@corbat-tech/coco 1.9.0 → 2.1.0

package/dist/index.js

@@ -1,6 +1,6 @@
 import { homedir } from 'os';
-import * as path14 from 'path';
-import path14__default, { dirname, join, basename } from 'path';
+import * as path15 from 'path';
+import path15__default, { dirname, join, basename, resolve } from 'path';
 import * as fs4 from 'fs';
 import fs4__default, { readFileSync, constants } from 'fs';
 import * as fs14 from 'fs/promises';
@@ -76,7 +76,9 @@ var init_paths = __esm({
       /** Checkpoints directory: ~/.coco/checkpoints/ */
       checkpoints: join(COCO_HOME, "checkpoints"),
       /** Search index directory: ~/.coco/search-index/ */
-      searchIndex: join(COCO_HOME, "search-index")
+      searchIndex: join(COCO_HOME, "search-index"),
+      /** Global skills directory: ~/.coco/skills/ */
+      skills: join(COCO_HOME, "skills")
     };
     ({
       /** Old config location */
@@ -88,7 +90,7 @@ function loadGlobalCocoEnv() {
   try {
     const home = process.env.HOME || process.env.USERPROFILE || "";
     if (!home) return;
-    const globalEnvPath = path14.join(home, ".coco", ".env");
+    const globalEnvPath = path15.join(home, ".coco", ".env");
     const content = fs4.readFileSync(globalEnvPath, "utf-8");
     for (const line of content.split("\n")) {
       const trimmed = line.trim();
@@ -116,12 +118,26 @@ function getApiKey(provider) {
       return process.env["GEMINI_API_KEY"] ?? process.env["GOOGLE_API_KEY"];
     case "kimi":
       return process.env["KIMI_API_KEY"] ?? process.env["MOONSHOT_API_KEY"];
+    case "kimi-code":
+      return process.env["KIMI_CODE_API_KEY"];
     case "lmstudio":
       return process.env["LMSTUDIO_API_KEY"] ?? "lm-studio";
     case "ollama":
       return process.env["OLLAMA_API_KEY"] ?? "ollama";
     case "codex":
       return void 0;
+    case "groq":
+      return process.env["GROQ_API_KEY"];
+    case "openrouter":
+      return process.env["OPENROUTER_API_KEY"];
+    case "mistral":
+      return process.env["MISTRAL_API_KEY"];
+    case "deepseek":
+      return process.env["DEEPSEEK_API_KEY"];
+    case "together":
+      return process.env["TOGETHER_API_KEY"];
+    case "huggingface":
+      return process.env["HF_TOKEN"] ?? process.env["HUGGINGFACE_API_KEY"];
     default:
       return void 0;
   }
@@ -134,12 +150,26 @@ function getBaseUrl(provider) {
       return process.env["OPENAI_BASE_URL"];
     case "kimi":
       return process.env["KIMI_BASE_URL"] ?? "https://api.moonshot.ai/v1";
+    case "kimi-code":
+      return process.env["KIMI_CODE_BASE_URL"] ?? "https://api.kimi.com/coding/v1";
     case "lmstudio":
       return process.env["LMSTUDIO_BASE_URL"] ?? "http://localhost:1234/v1";
     case "ollama":
       return process.env["OLLAMA_BASE_URL"] ?? "http://localhost:11434/v1";
     case "codex":
       return "https://chatgpt.com/backend-api/codex/responses";
+    case "groq":
+      return process.env["GROQ_BASE_URL"] ?? "https://api.groq.com/openai/v1";
+    case "openrouter":
+      return process.env["OPENROUTER_BASE_URL"] ?? "https://openrouter.ai/api/v1";
+    case "mistral":
+      return process.env["MISTRAL_BASE_URL"] ?? "https://api.mistral.ai/v1";
+    case "deepseek":
+      return process.env["DEEPSEEK_BASE_URL"] ?? "https://api.deepseek.com/v1";
+    case "together":
+      return process.env["TOGETHER_BASE_URL"] ?? "https://api.together.xyz/v1";
+    case "huggingface":
+      return process.env["HF_BASE_URL"] ?? "https://api-inference.huggingface.co/v1";
     default:
       return void 0;
   }
@@ -154,27 +184,58 @@ function getDefaultModel(provider) {
       return process.env["GEMINI_MODEL"] ?? "gemini-3-flash-preview";
     case "kimi":
       return process.env["KIMI_MODEL"] ?? "kimi-k2.5";
+    case "kimi-code":
+      return process.env["KIMI_CODE_MODEL"] ?? "kimi-for-coding";
     case "lmstudio":
       return process.env["LMSTUDIO_MODEL"] ?? "local-model";
     case "ollama":
       return process.env["OLLAMA_MODEL"] ?? "llama3.1";
     case "codex":
       return process.env["CODEX_MODEL"] ?? "gpt-5.3-codex";
+    case "groq":
+      return process.env["GROQ_MODEL"] ?? "llama-3.3-70b-versatile";
+    case "openrouter":
+      return process.env["OPENROUTER_MODEL"] ?? "anthropic/claude-opus-4-6";
+    case "mistral":
+      return process.env["MISTRAL_MODEL"] ?? "codestral-latest";
+    case "deepseek":
+      return process.env["DEEPSEEK_MODEL"] ?? "deepseek-coder";
+    case "together":
+      return process.env["TOGETHER_MODEL"] ?? "Qwen/Qwen2.5-Coder-32B-Instruct";
+    case "huggingface":
+      return process.env["HF_MODEL"] ?? "Qwen/Qwen2.5-Coder-32B-Instruct";
     default:
       return "gpt-5.3-codex";
   }
 }
 function getDefaultProvider() {
   const provider = process.env["COCO_PROVIDER"]?.toLowerCase();
-  if (provider && ["anthropic", "openai", "codex", "gemini", "kimi", "lmstudio", "ollama"].includes(provider)) {
+  if (provider && VALID_PROVIDERS.includes(provider)) {
     return provider;
   }
   return "anthropic";
 }
+var VALID_PROVIDERS;
 var init_env = __esm({
   "src/config/env.ts"() {
     init_paths();
     loadGlobalCocoEnv();
+    VALID_PROVIDERS = [
+      "anthropic",
+      "openai",
+      "codex",
+      "gemini",
+      "kimi",
+      "kimi-code",
+      "lmstudio",
+      "ollama",
+      "groq",
+      "openrouter",
+      "mistral",
+      "deepseek",
+      "together",
+      "huggingface"
+    ];
     ({
       provider: getDefaultProvider(),
       getApiKey,
@@ -187,10 +248,10 @@ function getAllowedPaths() {
   return [...sessionAllowedPaths];
 }
 function isWithinAllowedPath(absolutePath, operation) {
-  const normalizedTarget = path14__default.normalize(absolutePath);
+  const normalizedTarget = path15__default.normalize(absolutePath);
   for (const entry of sessionAllowedPaths) {
-    const normalizedAllowed = path14__default.normalize(entry.path);
-    if (normalizedTarget === normalizedAllowed || normalizedTarget.startsWith(normalizedAllowed + path14__default.sep)) {
+    const normalizedAllowed = path15__default.normalize(entry.path);
+    if (normalizedTarget === normalizedAllowed || normalizedTarget.startsWith(normalizedAllowed + path15__default.sep)) {
       if (operation === "read") return true;
       if (entry.level === "write") return true;
     }
@@ -198,8 +259,8 @@ function isWithinAllowedPath(absolutePath, operation) {
   return false;
 }
 function addAllowedPathToSession(dirPath, level) {
-  const absolute = path14__default.resolve(dirPath);
-  if (sessionAllowedPaths.some((e) => path14__default.normalize(e.path) === path14__default.normalize(absolute))) {
+  const absolute = path15__default.resolve(dirPath);
+  if (sessionAllowedPaths.some((e) => path15__default.normalize(e.path) === path15__default.normalize(absolute))) {
     return;
   }
   sessionAllowedPaths.push({
@@ -210,14 +271,14 @@ function addAllowedPathToSession(dirPath, level) {
 }
 async function persistAllowedPath(dirPath, level) {
   if (!currentProjectPath) return;
-  const absolute = path14__default.resolve(dirPath);
+  const absolute = path15__default.resolve(dirPath);
   const store = await loadStore();
   if (!store.projects[currentProjectPath]) {
     store.projects[currentProjectPath] = [];
   }
   const entries = store.projects[currentProjectPath];
-  const normalized = path14__default.normalize(absolute);
-  if (entries.some((e) => path14__default.normalize(e.path) === normalized)) {
+  const normalized = path15__default.normalize(absolute);
+  if (entries.some((e) => path15__default.normalize(e.path) === normalized)) {
     return;
   }
   entries.push({
@@ -237,7 +298,7 @@ async function loadStore() {
 }
 async function saveStore(store) {
   try {
-    await fs14__default.mkdir(path14__default.dirname(STORE_FILE), { recursive: true });
+    await fs14__default.mkdir(path15__default.dirname(STORE_FILE), { recursive: true });
     await fs14__default.writeFile(STORE_FILE, JSON.stringify(store, null, 2), "utf-8");
   } catch {
   }
@@ -246,7 +307,7 @@ var STORE_FILE, DEFAULT_STORE, sessionAllowedPaths, currentProjectPath;
 var init_allowed_paths = __esm({
   "src/tools/allowed-paths.ts"() {
     init_paths();
-    STORE_FILE = path14__default.join(CONFIG_PATHS.home, "allowed-paths.json");
+    STORE_FILE = path15__default.join(CONFIG_PATHS.home, "allowed-paths.json");
     DEFAULT_STORE = {
       version: 1,
       projects: {}
@@ -327,7 +388,7 @@ __export(allow_path_prompt_exports, {
   promptAllowPath: () => promptAllowPath
 });
 async function promptAllowPath(dirPath) {
-  const absolute = path14__default.resolve(dirPath);
+  const absolute = path15__default.resolve(dirPath);
   console.log();
   console.log(chalk3.yellow("  \u26A0 Access denied \u2014 path is outside the project directory"));
   console.log(chalk3.dim(`  \u{1F4C1} ${absolute}`));
@@ -1705,13 +1766,13 @@ function createSpecificationGenerator(llm, config) {
   return new SpecificationGenerator(llm, config);
 }
 function getPersistencePaths(projectPath) {
-  const baseDir = path14__default.join(projectPath, ".coco", "spec");
+  const baseDir = path15__default.join(projectPath, ".coco", "spec");
   return {
     baseDir,
-    sessionFile: path14__default.join(baseDir, "discovery-session.json"),
-    specFile: path14__default.join(baseDir, "spec.md"),
-    conversationLog: path14__default.join(baseDir, "conversation.jsonl"),
-    checkpointFile: path14__default.join(baseDir, "checkpoint.json")
+    sessionFile: path15__default.join(baseDir, "discovery-session.json"),
+    specFile: path15__default.join(baseDir, "spec.md"),
+    conversationLog: path15__default.join(baseDir, "conversation.jsonl"),
+    checkpointFile: path15__default.join(baseDir, "checkpoint.json")
   };
 }
 var SessionPersistence = class {
@@ -3741,7 +3802,7 @@ var OrchestrateExecutor = class {
   }
   async loadSpecification(projectPath) {
     try {
-      const jsonPath = path14__default.join(projectPath, ".coco", "spec", "spec.json");
+      const jsonPath = path15__default.join(projectPath, ".coco", "spec", "spec.json");
       const jsonContent = await fs14__default.readFile(jsonPath, "utf-8");
       return JSON.parse(jsonContent);
     } catch {
@@ -3753,7 +3814,7 @@ var OrchestrateExecutor = class {
       version: "1.0.0",
       generatedAt: /* @__PURE__ */ new Date(),
       overview: {
-        name: path14__default.basename(projectPath),
+        name: path15__default.basename(projectPath),
         description: "Project specification",
         goals: [],
         targetUsers: ["developers"],
@@ -3780,52 +3841,52 @@ var OrchestrateExecutor = class {
     };
   }
   async saveArchitecture(projectPath, architecture) {
-    const dir = path14__default.join(projectPath, ".coco", "architecture");
+    const dir = path15__default.join(projectPath, ".coco", "architecture");
     await fs14__default.mkdir(dir, { recursive: true });
