
+      throw new Error(
+        "Google AI SDK not installed. Run: npm install @google/generative-ai"
+      );
+    }
+    const genAI = new GoogleGenerativeAI(apiKey);
+    const genModel = genAI.getGenerativeModel({ model: this.model });
+    const fullPrompt = options.system ? `${options.system}
+
+${prompt}` : prompt;
+    const result = await genModel.generateContent(fullPrompt);
+    return result.response.text();
+  }
+};
+
+// src/adapters/deepseek.ts
+var DeepSeekAdapter = class {
+  provider = "deepseek";
+  model;
+  apiKeyEnv;
+  constructor(config) {
+    this.model = config.model ?? DEFAULT_MODELS.deepseek;
+    this.apiKeyEnv = config.apiKeyEnv;
+  }
+  isConfigured() {
+    return Boolean(process.env[this.apiKeyEnv]);
+  }
+  async complete(prompt, options = {}) {
+    const apiKey = process.env[this.apiKeyEnv];
+    if (!apiKey) {
+      throw new Error(
+        `DeepSeek API key not found. Set the ${this.apiKeyEnv} environment variable.
+Get your key at https://platform.deepseek.com/api_keys`
+      );
+    }
+    let OpenAI;
+    try {
+      ({ default: OpenAI } = await import("openai"));
+    } catch {
+      throw new Error(
+        "OpenAI SDK not installed (required for DeepSeek). Run: npm install openai"
+      );
+    }
+    const client = new OpenAI({
+      apiKey,
+      baseURL: "https://api.deepseek.com"
+    });
+    const response = await client.chat.completions.create({
+      model: this.model,
+      max_tokens: options.maxTokens ?? 4096,
+      temperature: options.temperature ?? 0.7,
+      messages: [
+        ...options.system ? [{ role: "system", content: options.system }] : [],
+        { role: "user", content: prompt }
+      ]
+    });
+    return response.choices[0]?.message.content ?? "";
+  }
+};
+
+// src/adapters/manager.ts
+var AdapterManager = class _AdapterManager {
+  static create(config) {
+    switch (config.provider) {
+      case "claude":
+        return new ClaudeAdapter(config);
+      case "openai":
+        return new OpenAIAdapter(config);
+      case "gemini":
+        return new GeminiAdapter(config);
+      case "deepseek":
+        return new DeepSeekAdapter(config);
+      default:
+        throw new Error(`Unknown AI provider: ${String(config.provider)}`);
+    }
+  }
+  static fromState(state) {
+    if (!state.aiConfig) return null;
+    return _AdapterManager.create(state.aiConfig);
+  }
+};
+export {
+  AdapterManager,
+  BUILT_IN_SKILLS,
+  BrainForgeServer,
+  ClaudeAdapter,
+  CodebaseMapper,
+  DeepSeekAdapter,
+  FileWatcher,
+  GeminiAdapter,
+  MockDefense,
+  OpenAIAdapter,
+  ProfessorScanner,
+  PromptEngine,
+  SkillRegistry,
+  StateManager,
+  TaskPlanner,
+  buildQuestionSet,
+  reduce
+};