-    const mdPath = path14__default.join(dir, "ARCHITECTURE.md");
+    const mdPath = path15__default.join(dir, "ARCHITECTURE.md");
     await fs14__default.writeFile(mdPath, generateArchitectureMarkdown(architecture), "utf-8");
-    const jsonPath = path14__default.join(dir, "architecture.json");
+    const jsonPath = path15__default.join(dir, "architecture.json");
     await fs14__default.writeFile(jsonPath, JSON.stringify(architecture, null, 2), "utf-8");
     return mdPath;
   }
   async saveADRs(projectPath, adrs) {
-    const dir = path14__default.join(projectPath, ".coco", "architecture", "adrs");
+    const dir = path15__default.join(projectPath, ".coco", "architecture", "adrs");
     await fs14__default.mkdir(dir, { recursive: true });
     const paths = [];
-    const indexPath = path14__default.join(dir, "README.md");
+    const indexPath = path15__default.join(dir, "README.md");
     await fs14__default.writeFile(indexPath, generateADRIndexMarkdown(adrs), "utf-8");
     paths.push(indexPath);
     for (const adr of adrs) {
       const filename = getADRFilename(adr);
-      const adrPath = path14__default.join(dir, filename);
+      const adrPath = path15__default.join(dir, filename);
       await fs14__default.writeFile(adrPath, generateADRMarkdown(adr), "utf-8");
       paths.push(adrPath);
     }
     return paths;
   }
   async saveBacklog(projectPath, backlogResult) {
-    const dir = path14__default.join(projectPath, ".coco", "planning");
+    const dir = path15__default.join(projectPath, ".coco", "planning");
     await fs14__default.mkdir(dir, { recursive: true });
-    const mdPath = path14__default.join(dir, "BACKLOG.md");
+    const mdPath = path15__default.join(dir, "BACKLOG.md");
     await fs14__default.writeFile(mdPath, generateBacklogMarkdown(backlogResult.backlog), "utf-8");
-    const jsonPath = path14__default.join(dir, "backlog.json");
+    const jsonPath = path15__default.join(dir, "backlog.json");
     await fs14__default.writeFile(jsonPath, JSON.stringify(backlogResult, null, 2), "utf-8");
     return mdPath;
   }
   async saveSprint(projectPath, sprint, backlogResult) {
-    const dir = path14__default.join(projectPath, ".coco", "planning", "sprints");
+    const dir = path15__default.join(projectPath, ".coco", "planning", "sprints");
     await fs14__default.mkdir(dir, { recursive: true });
     const filename = `${sprint.id}.md`;
-    const sprintPath = path14__default.join(dir, filename);
+    const sprintPath = path15__default.join(dir, filename);
     await fs14__default.writeFile(sprintPath, generateSprintMarkdown(sprint, backlogResult.backlog), "utf-8");
-    const jsonPath = path14__default.join(dir, `${sprint.id}.json`);
+    const jsonPath = path15__default.join(dir, `${sprint.id}.json`);
     await fs14__default.writeFile(jsonPath, JSON.stringify(sprint, null, 2), "utf-8");
     return sprintPath;
   }
   async saveDiagram(projectPath, id, mermaid) {
-    const dir = path14__default.join(projectPath, ".coco", "architecture", "diagrams");
+    const dir = path15__default.join(projectPath, ".coco", "architecture", "diagrams");
     await fs14__default.mkdir(dir, { recursive: true });
-    const diagramPath = path14__default.join(dir, `${id}.mmd`);
+    const diagramPath = path15__default.join(dir, `${id}.mmd`);
     await fs14__default.writeFile(diagramPath, mermaid, "utf-8");
     return diagramPath;
   }
@@ -3875,7 +3936,11 @@ var DEFAULT_QUALITY_THRESHOLDS = {
   target: {
     overall: 95,
     testCoverage: 90
-  }};
+  },
+  convergenceThreshold: 2,
+  maxIterations: 10,
+  minIterations: 2
+};
 async function detectTestFramework(projectPath) {
   try {
     const pkgPath = join(projectPath, "package.json");
@@ -3966,10 +4031,10 @@ var CoverageAnalyzer = class {
       join(this.projectPath, ".coverage", "coverage-summary.json"),
       join(this.projectPath, "coverage", "lcov-report", "coverage-summary.json")
     ];
-    for (const path37 of possiblePaths) {
+    for (const path38 of possiblePaths) {
       try {
-        await access(path37, constants.R_OK);
-        const content = await readFile(path37, "utf-8");
+        await access(path38, constants.R_OK);
+        const content = await readFile(path38, "utf-8");
         const report = JSON.parse(content);
         return parseCoverageSummary(report);
       } catch {
@@ -4057,7 +4122,7 @@ var SECURITY_PATTERNS = [
   },
   // Command Injection
   {
-    regex: /exec\s*\(/g,
+    regex: /(?:^|[\s;,({])exec\s*\(/gm,
     severity: "critical",
     type: "Command Injection",
     message: "Use of exec() can execute shell commands with user input",
@@ -4178,6 +4243,26 @@ var SECURITY_PATTERNS = [
     recommendation: "Validate JSON structure with JSON schema or Zod before parsing."
   }
 ];
+function computeSecurityScore(vulnerabilities) {
+  let score = 100;
+  for (const vuln of vulnerabilities) {
+    switch (vuln.severity) {
+      case "critical":
+        score -= 25;
+        break;
+      case "high":
+        score -= 10;
+        break;
+      case "medium":
+        score -= 5;
+        break;
+      case "low":
+        score -= 2;
+        break;
+    }
+  }
+  return Math.max(0, score);
+}
 var PatternSecurityScanner = class {
   /**
    * Scan files for security vulnerabilities using pattern matching
@@ -4228,32 +4313,8 @@ var PatternSecurityScanner = class {
     const lastLine = lines[lines.length - 1] ?? "";
     return lastLine.length + 1;
   }
-  /**
-   * Calculate security score based on vulnerabilities
-   * Critical: -25 points each
-   * High: -10 points each
-   * Medium: -5 points each
-   * Low: -2 points each
-   */
   calculateScore(vulnerabilities) {
-    let score = 100;
-    for (const vuln of vulnerabilities) {
-      switch (vuln.severity) {
-        case "critical":
-          score -= 25;
-          break;
-        case "high":
-          score -= 10;
-          break;
-        case "medium":
-          score -= 5;
-          break;
-        case "low":
-          score -= 2;
-          break;
-      }
-    }
-    return Math.max(0, score);
+    return computeSecurityScore(vulnerabilities);
   }
 };
 var SnykSecurityScanner = class {
@@ -4309,24 +4370,7 @@ var SnykSecurityScanner = class {
     }));
   }
   calculateScore(vulnerabilities) {
-    let score = 100;
-    for (const vuln of vulnerabilities) {
-      switch (vuln.severity) {
-        case "critical":
-          score -= 25;
-          break;
-        case "high":
-          score -= 10;
-          break;
-        case "medium":
-          score -= 5;
-          break;
-        case "low":
-          score -= 2;
-          break;
-      }
-    }
-    return Math.max(0, score);
+    return computeSecurityScore(vulnerabilities);
   }
 };
 var CompositeSecurityScanner = class {
@@ -4646,6 +4690,24 @@ var BuildVerifier = class {
           stderr: ""
         };
       }
+      const SAFE_BUILD_PATTERN = /^(npm|pnpm|yarn|bun)\s+(run\s+)?[\w:.-]+$|^npx\s+tsc(\s+--[\w-]+)*$/;
+      if (!SAFE_BUILD_PATTERN.test(buildCommand.trim())) {
+        return {
+          success: false,
+          errors: [
+            {
+              file: "",
+              line: 0,
+              column: 0,
+              message: `Unsafe build command rejected: ${buildCommand}`
+            }
+          ],
+          warnings: [],
+          duration: Date.now() - startTime,
+          stdout: "",
+          stderr: ""
+        };
+      }
       const { stdout, stderr } = await execAsync(buildCommand, {
         cwd: this.projectPath,
         timeout: 12e4,
@@ -4687,7 +4749,7 @@ var BuildVerifier = class {
   async verifyTypes() {
     const startTime = Date.now();
     try {
-      const hasTsConfig = await this.fileExists(path14.join(this.projectPath, "tsconfig.json"));
+      const hasTsConfig = await this.fileExists(path15.join(this.projectPath, "tsconfig.json"));
       if (!hasTsConfig) {
         return {
           success: true,
@@ -4737,7 +4799,7 @@ var BuildVerifier = class {
    */
   async detectBuildCommand() {
     try {
-      const packageJsonPath = path14.join(this.projectPath, "package.json");
+      const packageJsonPath = path15.join(this.projectPath, "package.json");
       const content = await fs14.readFile(packageJsonPath, "utf-8");
       const packageJson = JSON.parse(content);
       if (packageJson.scripts?.build) {
@@ -5154,10 +5216,6 @@ function analyzeRobustnessPatterns(ast) {
       if (currentFunctionHasTryCatch) {
         functionsWithTryCatch++;
       }
-      if (isFunctionNode) {
-        functions--;
-        functions++;
-      }
       insideFunction = previousInsideFunction;
       currentFunctionHasTryCatch = previousHasTryCatch;
       return;
@@ -5989,127 +6047,1511 @@ function analyzeMaintainabilityPatterns(ast, filePath) {
           traverse(child);
         }
       }
-    }
+    }
+  }
+  traverse(ast);
+  return {
+    lineCount: 0,
+    // Will be set separately from content
+    functionCount,
+    importCount,
+    crossBoundaryImportCount
+  };
+}
+function isCrossBoundaryImport(node, _filePath) {
+  if (node.source.type !== "Literal" || typeof node.source.value !== "string") {
+    return false;
+  }
+  const importPath = node.source.value;
+  if (importPath.startsWith("node:")) {
+    return false;
+  }
+  if (!importPath.startsWith(".")) {
+    return false;
+  }
+  if (importPath.startsWith("../")) {
+    return true;
+  }
+  if (importPath.startsWith("./")) {
+    const relativePath = importPath.slice(2);
+    return relativePath.includes("/");
+  }
+  return false;
+}
+function countLines(content) {
+  return content.split("\n").length;
+}
+var MaintainabilityAnalyzer = class {
+  constructor(projectPath) {
+    this.projectPath = projectPath;
+  }
+  /**
+   * Analyze maintainability of project files
+   */
+  async analyze(files) {
+    const targetFiles = files ?? await this.findSourceFiles();
+    if (targetFiles.length === 0) {
+      return {
+        score: 100,
+        fileLengthScore: 100,
+        functionCountScore: 100,
+        dependencyCountScore: 100,
+        couplingScore: 100,
+        averageFileLength: 0,
+        averageFunctionsPerFile: 0,
+        averageImportsPerFile: 0,
+        fileCount: 0,
+        details: "No files to analyze"
+      };
+    }
+    let totalLines = 0;
+    let totalFunctions = 0;
+    let totalImports = 0;
+    let totalCrossBoundaryImports = 0;
+    let filesAnalyzed = 0;
+    for (const file of targetFiles) {
+      try {
+        const content = await readFile(file, "utf-8");
+        const lineCount = countLines(content);
+        const ast = parse(content, {
+          loc: true,
+          range: true,
+          jsx: file.endsWith(".tsx") || file.endsWith(".jsx")
+        });
+        const result = analyzeMaintainabilityPatterns(ast, file);
+        totalLines += lineCount;
+        totalFunctions += result.functionCount;
+        totalImports += result.importCount;
+        totalCrossBoundaryImports += result.crossBoundaryImportCount;
+        filesAnalyzed++;
+      } catch {
+      }
+    }
+    const averageFileLength = filesAnalyzed > 0 ? totalLines / filesAnalyzed : 0;
+    const averageFunctionsPerFile = filesAnalyzed > 0 ? totalFunctions / filesAnalyzed : 0;
+    const averageImportsPerFile = filesAnalyzed > 0 ? totalImports / filesAnalyzed : 0;
+    const fileLengthScore = Math.max(0, Math.min(100, 100 - (averageFileLength - 200) * 0.33));
+    const functionCountScore = Math.max(0, Math.min(100, 100 - (averageFunctionsPerFile - 10) * 5));
+    const dependencyCountScore = Math.max(0, Math.min(100, 100 - (averageImportsPerFile - 5) * 5));
+    const crossBoundaryRatio = totalImports > 0 ? totalCrossBoundaryImports / totalImports : 0;
+    const couplingScore = Math.max(0, Math.min(100, 100 - crossBoundaryRatio * 100 * 0.5));
+    const score = Math.round(
+      fileLengthScore * 0.3 + functionCountScore * 0.25 + dependencyCountScore * 0.25 + couplingScore * 0.2
+    );
+    const details = [
+      `${Math.round(averageFileLength)} avg lines/file`,
+      `${averageFunctionsPerFile.toFixed(1)} avg functions/file`,
+      `${averageImportsPerFile.toFixed(1)} avg imports/file`,
+      `${Math.round(crossBoundaryRatio * 100)}% cross-boundary coupling`
+    ].join(", ");
+    return {
+      score,
+      fileLengthScore,
+      functionCountScore,
+      dependencyCountScore,
+      couplingScore,
+      averageFileLength,
+      averageFunctionsPerFile,
+      averageImportsPerFile,
+      fileCount: filesAnalyzed,
+      details
+    };
+  }
+  async findSourceFiles() {
+    return glob("**/*.{ts,js,tsx,jsx}", {
+      cwd: this.projectPath,
+      absolute: true,
+      ignore: ["**/node_modules/**", "**/*.test.*", "**/*.spec.*", "**/dist/**", "**/build/**"]
+    });
+  }
+};
+var PROJECT_CONFIG_FILENAME = ".coco.config.json";
+var QualityWeightsOverrideSchema = z.object({
+  correctness: z.number().min(0).max(1),
+  completeness: z.number().min(0).max(1),
+  robustness: z.number().min(0).max(1),
+  readability: z.number().min(0).max(1),
+  maintainability: z.number().min(0).max(1),
+  complexity: z.number().min(0).max(1),
+  duplication: z.number().min(0).max(1),
+  testCoverage: z.number().min(0).max(1),
+  testQuality: z.number().min(0).max(1),
+  security: z.number().min(0).max(1),
+  documentation: z.number().min(0).max(1),
+  style: z.number().min(0).max(1)
+}).partial();
+var ProjectQualityOverridesSchema = z.object({
+  /** Minimum overall score (0–100). Default: 85 */
+  minScore: z.number().min(0).max(100).optional(),
+  /** Minimum test-coverage percentage (0–100). Default: 80 */
+  minCoverage: z.number().min(0).max(100).optional(),
+  /** Maximum convergence iterations. Default: 10 */
+  maxIterations: z.number().min(1).max(50).optional(),
+  /** Required security score (0–100). Default: 100 */
+  securityThreshold: z.number().min(0).max(100).optional(),
+  /** Per-dimension weight overrides */
+  weights: QualityWeightsOverrideSchema.optional(),
+  /** Stored but not yet enforced by analyzers — reserved for a future release. */
+  ignoreRules: z.array(z.string()).optional(),
+  /** Stored but not yet enforced by analyzers — reserved for a future release. */
+  ignoreFiles: z.array(z.string()).optional()
+});
+var ProjectAnalyzersConfigSchema = z.object({
+  /** Restrict analysis to these language IDs (default: auto-detect) */
+  enabledLanguages: z.array(z.string()).optional(),
+  /** Java-specific options */
+  java: z.object({
+    /** Minimum line coverage expected from JaCoCo report */
+    minCoverage: z.number().min(0).max(100).optional(),
+    /** Custom path to jacoco.xml relative to project root */
+    reportPath: z.string().optional()
+  }).optional(),
+  /** React-specific options */
+  react: z.object({
+    /** Run accessibility (a11y) checks. Default: true */
+    checkA11y: z.boolean().optional(),
+    /** Enforce React Rules of Hooks. Default: true */
+    checkHooks: z.boolean().optional(),
+    /** Run component-quality checks. Default: true */
+    checkComponents: z.boolean().optional()
+  }).optional()
+});
+var ProjectConfigSchema = z.object({
+  /** Human-readable project name */
+  name: z.string().optional(),
+  /** SemVer string for the config schema itself */
+  version: z.string().optional(),
+  /** Short project description */
+  description: z.string().optional(),
+  /**
+   * Primary project language ID.
+   * Used when auto-detection is ambiguous.
+   * @example "typescript" | "java" | "react-typescript"
+   */
+  language: z.string().optional(),
+  /** Quality threshold and weight overrides */
+  quality: ProjectQualityOverridesSchema.optional(),
+  /** Analyzer-specific settings */
+  analyzers: ProjectAnalyzersConfigSchema.optional(),
+  /**
+   * Path to a base config to inherit from (relative to this file).
+   * Merged shallowly; this file wins on conflicts.
+   * @note extend is resolved only one level deep — chaining (A extends B extends C) is not supported.
+   * @example "../shared/.coco.config.json"
+   */
+  extend: z.string().optional()
+});
+function getProjectConfigPath(projectPath) {
+  return join(resolve(projectPath), PROJECT_CONFIG_FILENAME);
+}
+async function loadProjectConfig(projectPath) {
+  const configPath = getProjectConfigPath(projectPath);
+  let raw;
+  try {
+    raw = await readFile(configPath, "utf-8");
+  } catch (err) {
+    if (err.code === "ENOENT") return null;
+    throw err;
+  }
+  const parsed = JSON.parse(raw);
+  const result = ProjectConfigSchema.safeParse(parsed);
+  if (!result.success) {
+    throw new Error(`Invalid ${PROJECT_CONFIG_FILENAME} at ${configPath}: ${result.error.message}`);
+  }
+  let config = result.data;
+  if (config.extend) {
+    const basePath = resolve(dirname(configPath), config.extend);
+    let baseRaw;
+    try {
+      baseRaw = await readFile(basePath, "utf-8");
+    } catch (err) {
+      throw new Error(
+        `Cannot extend "${config.extend}" \u2014 file not found at ${basePath}: ${String(err)}`
+      );
+    }
+    const baseResult = ProjectConfigSchema.safeParse(JSON.parse(baseRaw));
+    if (!baseResult.success) {
+      throw new Error(
+        `Invalid base config at "${config.extend}" (resolved to ${basePath}): ${baseResult.error.message}`
+      );
+    }
+    config = mergeProjectConfigs(baseResult.data, config);
+  }
+  return config;
+}
+function mergeProjectConfigs(base, override) {
+  const hasQuality = base.quality !== void 0 || override.quality !== void 0;
+  const hasAnalyzers = base.analyzers !== void 0 || override.analyzers !== void 0;
+  return {
+    ...base,
+    ...override,
+    quality: hasQuality ? {
+      ...base.quality,
+      ...override.quality,
+      weights: base.quality?.weights !== void 0 || override.quality?.weights !== void 0 ? { ...base.quality?.weights, ...override.quality?.weights } : void 0,
+      ignoreRules: [
+        ...base.quality?.ignoreRules ?? [],
+        ...override.quality?.ignoreRules ?? []
+      ],
+      ignoreFiles: [
+        ...base.quality?.ignoreFiles ?? [],
+        ...override.quality?.ignoreFiles ?? []
+      ]
+    } : void 0,
+    analyzers: hasAnalyzers ? {
+      ...base.analyzers,
+      ...override.analyzers,
+      java: base.analyzers?.java !== void 0 || override.analyzers?.java !== void 0 ? { ...base.analyzers?.java, ...override.analyzers?.java } : void 0,
+      react: base.analyzers?.react !== void 0 || override.analyzers?.react !== void 0 ? { ...base.analyzers?.react, ...override.analyzers?.react } : void 0
+    } : void 0
+  };
+}
+
+// src/quality/quality-bridge.ts
+({
+  minScore: DEFAULT_QUALITY_THRESHOLDS.minimum.overall,
+  targetScore: DEFAULT_QUALITY_THRESHOLDS.target.overall,
+  maxIterations: DEFAULT_QUALITY_THRESHOLDS.maxIterations,
+  stableDeltaThreshold: DEFAULT_QUALITY_THRESHOLDS.convergenceThreshold
+});
+function thresholdsFromProjectConfig(config) {
+  const q = config.quality;
+  if (!q) return {};
+  const result = {};
+  const hasMinimum = q.minScore !== void 0 || q.minCoverage !== void 0 || q.securityThreshold !== void 0;
+  if (hasMinimum) {
+    result.minimum = {
+      overall: q.minScore ?? DEFAULT_QUALITY_THRESHOLDS.minimum.overall,
+      testCoverage: q.minCoverage ?? DEFAULT_QUALITY_THRESHOLDS.minimum.testCoverage,
+      security: q.securityThreshold ?? DEFAULT_QUALITY_THRESHOLDS.minimum.security
+    };
+  }
+  if (q.maxIterations !== void 0) {
+    result.maxIterations = q.maxIterations;
+    result.convergenceThreshold = DEFAULT_QUALITY_THRESHOLDS.convergenceThreshold;
+  }
+  return result;
+}
+function mergeThresholds(base, overrides) {
+  return {
+    ...base,
+    ...overrides,
+    minimum: overrides.minimum ? { ...base.minimum, ...overrides.minimum } : base.minimum,
+    target: overrides.target ? { ...base.target, ...overrides.target } : base.target
+  };
+}
+function resolvedThresholds(projectConfig) {
+  if (!projectConfig) return DEFAULT_QUALITY_THRESHOLDS;
+  return mergeThresholds(DEFAULT_QUALITY_THRESHOLDS, thresholdsFromProjectConfig(projectConfig));
+}
+function weightsFromProjectConfig(config) {
+  const overrides = config.quality?.weights;
+  if (!overrides || Object.keys(overrides).length === 0) {
+    return DEFAULT_QUALITY_WEIGHTS;
+  }
+  const merged = { ...DEFAULT_QUALITY_WEIGHTS, ...overrides };
+  const total = Object.values(merged).reduce((s, v) => s + v, 0);
+  if (total === 0) return DEFAULT_QUALITY_WEIGHTS;
+  return Object.fromEntries(
+    Object.entries(merged).map(([k, v]) => [k, v / total])
+  );
+}
+function resolvedWeights(projectConfig) {
+  if (!projectConfig) return DEFAULT_QUALITY_WEIGHTS;
+  return weightsFromProjectConfig(projectConfig);
+}
+var EXTENSION_MAP = {
+  ".ts": "typescript",
+  ".d.ts": "typescript",
+  ".tsx": "react-typescript",
+  ".js": "javascript",
+  ".mjs": "javascript",
+  ".cjs": "javascript",
+  ".jsx": "react-javascript",
+  ".java": "java",
+  ".py": "python",
+  ".go": "go",
+  ".rs": "rust"
+};
+function detectLanguage(filePath, content) {
+  if (!filePath) return "unknown";
+  const ext = getFileExtension(filePath);
+  const langByExt = EXTENSION_MAP[ext];
+  if (!langByExt) return "unknown";
+  return langByExt;
+}
+function detectProjectLanguage(files) {
+  if (!files.length) {
+    return { language: "unknown", confidence: 0, evidence: [] };
+  }
+  const counts = /* @__PURE__ */ new Map();
+  let totalSourceFiles = 0;
+  for (const file of files) {
+    const lang = detectLanguage(file);
+    if (lang !== "unknown") {
+      counts.set(lang, (counts.get(lang) ?? 0) + 1);
+      totalSourceFiles++;
+    }
+  }
+  if (totalSourceFiles === 0) {
+    return { language: "unknown", confidence: 0, evidence: [] };
+  }
+  let maxCount = 0;
+  let dominant = "unknown";
+  for (const [lang, count] of counts) {
+    if (count > maxCount) {
+      maxCount = count;
+      dominant = lang;
+    }
+  }
+  const confidence = maxCount / totalSourceFiles;
+  const evidence = buildEvidence(dominant, counts, totalSourceFiles, files);
+  const tsxCount = counts.get("react-typescript") ?? 0;
+  const tsCount = counts.get("typescript") ?? 0;
+  if (dominant === "typescript" && tsxCount > 0 && tsxCount >= tsCount * 0.3) {
+    return {
+      language: "react-typescript",
+      confidence,
+      evidence: [...evidence, `${tsxCount} React (.tsx) files detected`]
+    };
+  }
+  return { language: dominant, confidence, evidence };
+}
+function getFileExtension(filePath) {
+  const base = path15.basename(filePath);
+  if (base.endsWith(".d.ts")) return ".d.ts";
+  return path15.extname(filePath).toLowerCase();
+}
+function buildEvidence(dominant, counts, totalSourceFiles, files) {
+  const evidence = [];
+  const dominantCount = counts.get(dominant) ?? 0;
+  evidence.push(`${dominantCount} of ${totalSourceFiles} source files are ${dominant}`);
+  const configFiles = ["tsconfig.json", "pom.xml", "build.gradle", "Cargo.toml", "go.mod"];
+  for (const cfg of configFiles) {
+    if (files.some((f) => path15.basename(f) === cfg)) {
+      evidence.push(`Found ${cfg}`);
+    }
+  }
+  return evidence;
+}
+async function findJavaFiles(projectPath, options) {
+  const { includeTests = true, srcPattern = "**/*.java" } = options ?? {};
+  const ignore = ["**/node_modules/**", "**/target/**", "**/build/**"];
+  if (!includeTests) {
+    ignore.push("**/*Test*.java", "**/*Spec*.java");
+  }
+  return glob(srcPattern, {
+    cwd: projectPath,
+    absolute: true,
+    ignore
+  });
+}
+var BRANCH_KEYWORDS = /\b(if|else if|for|while|do|case|catch|&&|\|\||\?)\b/g;
+var METHOD_PATTERN = /(?:public|private|protected|static|final|synchronized|abstract)\s+[\w<>[\]]+\s+\w+\s*\([^)]*\)\s*(?:throws\s+[\w,\s]+)?\s*\{/g;
+var JavaComplexityAnalyzer = class {
+  constructor(projectPath) {
+    this.projectPath = projectPath;
+  }
+  async analyze(files) {
+    const javaFiles = files ?? await findJavaFiles(this.projectPath);
+    if (!javaFiles.length) {
+      return { score: 100, totalMethods: 0, averageComplexity: 1, complexMethods: [] };
+    }
+    const fileContents = await Promise.all(
+      javaFiles.map(async (f) => ({
+        path: f,
+        content: await readFile(f, "utf-8").catch(() => "")
+      }))
+    );
+    return this.analyzeContent(fileContents);
+  }
+  analyzeContent(files) {
+    if (!files.length) {
+      return { score: 100, totalMethods: 0, averageComplexity: 1, complexMethods: [] };
+    }
+    let totalComplexity = 0;
+    let totalMethods = 0;
+    const complexMethods = [];
+    for (const { path: filePath, content } of files) {
+      const methods = this.extractMethodBlocks(content);
+      for (const method of methods) {
+        const complexity = this.calculateComplexity(method.body);
+        totalComplexity += complexity;
+        totalMethods++;
+        if (complexity > 10) {
+          complexMethods.push({ method: method.name, file: filePath, complexity });
+        }
+      }
+    }
+    const averageComplexity = totalMethods > 0 ? totalComplexity / totalMethods : 1;
+    const score = Math.max(0, Math.min(100, Math.round(100 - (averageComplexity - 1) * 6.5)));
+    return { score, totalMethods, averageComplexity, complexMethods };
+  }
+  extractMethodBlocks(content) {
+    const methods = [];
+    const methodRegex = new RegExp(METHOD_PATTERN.source, "g");
+    let match;
+    while ((match = methodRegex.exec(content)) !== null) {
+      const nameMatch = /\s(\w+)\s*\(/.exec(match[0]);
+      const methodName = nameMatch ? nameMatch[1] ?? "unknown" : "unknown";
+      const body = this.extractBlock(content, match.index + match[0].length - 1);
+      methods.push({ name: methodName, body });
+    }
+    return methods;
+  }
+  extractBlock(content, openBraceIndex) {
+    let depth = 1;
+    let i = openBraceIndex + 1;
+    while (i < content.length && depth > 0) {
+      if (content[i] === "{") depth++;
+      else if (content[i] === "}") depth--;
+      i++;
+    }
+    return content.slice(openBraceIndex, i);
+  }
+  calculateComplexity(body) {
+    const matches = body.match(BRANCH_KEYWORDS) ?? [];
+    return 1 + matches.length;
+  }
+};
+var JAVA_SECURITY_PATTERNS = [
+  // SQL Injection — string concatenation in any execute/executeQuery/executeUpdate call
+  {
+    regex: /\.execute[A-Za-z]*\s*\(\s*["'][^"']*["']\s*\+/,
+    severity: "critical",
+    type: "SQL Injection",
+    description: "String concatenation in SQL query \u2014 vulnerable to injection",
+    recommendation: "Use PreparedStatement with parameterized queries",
+    cwe: "CWE-89"
+  },
+  {
+    regex: /createQuery\s*\(\s*["'].*\+|createNativeQuery\s*\(\s*["'].*\+/,
+    severity: "critical",
+    type: "SQL Injection (JPQL)",
+    description: "String concatenation in JPQL/native query",
+    recommendation: "Use named parameters with setParameter()",
+    cwe: "CWE-89"
+  },
+  // Hardcoded Credentials
+  {
+    regex: /(?:password|passwd|secret|apiKey|api_key)\s*=\s*["'][^"']{4,}["']/i,
+    severity: "high",
+    type: "Hardcoded Credential",
+    description: "Hardcoded credential or secret detected",
+    recommendation: "Store credentials in environment variables or a secrets manager",
+    cwe: "CWE-798"
+  },
+  // Unsafe Deserialization
+  {
+    regex: /new\s+(?:java\.io\.)?ObjectInputStream/,
+    severity: "high",
+    type: "Unsafe Deserialization",
+    description: "Unsafe Java deserialization can lead to RCE",
+    recommendation: "Use safer serialization formats (JSON) or whitelist classes",
+    cwe: "CWE-502"
+  },
+  // Path Traversal
+  {
+    regex: /new\s+(?:java\.io\.)?File\s*\(\s*(?:request\.|user|input)/,
+    severity: "high",
+    type: "Path Traversal",
+    description: "File path constructed from user input",
+    recommendation: "Sanitize and validate file paths; use Paths.get() with canonical path check",
+    cwe: "CWE-22"
+  },
+  // Command Injection
+  {
+    regex: /Runtime\.getRuntime\(\)\.exec\s*\(\s*[^"]/,
+    severity: "critical",
+    type: "Command Injection",
+    description: "Dynamic command execution \u2014 vulnerable to injection",
+    recommendation: "Use ProcessBuilder with a fixed command array",
+    cwe: "CWE-78"
+  },
+  // XXE
+  {
+    regex: /DocumentBuilderFactory\s*\.\s*newInstance\s*\(\s*\)/,
+    severity: "high",
+    type: "XML External Entity (XXE)",
+    description: "XML parsing without disabling external entities",
+    recommendation: "Disable external entities: factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true)",
+    cwe: "CWE-611"
+  },
+  // Insecure Random
+  {
+    regex: /new\s+(?:java\.util\.)?Random\s*\(\s*\)(?!\s*\/\/.*secure)/,
+    severity: "medium",
+    type: "Insecure Random",
+    description: "java.util.Random is not cryptographically secure",
+    recommendation: "Use SecureRandom for security-sensitive operations",
+    cwe: "CWE-338"
+  }
+];
+var JavaSecurityAnalyzer = class {
+  constructor(projectPath) {
+    this.projectPath = projectPath;
+  }
+  async analyze(files) {
+    const javaFiles = files ?? await findJavaFiles(this.projectPath, { includeTests: false });
+    if (!javaFiles.length) {
+      return { score: 100, vulnerabilities: [] };
+    }
+    const fileContents = await Promise.all(
+      javaFiles.map(async (f) => ({
+        path: f,
+        content: await readFile(f, "utf-8").catch(() => "")
+      }))
+    );
+    return this.analyzeContent(fileContents);
+  }
+  analyzeContent(files) {
+    if (!files.length) return { score: 100, vulnerabilities: [] };
+    const vulnerabilities = [];
+    for (const { path: filePath, content } of files) {
+      const lines = content.split("\n");
+      for (const pattern of JAVA_SECURITY_PATTERNS) {
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i] ?? "";
+          if (pattern.regex.test(line)) {
+            vulnerabilities.push({
+              severity: pattern.severity,
+              type: pattern.type,
+              file: filePath,
+              line: i + 1,
+              description: pattern.description,
+              recommendation: pattern.recommendation,
+              cwe: pattern.cwe
+            });
+          }
+        }
+      }
+    }
+    const score = this.calculateScore(vulnerabilities);
+    return { score, vulnerabilities };
+  }
+  calculateScore(vulns) {
+    let score = 100;
+    for (const v of vulns) {
+      switch (v.severity) {
+        case "critical":
+          score -= 30;
+          break;
+        case "high":
+          score -= 15;
+          break;
+        case "medium":
+          score -= 7;
+          break;
+        case "low":
+          score -= 3;
+          break;
+      }
+    }
+    return Math.max(0, score);
+  }
+};
+var MAX_LINE_LENGTH = 120;
+var JavaStyleAnalyzer = class {
+  constructor(projectPath) {
+    this.projectPath = projectPath;
+  }
+  async analyze(files) {
+    const javaFiles = files ?? await findJavaFiles(this.projectPath);
+    if (!javaFiles.length) return { score: 100, violations: [] };
+    const fileContents = await Promise.all(
+      javaFiles.map(async (f) => ({
+        path: f,
+        content: await readFile(f, "utf-8").catch(() => "")
+      }))
+    );
+    return this.analyzeContent(fileContents);
+  }
+  analyzeContent(files) {
+    if (!files.length) return { score: 100, violations: [] };
+    const violations = [];
+    for (const { path: filePath, content } of files) {
+      violations.push(...this.checkFile(filePath, content));
+    }
+    const deduction = violations.reduce((sum, v) => sum + (v.severity === "error" ? 10 : 5), 0);
+    const score = Math.max(0, 100 - deduction);
+    return { score, violations };
+  }
+  checkFile(filePath, content) {
+    const violations = [];
+    const lines = content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i] ?? "";
+      const lineNum = i + 1;
+      if (line.length > MAX_LINE_LENGTH) {
+        violations.push({
+          rule: "LineLength",
+          file: filePath,
+          line: lineNum,
+          message: `Line length ${line.length} exceeds ${MAX_LINE_LENGTH} characters`,
+          severity: "warning"
+        });
+      }
+      const classMatch = /^(?:public|private|protected)?\s*(?:class|interface|enum|record)\s+([a-z]\w*)/.exec(line);
+      if (classMatch) {
+        violations.push({
+          rule: "TypeName",
+          file: filePath,
+          line: lineNum,
+          message: `Type name '${classMatch[1]}' should start with uppercase letter (PascalCase)`,
+          severity: "error"
+        });
+      }
+      const methodMatch = /\b(?:public|private|protected|static)\s+(?!class|interface|enum|record|new\b)(?:void|[\w<>[\]]+)\s+([A-Z]\w*)\s*\(/.exec(
+        line
+      );
+      if (methodMatch && !line.trim().startsWith("class") && !line.includes("class ")) {
+        violations.push({
+          rule: "MethodName",
+          file: filePath,
+          line: lineNum,
+          message: `Method name '${methodMatch[1]}' should start with lowercase letter (camelCase)`,
+          severity: "error"
+        });
+      }
+      const constantMatch = /\bpublic\s+static\s+final\s+\w+\s+([a-z][a-zA-Z]+)\s*=/.exec(line);
+      if (constantMatch) {
+        violations.push({
+          rule: "ConstantName",
+          file: filePath,
+          line: lineNum,
+          message: `Constant '${constantMatch[1]}' should be UPPER_SNAKE_CASE`,
+          severity: "warning"
+        });
+      }
+      const paramsMatch = /\w+\s+\w+\s*\(([^)]+)\)/.exec(line);
+      if (paramsMatch) {
+        const paramCount = (paramsMatch[1] ?? "").split(",").length;
+        if (paramCount > 5) {
+          violations.push({
+            rule: "ParameterNumber",
+            file: filePath,
+            line: lineNum,
+            message: `Method has ${paramCount} parameters (max recommended: 5)`,
+            severity: "warning"
+          });
+        }
+      }
+      if (/\)\{/.test(line) || /\belse\{/.test(line)) {
+        violations.push({
+          rule: "WhitespaceAround",
+          file: filePath,
+          line: lineNum,
+          message: "Missing space before '{'",
+          severity: "warning"
+        });
+      }
+    }
+    return violations;
+  }
+};
+var JavaDocumentationAnalyzer = class {
+  constructor(projectPath) {
+    this.projectPath = projectPath;
+  }
+  async analyze(files) {
+    const javaFiles = files ?? await findJavaFiles(this.projectPath, { srcPattern: "src/main/**/*.java" });
+    if (!javaFiles.length) {
+      return {
+        score: 100,
+        javadocCoverage: 1,
+        totalMethods: 0,
+        documentedMethods: 0,
+        undocumentedPublicMethods: []
+      };
+    }
+    const fileContents = await Promise.all(
+      javaFiles.map(async (f) => ({
+        path: f,
+        content: await readFile(f, "utf-8").catch(() => "")
+      }))
+    );
+    return this.analyzeContent(fileContents);
+  }
+  analyzeContent(files) {
+    if (!files.length) {
+      return {
+        score: 100,
+        javadocCoverage: 1,
+        totalMethods: 0,
+        documentedMethods: 0,
+        undocumentedPublicMethods: []
+      };
+    }
+    let totalMethods = 0;
+    let documentedMethods = 0;
+    const undocumentedPublicMethods = [];
+    for (const { content } of files) {
+      const lines = content.split("\n");
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        if (/\b(?:public)\s+(?!class|interface|enum|record)[\w<>[\]]+\s+\w+\s*\(/.test(line)) {
+          totalMethods++;
+          const isDocumented = this.hasPrecedingJavadoc(lines, i);
+          if (isDocumented) {
+            documentedMethods++;
+          } else {
+            const nameMatch = /\s(\w+)\s*\(/.exec(line);
+            if (nameMatch) undocumentedPublicMethods.push(nameMatch[1] ?? "unknown");
+          }
+        }
+      }
+    }
+    const javadocCoverage = totalMethods > 0 ? documentedMethods / totalMethods : 1;
+    const score = Math.round(javadocCoverage * 100);
+    return { score, javadocCoverage, totalMethods, documentedMethods, undocumentedPublicMethods };
+  }
+  hasPrecedingJavadoc(lines, methodLineIndex) {
+    for (let i = methodLineIndex - 1; i >= 0; i--) {
+      const prevLine = (lines[i] ?? "").trim();
+      if (prevLine === "") continue;
+      if (prevLine.endsWith("*/")) {
+        for (let j = i; j >= 0; j--) {
+          const docLine = (lines[j] ?? "").trim();
+          if (docLine.startsWith("/**")) return true;
+          if (!docLine.startsWith("*") && !docLine.startsWith("/**")) break;
+        }
+      }
+      break;
+    }
+    return false;
+  }
+};
+var JACOCO_REPORT_PATHS = [
+  "target/site/jacoco/jacoco.xml",
+  "build/reports/jacoco/test/jacocoTestReport.xml",
+  "build/reports/jacoco/jacocoTestReport.xml"
+];
+var JavaCoverageAnalyzer = class {
+  constructor(projectPath) {
+    this.projectPath = projectPath;
+  }
+  async analyze() {
+    for (const reportPath of JACOCO_REPORT_PATHS) {
+      try {
+        const xml2 = await readFile(join(this.projectPath, reportPath), "utf-8");
+        const result = this.parseJacocoXml(xml2);
+        return { ...result, reportFound: true };
+      } catch {
+      }
+    }
+    return { score: 50, lineCoverage: 0, branchCoverage: 0, methodCoverage: 0, reportFound: false };
+  }
+  parseJacocoXml(xml2) {
+    if (!xml2.trim()) {
+      return {
+        score: 0,
+        lineCoverage: 0,
+        branchCoverage: 0,
+        methodCoverage: 0,
+        reportFound: false
+      };
+    }
+    const lineCoverage = this.extractCoverage(xml2, "LINE");
+    const branchCoverage = this.extractCoverage(xml2, "BRANCH");
+    const methodCoverage = this.extractCoverage(xml2, "METHOD");
+    const score = Math.round(lineCoverage * 0.5 + branchCoverage * 0.35 + methodCoverage * 0.15);
+    return { score, lineCoverage, branchCoverage, methodCoverage, reportFound: true };
+  }
+  extractCoverage(xml2, type) {
+    const regex = new RegExp(`<counter\\s+type="${type}"\\s+missed="(\\d+)"\\s+covered="(\\d+)"`);
+    const match = regex.exec(xml2);
+    if (!match) return 0;
+    const missed = parseInt(match[1] ?? "0", 10);
+    const covered = parseInt(match[2] ?? "0", 10);
+    const total = missed + covered;
+    return total > 0 ? Math.round(covered / total * 100) : 0;
+  }
+};
+function registerJavaAnalyzers(registry, projectPath) {
+  const complexityAnalyzer = new JavaComplexityAnalyzer(projectPath);
+  const securityAnalyzer = new JavaSecurityAnalyzer(projectPath);
+  const styleAnalyzer = new JavaStyleAnalyzer(projectPath);
+  const documentationAnalyzer = new JavaDocumentationAnalyzer(projectPath);
+  const coverageAnalyzer = new JavaCoverageAnalyzer(projectPath);
+  registry.register({
+    dimensionId: "complexity",
+    language: "java",
+    async analyze(input) {
+      const result = await complexityAnalyzer.analyze(input.files);
+      return { score: result.score, issues: [] };
+    }
+  });
+  registry.register({
+    dimensionId: "security",
+    language: "java",
+    async analyze(input) {
+      const contents = await Promise.all(
+        input.files.map(async (f) => ({
+          path: f,
+          content: await readFile(f, "utf-8").catch(() => "")
+        }))
+      );
+      const result = securityAnalyzer.analyzeContent(contents);
+      return {
+        score: result.score,
+        issues: result.vulnerabilities.map((v) => ({
+          dimension: "security",
+          severity: v.severity === "critical" ? "critical" : "major",
+          message: `[${v.type}] ${v.description}`,
+          file: v.file,
+          line: v.line,
+          suggestion: v.recommendation
+        }))
+      };
+    }
+  });
+  registry.register({
+    dimensionId: "style",
+    language: "java",
+    async analyze(input) {
+      const contents = await Promise.all(
+        input.files.map(async (f) => ({
+          path: f,
+          content: await readFile(f, "utf-8").catch(() => "")
+        }))
+      );
+      const result = styleAnalyzer.analyzeContent(contents);
+      return { score: result.score, issues: [] };
+    }
+  });
+  registry.register({
+    dimensionId: "documentation",
+    language: "java",
+    async analyze(input) {
+      const contents = await Promise.all(
+        input.files.map(async (f) => ({
+          path: f,
+          content: await readFile(f, "utf-8").catch(() => "")
+        }))
+      );
+      const result = documentationAnalyzer.analyzeContent(contents);
+      return { score: result.score, issues: [] };
+    }
+  });
+  registry.register({
+    dimensionId: "testCoverage",
+    language: "java",
+    async analyze() {
+      const result = await coverageAnalyzer.analyze();
+      return { score: result.score, issues: [] };
+    }
+  });
+}
+async function loadFiles(files) {
+  return Promise.all(
+    files.map(async (f) => ({
+      path: f,
+      content: await readFile(f, "utf-8").catch(() => "")
+    }))
+  );
+}
+async function findReactFiles(projectPath, pattern = "**/*.{tsx,jsx}") {
+  return glob(pattern, {
+    cwd: projectPath,
+    absolute: true,
+    ignore: ["**/node_modules/**", "**/*.test.*", "**/*.spec.*"]
+  });
+}
+var ReactComponentAnalyzer = class {
+  constructor(projectPath) {
+    this.projectPath = projectPath;
+  }
+  async analyze(files) {
+    const reactFiles = files ?? await findReactFiles(this.projectPath);
+    if (!reactFiles.length) return { score: 100, totalComponents: 0, issues: [] };
+    const fileContents = await loadFiles(reactFiles);
+    return this.analyzeContent(fileContents);
+  }
+  analyzeContent(files) {
+    if (!files.length) return { score: 100, totalComponents: 0, issues: [] };
+    const issues = [];
+    let totalComponents = 0;
+    for (const { path: filePath, content } of files) {
+      const lines = content.split("\n");
+      let inComponent = false;
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        const lineNum = i + 1;
+        if (/\bfunction\s+[A-Z]\w*\s*\(|const\s+[A-Z]\w*\s*=\s*(?:\([^)]*\)|[a-z]\w*)\s*=>/.test(line)) {
+          totalComponents++;
+          inComponent = true;
+        }
+        if (/\.map\s*\(/.test(line)) {
+          const block = lines.slice(i, i + 4).join("\n");
+          if (/<[a-zA-Z]/.test(block) && !/key\s*=/.test(block)) {
+            issues.push({
+              rule: "react/missing-key",
+              file: filePath,
+              line: lineNum,
+              message: "Missing 'key' prop in list rendering \u2014 elements need unique keys",
+              severity: "error"
+            });
+          }
+        }
+        const lowerFnMatch = /\bfunction\s+([a-z]\w*)\s*\([^)]*\)\s*\{/.exec(line);
+        if (lowerFnMatch && inComponent) {
+          const nextContent = lines.slice(i, i + 20).join("\n");
+          if (/<[A-Z]|return\s*\(/.test(nextContent)) {
+            issues.push({
+              rule: "react/component-naming",
+              file: filePath,
+              line: lineNum,
+              message: `Component '${lowerFnMatch[1]}' should use PascalCase naming`,
+              severity: "warning"
+            });
+          }
+        }
+        if (/\bfunction\s+[A-Z]\w*\s*\(\s*props\s*\)/.test(line)) {
+          issues.push({
+            rule: "react/prop-types",
+            file: filePath,
+            line: lineNum,
+            message: "Component props are not typed \u2014 use a TypeScript interface or destructure with types",
+            severity: "error"
+          });
+        }
+        if (/^\s*export\s+(?:default\s+)?function\s+[A-Z]\w*/.test(line)) {
+          let prevLineIdx = i - 1;
+          while (prevLineIdx >= 0 && (lines[prevLineIdx] ?? "").trim() === "") {
+            prevLineIdx--;
+          }
+          const prevLine = (lines[prevLineIdx] ?? "").trim();
+          if (!prevLine.endsWith("*/")) {
+            issues.push({
+              rule: "react/missing-jsdoc",
+              file: filePath,
+              line: lineNum,
+              message: "Exported component missing JSDoc comment",
+              severity: "warning"
+            });
+          }
+        }
+        if (/document\.getElementById|document\.querySelector|document\.createElement/.test(line)) {
+          issues.push({
+            rule: "react/no-direct-dom-manipulation",
+            file: filePath,
+            line: lineNum,
+            message: "Avoid direct DOM manipulation in React \u2014 use refs or state instead",
+            severity: "warning"
+          });
+        }
+        if (/dangerouslySetInnerHTML/.test(line) && !/sanitize|DOMPurify|xss/.test(line)) {
+          issues.push({
+            rule: "react/no-danger",
+            file: filePath,
+            line: lineNum,
+            message: "dangerouslySetInnerHTML can lead to XSS \u2014 ensure content is sanitized",
+            severity: "error"
+          });
+        }
+      }
+    }
+    const deduction = issues.reduce((s, i) => s + (i.severity === "error" ? 10 : 5), 0);
+    const score = Math.max(0, 100 - deduction);
+    return { score, totalComponents, issues };
+  }
+};
+var ReactA11yAnalyzer = class {
+  constructor(projectPath) {
+    this.projectPath = projectPath;
+  }
+  async analyze(files) {
+    const reactFiles = files ?? await findReactFiles(this.projectPath);
+    if (!reactFiles.length) return { score: 100, violations: [] };
+    const fileContents = await loadFiles(reactFiles);
+    return this.analyzeContent(fileContents);
+  }
+  analyzeContent(files) {
+    if (!files.length) return { score: 100, violations: [] };
+    const violations = [];
+    for (const { path: filePath, content } of files) {
+      violations.push(...this.checkFile(filePath, content));
+    }
+    const deduction = violations.reduce((s, v) => s + (v.severity === "error" ? 12 : 6), 0);
+    const score = Math.max(0, 100 - deduction);
+    return { score, violations };
+  }
+  checkFile(filePath, content) {
+    const violations = [];
+    const lines = content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i] ?? "";
+      const lineNum = i + 1;
+      if (/<img\b/.test(line)) {
+        const imgBlock = lines.slice(i, Math.min(i + 4, lines.length)).join("\n");
+        if (!/alt\s*=/.test(imgBlock)) {
+          violations.push({
+            rule: "jsx-a11y/alt-text",
+            file: filePath,
+            line: lineNum,
+            message: "<img> element missing 'alt' attribute",
+            severity: "error",
+            wcag: "WCAG 1.1.1"
+          });
+        }
+      }
+      if (/<a\b/.test(line)) {
+        const aBlock = lines.slice(i, Math.min(i + 4, lines.length)).join("\n");
+        if (!/href\s*=/.test(aBlock) && !/ role\s*=/.test(aBlock)) {
+          violations.push({
+            rule: "jsx-a11y/anchor-has-content",
+            file: filePath,
+            line: lineNum,
+            message: "<a> element missing href \u2014 use a <button> for non-navigation actions",
+            severity: "error",
+            wcag: "WCAG 2.1.1"
+          });
+        }
+      }
+      if (/<(?:div|span)\b[^>]*onClick[^>]*>/.test(line)) {
+        const hasKeyboardSupport = /onKey(?:Down|Up|Press)|role\s*=\s*["'](?:button|link|menuitem)|tabIndex/.test(line);
+        if (!hasKeyboardSupport) {
+          const context = lines.slice(Math.max(0, i - 1), i + 3).join(" ");
+          if (!/onKey(?:Down|Up|Press)|tabIndex/.test(context)) {
+            violations.push({
+              rule: "jsx-a11y/interactive-supports-focus",
+              file: filePath,
+              line: lineNum,
+              message: "Non-interactive element with onClick handler \u2014 add keyboard support (onKeyDown, tabIndex, role)",
+              severity: "warning",
+              wcag: "WCAG 2.1.1"
+            });
+          }
+        }
+      }
+      if (/<input\b[^>]*>/.test(line) && !/aria-label|aria-labelledby|id\s*=/.test(line)) {
+        violations.push({
+          rule: "jsx-a11y/label-association",
+          file: filePath,
+          line: lineNum,
+          message: "<input> missing label association (aria-label, aria-labelledby, or id for <label>)",
+          severity: "warning",
+          wcag: "WCAG 1.3.1"
+        });
+      }
+      if (/<video\b[^>]*autoPlay[^>]*>/.test(line) && !/controls/.test(line)) {
+        violations.push({
+          rule: "jsx-a11y/media-has-caption",
+          file: filePath,
+          line: lineNum,
+          message: "Autoplaying video without controls \u2014 add controls attribute",
+          severity: "warning",
+          wcag: "WCAG 1.2.2"
+        });
+      }
+    }
+    return violations;
+  }
+};
+var ReactHookAnalyzer = class {
+  constructor(projectPath) {
+    this.projectPath = projectPath;
+  }
+  async analyze(files) {
+    const reactFiles = files ?? await findReactFiles(this.projectPath, "**/*.{tsx,jsx,ts,js}");
+    if (!reactFiles.length) return { score: 100, violations: [] };
+    const fileContents = await loadFiles(reactFiles);
+    return this.analyzeContent(fileContents);
+  }
+  analyzeContent(files) {
+    if (!files.length) return { score: 100, violations: [] };
+    const violations = [];
+    for (const { path: filePath, content } of files) {
+      violations.push(...this.checkFile(filePath, content));
+    }
+    const deduction = violations.reduce((s, v) => s + (v.severity === "error" ? 15 : 7), 0);
+    const score = Math.max(0, 100 - deduction);
+    return { score, violations };
+  }
+  checkFile(filePath, content) {
+    const violations = [];
+    const lines = content.split("\n");
+    let conditionalDepth = 0;
+    let loopDepth = 0;
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i] ?? "";
+      const lineNum = i + 1;
+      const trimmed = line.trim();
+      const openBraces = (trimmed.match(/\{/g) ?? []).length;
+      const closeBraces = (trimmed.match(/\}/g) ?? []).length;
+      if (/^\s*(?:if\s*\(|else\s+if\s*\(|else\s*\{)/.test(line) && openBraces > closeBraces) {
+        conditionalDepth++;
+      }
+      if (/^\s*(?:for\s*\(|while\s*\()/.test(line) && openBraces > closeBraces) {
+        loopDepth++;
+      }
+      if (/\.forEach\s*\(/.test(line) && openBraces > closeBraces) {
+        loopDepth++;
+      }
+      if (/\buseEffect\s*\(/.test(line)) {
+        const block = lines.slice(i, i + 5).join("\n");
+        if (!/,\s*\[/.test(block)) {
+          violations.push({
+            rule: "react-hooks/exhaustive-deps",
+            file: filePath,
+            line: lineNum,
+            message: "useEffect without dependency array \u2014 runs on every render (possibly unintentional)",
+            severity: "warning"
+          });
+        }
+      }
+      if (conditionalDepth > 0 && /\buse[A-Z]\w*\s*\(/.test(line)) {
+        violations.push({
+          rule: "react-hooks/rules-of-hooks",
+          file: filePath,
+          line: lineNum,
+          message: "Hook called inside conditional \u2014 violates Rules of Hooks",
+          severity: "error"
+        });
+      }
+      if (loopDepth > 0 && /\buse[A-Z]\w*\s*\(/.test(line)) {
+        violations.push({
+          rule: "react-hooks/rules-of-hooks",
+          file: filePath,
+          line: lineNum,
+          message: "Hook called inside loop \u2014 violates Rules of Hooks",
+          severity: "error"
+        });
+      }
+      const netBraces = openBraces - closeBraces;
+      if (netBraces < 0) {
+        if (conditionalDepth > 0) conditionalDepth = Math.max(0, conditionalDepth + netBraces);
+        if (loopDepth > 0) loopDepth = Math.max(0, loopDepth + netBraces);
+      }
+    }
+    return violations;
+  }
+};
+function registerReactAnalyzers(registry, projectPath) {
+  const componentAnalyzer = new ReactComponentAnalyzer(projectPath);
+  const a11yAnalyzer = new ReactA11yAnalyzer(projectPath);
+  const hookAnalyzer = new ReactHookAnalyzer(projectPath);
+  for (const lang of ["react-typescript", "react-javascript"]) {
+    registry.register({
+      dimensionId: "style",
+      language: lang,
+      async analyze(input) {
+        const contents = await Promise.all(
+          input.files.map(async (f) => ({
+            path: f,
+            content: await readFile(f, "utf-8").catch(() => "")
+          }))
+        );
+        const result = componentAnalyzer.analyzeContent(contents);
+        return {
+          score: result.score,
+          issues: result.issues.map((i) => ({
+            dimension: "style",
+            severity: i.severity === "error" ? "major" : "minor",
+            message: i.message,
+            file: i.file,
+            line: i.line
+          }))
+        };
+      }
+    });
+    registry.register({
+      dimensionId: "robustness",
+      language: lang,
+      async analyze(input) {
+        const contents = await Promise.all(
+          input.files.map(async (f) => ({
+            path: f,
+            content: await readFile(f, "utf-8").catch(() => "")
+          }))
+        );
+        const result = a11yAnalyzer.analyzeContent(contents);
+        return {
+          score: result.score,
+          issues: result.violations.map((v) => ({
+            dimension: "robustness",
+            severity: v.severity === "error" ? "major" : "minor",
+            message: v.message,
+            file: v.file,
+            line: v.line
+          }))
+        };
+      }
+    });
+    registry.register({
+      dimensionId: "correctness",
+      language: lang,
+      async analyze(input) {
+        const contents = await Promise.all(
+          input.files.map(async (f) => ({
+            path: f,
+            content: await readFile(f, "utf-8").catch(() => "")
+          }))
+        );
+        const result = hookAnalyzer.analyzeContent(contents);
+        return {
+          score: result.score,
+          issues: result.violations.map((v) => ({
+            dimension: "correctness",
+            severity: v.severity === "error" ? "critical" : "minor",
+            message: v.message,
+            file: v.file,
+            line: v.line
+          }))
+        };
+      }
+    });
   }
-  traverse(ast);
-  return {
-    lineCount: 0,
-    // Will be set separately from content
-    functionCount,
-    importCount,
-    crossBoundaryImportCount
-  };
 }
-function isCrossBoundaryImport(node, _filePath) {
-  if (node.source.type !== "Literal" || typeof node.source.value !== "string") {
-    return false;
-  }
-  const importPath = node.source.value;
-  if (importPath.startsWith("node:")) {
-    return false;
-  }
-  if (!importPath.startsWith(".")) {
-    return false;
+var DimensionRegistry = class {
+  analyzers = [];
+  /**
+   * Register a dimension analyzer plugin.
+   * If an analyzer for the same (language, dimensionId) pair already exists,
+   * it is replaced — preventing order-dependent duplicate accumulation.
+   */
+  register(analyzer) {
+    const existing = this.analyzers.findIndex(
+      (a) => a.language === analyzer.language && a.dimensionId === analyzer.dimensionId
+    );
+    if (existing !== -1) {
+      this.analyzers[existing] = analyzer;
+    } else {
+      this.analyzers.push(analyzer);
+    }
   }
-  if (importPath.startsWith("../")) {
-    return true;
+  /**
+   * Get all analyzers applicable for a given language.
+   * Includes both language-specific analyzers and "all" analyzers.
+   *
+   * @param language - Target language
+   * @param dimensionId - Optional filter for a specific dimension
+   */
+  getAnalyzers(language, dimensionId) {
+    return this.analyzers.filter(
+      (a) => (a.language === language || a.language === "all") && (dimensionId === void 0 || a.dimensionId === dimensionId)
+    );
   }
-  if (importPath.startsWith("./")) {
-    const relativePath = importPath.slice(2);
-    return relativePath.includes("/");
+  /**
+   * Check if any analyzers are registered for a given language
+   * (includes "all" analyzers)
+   */
+  hasAnalyzers(language) {
+    return this.analyzers.some((a) => a.language === language || a.language === "all");
   }
-  return false;
-}
-function countLines(content) {
-  return content.split("\n").length;
-}
-var MaintainabilityAnalyzer = class {
-  constructor(projectPath) {
-    this.projectPath = projectPath;
+  /**
+   * Get all languages that have registered analyzers
+   * (excludes the "all" pseudo-language)
+   */
+  getSupportedLanguages() {
+    const languages = /* @__PURE__ */ new Set();
+    for (const a of this.analyzers) {
+      if (a.language !== "all") {
+        languages.add(a.language);
+      }
+    }
+    return Array.from(languages);
   }
   /**
-   * Analyze maintainability of project files
+   * Run all matching analyzers for the given input and return combined results.
+   * Analyzers run in parallel for performance.
    */
-  async analyze(files) {
-    const targetFiles = files ?? await this.findSourceFiles();
-    if (targetFiles.length === 0) {
+  async analyze(input) {
+    const matching = this.getAnalyzers(input.language);
+    if (!matching.length) return [];
+    const settled = await Promise.allSettled(
+      matching.map(
+        (analyzer) => analyzer.analyze(input).then((result) => ({ dimensionId: analyzer.dimensionId, result }))
+      )
+    );
+    return settled.filter((s) => {
+      if (s.status === "rejected") {
+        process.stderr.write(`[DimensionRegistry] Analyzer failed: ${String(s.reason)}
+`);
+      }
+      return s.status === "fulfilled";
+    }).map((s) => s.value);
+  }
+};
+function wrapAnalyzer(dimensionId, language, analyzerFn) {
+  return {
+    dimensionId,
+    language,
+    async analyze(input) {
+      const raw = await analyzerFn(input);
       return {
-        score: 100,
-        fileLengthScore: 100,
-        functionCountScore: 100,
-        dependencyCountScore: 100,
-        couplingScore: 100,
-        averageFileLength: 0,
-        averageFunctionsPerFile: 0,
-        averageImportsPerFile: 0,
-        fileCount: 0,
-        details: "No files to analyze"
+        score: raw.score,
+        issues: raw.issues ?? []
       };
     }
-    let totalLines = 0;
-    let totalFunctions = 0;
-    let totalImports = 0;
-    let totalCrossBoundaryImports = 0;
-    let filesAnalyzed = 0;
-    for (const file of targetFiles) {
-      try {
-        const content = await readFile(file, "utf-8");
-        const lineCount = countLines(content);
-        const ast = parse(content, {
-          loc: true,
-          range: true,
-          jsx: file.endsWith(".tsx") || file.endsWith(".jsx")
-        });
-        const result = analyzeMaintainabilityPatterns(ast, file);
-        totalLines += lineCount;
-        totalFunctions += result.functionCount;
-        totalImports += result.importCount;
-        totalCrossBoundaryImports += result.crossBoundaryImportCount;
-        filesAnalyzed++;
-      } catch {
-      }
-    }
-    const averageFileLength = filesAnalyzed > 0 ? totalLines / filesAnalyzed : 0;
-    const averageFunctionsPerFile = filesAnalyzed > 0 ? totalFunctions / filesAnalyzed : 0;
-    const averageImportsPerFile = filesAnalyzed > 0 ? totalImports / filesAnalyzed : 0;
-    const fileLengthScore = Math.max(0, Math.min(100, 100 - (averageFileLength - 200) * 0.33));
-    const functionCountScore = Math.max(0, Math.min(100, 100 - (averageFunctionsPerFile - 10) * 5));
-    const dependencyCountScore = Math.max(0, Math.min(100, 100 - (averageImportsPerFile - 5) * 5));
-    const crossBoundaryRatio = totalImports > 0 ? totalCrossBoundaryImports / totalImports : 0;
-    const couplingScore = Math.max(0, Math.min(100, 100 - crossBoundaryRatio * 100 * 0.5));
-    const score = Math.round(
-      fileLengthScore * 0.3 + functionCountScore * 0.25 + dependencyCountScore * 0.25 + couplingScore * 0.2
+  };
+}
+function createDefaultRegistry(projectPath) {
+  const registry = new DimensionRegistry();
+  const coverageAnalyzer = new CoverageAnalyzer(projectPath);
+  const securityScanner = new CompositeSecurityScanner(projectPath, false);
+  const complexityAnalyzer = new ComplexityAnalyzer(projectPath);
+  const duplicationAnalyzer = new DuplicationAnalyzer(projectPath);
+  const correctnessAnalyzer = new CorrectnessAnalyzer(projectPath);
+  const completenessAnalyzer = new CompletenessAnalyzer(projectPath);
+  const robustnessAnalyzer = new RobustnessAnalyzer(projectPath);
+  const testQualityAnalyzer = new TestQualityAnalyzer(projectPath);
+  const documentationAnalyzer = new DocumentationAnalyzer(projectPath);
+  const styleAnalyzer = new StyleAnalyzer(projectPath);
+  const readabilityAnalyzer = new ReadabilityAnalyzer(projectPath);
+  const maintainabilityAnalyzer = new MaintainabilityAnalyzer(projectPath);
+  const baseLangs = ["typescript", "javascript"];
+  const reactLangs = ["react-typescript", "react-javascript"];
+  for (const lang of baseLangs) {
+    registry.register(
+      wrapAnalyzer("correctness", lang, async () => {
+        const r = await correctnessAnalyzer.analyze();
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("completeness", lang, async (input) => {
+        const r = await completenessAnalyzer.analyze(input.files);
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("robustness", lang, async (input) => {
+        const r = await robustnessAnalyzer.analyze(input.files);
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("readability", lang, async (input) => {
+        const r = await readabilityAnalyzer.analyze(input.files);
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("maintainability", lang, async (input) => {
+        const r = await maintainabilityAnalyzer.analyze(input.files);
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("complexity", lang, async (input) => {
+        const r = await complexityAnalyzer.analyze(input.files);
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("duplication", lang, async (input) => {
+        const r = await duplicationAnalyzer.analyze(input.files);
+        return { score: Math.max(0, 100 - r.percentage) };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("testCoverage", lang, async () => {
+        const r = await coverageAnalyzer.analyze();
+        return { score: r?.lines.percentage ?? 0 };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("testQuality", lang, async () => {
+        const r = await testQualityAnalyzer.analyze();
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("security", lang, async (input) => {
+        const fileContents = await Promise.all(
+          input.files.map(async (f) => ({
+            path: f,
+            content: await readFile(f, "utf-8").catch(() => "")
+          }))
+        );
+        const r = await securityScanner.scan(fileContents);
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("documentation", lang, async (input) => {
+        const r = await documentationAnalyzer.analyze(input.files);
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("style", lang, async () => {
+        const r = await styleAnalyzer.analyze();
+        return { score: r.score };
+      })
     );
-    const details = [
-      `${Math.round(averageFileLength)} avg lines/file`,
-      `${averageFunctionsPerFile.toFixed(1)} avg functions/file`,
-      `${averageImportsPerFile.toFixed(1)} avg imports/file`,
-      `${Math.round(crossBoundaryRatio * 100)}% cross-boundary coupling`
-    ].join(", ");
-    return {
-      score,
-      fileLengthScore,
-      functionCountScore,
-      dependencyCountScore,
-      couplingScore,
-      averageFileLength,
-      averageFunctionsPerFile,
-      averageImportsPerFile,
-      fileCount: filesAnalyzed,
-      details
-    };
   }
-  async findSourceFiles() {
-    return glob("**/*.{ts,js,tsx,jsx}", {
-      cwd: this.projectPath,
-      absolute: true,
-      ignore: ["**/node_modules/**", "**/*.test.*", "**/*.spec.*", "**/dist/**", "**/build/**"]
-    });
+  for (const lang of reactLangs) {
+    registry.register(
+      wrapAnalyzer("completeness", lang, async (input) => {
+        const r = await completenessAnalyzer.analyze(input.files);
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("readability", lang, async (input) => {
+        const r = await readabilityAnalyzer.analyze(input.files);
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("maintainability", lang, async (input) => {
+        const r = await maintainabilityAnalyzer.analyze(input.files);
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("complexity", lang, async (input) => {
+        const r = await complexityAnalyzer.analyze(input.files);
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("duplication", lang, async (input) => {
+        const r = await duplicationAnalyzer.analyze(input.files);
+        return { score: Math.max(0, 100 - r.percentage) };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("testCoverage", lang, async () => {
+        const r = await coverageAnalyzer.analyze();
+        return { score: r?.lines.percentage ?? 0 };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("testQuality", lang, async () => {
+        const r = await testQualityAnalyzer.analyze();
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("security", lang, async (input) => {
+        const fileContents = await Promise.all(
+          input.files.map(async (f) => ({
+            path: f,
+            content: await readFile(f, "utf-8").catch(() => "")
+          }))
+        );
+        const r = await securityScanner.scan(fileContents);
+        return { score: r.score };
+      })
+    );
+    registry.register(
+      wrapAnalyzer("documentation", lang, async (input) => {
+        const r = await documentationAnalyzer.analyze(input.files);
+        return { score: r.score };
+      })
+    );
   }
-};
+  return registry;
+}
+
+// src/quality/evaluator.ts
 var QualityEvaluator = class {
-  constructor(projectPath, useSnyk = false) {
+  constructor(projectPath, useSnyk = false, registry) {
     this.projectPath = projectPath;
+    this.registry = registry;
     this.coverageAnalyzer = new CoverageAnalyzer(projectPath);
     this.securityScanner = new CompositeSecurityScanner(projectPath, useSnyk);
     this.complexityAnalyzer = new ComplexityAnalyzer(projectPath);
@@ -6145,7 +7587,7 @@ var QualityEvaluator = class {
     const fileContents = await Promise.all(
       targetFiles.map(async (file) => ({
         path: file,
-        content: await readFile(file, "utf-8")
+        content: await readFile(file, "utf-8").catch(() => "")
       }))
     );
     const [
@@ -6189,8 +7631,27 @@ var QualityEvaluator = class {
       testQuality: testQualityResult.score,
       documentation: documentationResult.score
     };
+    if (this.registry) {
+      const { language } = detectProjectLanguage(targetFiles);
+      const registryResults = await this.registry.analyze({
+        projectPath: this.projectPath,
+        files: targetFiles,
+        language
+      });
+      for (const { dimensionId, result } of registryResults) {
+        if (dimensionId in dimensions) {
+          dimensions[dimensionId] = result.score;
+        }
+      }
+    }
+    let projectConfig = null;
+    try {
+      projectConfig = await loadProjectConfig(this.projectPath);
+    } catch {
+    }
+    const weights = resolvedWeights(projectConfig);
     const overall = Object.entries(dimensions).reduce((sum, [key, value]) => {
-      const weight = DEFAULT_QUALITY_WEIGHTS[key] ?? 0;
+      const weight = weights[key] ?? 0;
       return sum + value * weight;
     }, 0);
     const scores = {
@@ -6208,13 +7669,15 @@ var QualityEvaluator = class {
       documentationResult
     );
     const suggestions = this.generateSuggestions(dimensions);
-    const meetsMinimum = scores.overall >= DEFAULT_QUALITY_THRESHOLDS.minimum.overall && dimensions.testCoverage >= DEFAULT_QUALITY_THRESHOLDS.minimum.testCoverage && dimensions.security >= DEFAULT_QUALITY_THRESHOLDS.minimum.security;
-    const meetsTarget = scores.overall >= DEFAULT_QUALITY_THRESHOLDS.target.overall && dimensions.testCoverage >= DEFAULT_QUALITY_THRESHOLDS.target.testCoverage;
+    const thresholds = resolvedThresholds(projectConfig);
+    const meetsMinimum = scores.overall >= thresholds.minimum.overall && dimensions.testCoverage >= thresholds.minimum.testCoverage && dimensions.security >= thresholds.minimum.security;
+    const meetsTarget = scores.overall >= thresholds.target.overall && dimensions.testCoverage >= thresholds.target.testCoverage;
+    const converged = scores.overall >= thresholds.target.overall;
     return {
       scores,
       meetsMinimum,
       meetsTarget,
-      converged: false,
+      converged,
       issues,
       suggestions
     };
@@ -6363,8 +7826,11 @@ var QualityEvaluator = class {
     });
   }
 };
-function createQualityEvaluator(projectPath, useSnyk) {
-  return new QualityEvaluator(projectPath, useSnyk);
+function createQualityEvaluatorWithRegistry(projectPath, useSnyk) {
+  const registry = createDefaultRegistry(projectPath);
+  registerJavaAnalyzers(registry, projectPath);
+  registerReactAnalyzers(registry, projectPath);
+  return new QualityEvaluator(projectPath, useSnyk ?? false, registry);
 }
 
 // src/phases/complete/prompts.ts
@@ -6674,7 +8140,7 @@ function setupFileLogging(logger, logDir, name) {
   if (!fs4__default.existsSync(logDir)) {
     fs4__default.mkdirSync(logDir, { recursive: true });
   }
-  const logFile = path14__default.join(logDir, `${name}.log`);
+  const logFile = path15__default.join(logDir, `${name}.log`);
   logger.attachTransport((logObj) => {
     const line = JSON.stringify(logObj) + "\n";
     fs4__default.appendFileSync(logFile, line);
@@ -8057,13 +9523,13 @@ var CompleteExecutor = class {
    */
   async checkpoint(context) {
     if (this.checkpointState && this.currentSprint) {
-      const checkpointPath = path14__default.join(
+      const checkpointPath = path15__default.join(
         context.projectPath,
         ".coco",
         "checkpoints",
         `complete-${this.currentSprint.id}.json`
       );
-      await fs14__default.mkdir(path14__default.dirname(checkpointPath), { recursive: true });
+      await fs14__default.mkdir(path15__default.dirname(checkpointPath), { recursive: true });
       await fs14__default.writeFile(checkpointPath, JSON.stringify(this.checkpointState, null, 2), "utf-8");
     }
     return {
@@ -8084,7 +9550,7 @@ var CompleteExecutor = class {
     const sprintId = checkpoint.resumePoint;
     if (sprintId === "start") return;
     try {
-      const checkpointPath = path14__default.join(
+      const checkpointPath = path15__default.join(
         context.projectPath,
         ".coco",
         "checkpoints",
@@ -8337,8 +9803,8 @@ var CompleteExecutor = class {
     };
     const saveFiles = async (files) => {
       for (const file of files) {
-        const filePath = path14__default.join(context.projectPath, file.path);
-        const dir = path14__default.dirname(filePath);
+        const filePath = path15__default.join(context.projectPath, file.path);
+        const dir = path15__default.dirname(filePath);
         await fs14__default.mkdir(dir, { recursive: true });
         if (file.action === "delete") {
           await fs14__default.unlink(filePath).catch(() => {
@@ -8470,7 +9936,7 @@ var CompleteExecutor = class {
    */
   async loadBacklog(projectPath) {
     try {
-      const backlogPath = path14__default.join(projectPath, ".coco", "planning", "backlog.json");
+      const backlogPath = path15__default.join(projectPath, ".coco", "planning", "backlog.json");
       const content = await fs14__default.readFile(backlogPath, "utf-8");
       const data = JSON.parse(content);
       return data.backlog;
@@ -8483,11 +9949,11 @@ var CompleteExecutor = class {
    */
   async loadCurrentSprint(projectPath) {
     try {
-      const sprintsDir = path14__default.join(projectPath, ".coco", "planning", "sprints");
+      const sprintsDir = path15__default.join(projectPath, ".coco", "planning", "sprints");
       const files = await fs14__default.readdir(sprintsDir);
       const jsonFiles = files.filter((f) => f.endsWith(".json"));
       if (jsonFiles.length === 0) return null;
-      const sprintPath = path14__default.join(sprintsDir, jsonFiles[0] || "");
+      const sprintPath = path15__default.join(sprintsDir, jsonFiles[0] || "");
       const content = await fs14__default.readFile(sprintPath, "utf-8");
       const sprint = JSON.parse(content);
       sprint.startDate = new Date(sprint.startDate);
@@ -8500,11 +9966,11 @@ var CompleteExecutor = class {
    * Save sprint results
    */
   async saveSprintResults(projectPath, result) {
-    const resultsDir = path14__default.join(projectPath, ".coco", "results");
+    const resultsDir = path15__default.join(projectPath, ".coco", "results");
     await fs14__default.mkdir(resultsDir, { recursive: true });
-    const resultsPath = path14__default.join(resultsDir, `${result.sprintId}-results.json`);
+    const resultsPath = path15__default.join(resultsDir, `${result.sprintId}-results.json`);
     await fs14__default.writeFile(resultsPath, JSON.stringify(result, null, 2), "utf-8");
-    const mdPath = path14__default.join(resultsDir, `${result.sprintId}-results.md`);
+    const mdPath = path15__default.join(resultsDir, `${result.sprintId}-results.md`);
     await fs14__default.writeFile(mdPath, this.generateResultsMarkdown(result), "utf-8");
     return resultsPath;
   }
@@ -9729,8 +11195,8 @@ var OutputExecutor = class {
       const cicdGenerator = new CICDGenerator(metadata, cicdConfig);
       const cicdFiles = cicdGenerator.generate();
       for (const file of cicdFiles) {
-        const filePath = path14__default.join(context.projectPath, file.path);
-        await this.ensureDir(path14__default.dirname(filePath));
+        const filePath = path15__default.join(context.projectPath, file.path);
+        await this.ensureDir(path15__default.dirname(filePath));
         await fs14__default.writeFile(filePath, file.content, "utf-8");
         artifacts.push({
           type: "cicd",
@@ -9741,7 +11207,7 @@ var OutputExecutor = class {
       if (this.config.docker.enabled) {
         const dockerGenerator = new DockerGenerator(metadata);
         const dockerfile2 = dockerGenerator.generateDockerfile();
-        const dockerfilePath = path14__default.join(context.projectPath, "Dockerfile");
+        const dockerfilePath = path15__default.join(context.projectPath, "Dockerfile");
         await fs14__default.writeFile(dockerfilePath, dockerfile2, "utf-8");
         artifacts.push({
           type: "deployment",
@@ -9749,7 +11215,7 @@ var OutputExecutor = class {
           description: "Dockerfile"
         });
         const dockerignore = dockerGenerator.generateDockerignore();
-        const dockerignorePath = path14__default.join(context.projectPath, ".dockerignore");
+        const dockerignorePath = path15__default.join(context.projectPath, ".dockerignore");
         await fs14__default.writeFile(dockerignorePath, dockerignore, "utf-8");
         artifacts.push({
           type: "deployment",
@@ -9758,7 +11224,7 @@ var OutputExecutor = class {
         });
         if (this.config.docker.compose) {
           const compose = dockerGenerator.generateDockerCompose();
-          const composePath = path14__default.join(context.projectPath, "docker-compose.yml");
+          const composePath = path15__default.join(context.projectPath, "docker-compose.yml");
           await fs14__default.writeFile(composePath, compose, "utf-8");
           artifacts.push({
             type: "deployment",
@@ -9770,7 +11236,7 @@ var OutputExecutor = class {
       const docsGenerator = new DocsGenerator(metadata);
       const docs = docsGenerator.generate();
       if (this.config.docs.readme) {
-        const readmePath = path14__default.join(context.projectPath, "README.md");
+        const readmePath = path15__default.join(context.projectPath, "README.md");
         await fs14__default.writeFile(readmePath, docs.readme, "utf-8");
         artifacts.push({
           type: "documentation",
@@ -9779,7 +11245,7 @@ var OutputExecutor = class {
         });
       }
       if (this.config.docs.contributing) {
-        const contributingPath = path14__default.join(context.projectPath, "CONTRIBUTING.md");
+        const contributingPath = path15__default.join(context.projectPath, "CONTRIBUTING.md");
         await fs14__default.writeFile(contributingPath, docs.contributing, "utf-8");
         artifacts.push({
           type: "documentation",
@@ -9788,7 +11254,7 @@ var OutputExecutor = class {
         });
       }
       if (this.config.docs.changelog) {
-        const changelogPath = path14__default.join(context.projectPath, "CHANGELOG.md");
+        const changelogPath = path15__default.join(context.projectPath, "CHANGELOG.md");
         await fs14__default.writeFile(changelogPath, docs.changelog, "utf-8");
         artifacts.push({
           type: "documentation",
@@ -9797,10 +11263,10 @@ var OutputExecutor = class {
         });
       }
       if (this.config.docs.api) {
-        const docsDir = path14__default.join(context.projectPath, "docs");
+        const docsDir = path15__default.join(context.projectPath, "docs");
         await this.ensureDir(docsDir);
         if (docs.api) {
-          const apiPath = path14__default.join(docsDir, "api.md");
+          const apiPath = path15__default.join(docsDir, "api.md");
           await fs14__default.writeFile(apiPath, docs.api, "utf-8");
           artifacts.push({
             type: "documentation",
@@ -9809,7 +11275,7 @@ var OutputExecutor = class {
           });
         }
         if (docs.deployment) {
-          const deployPath = path14__default.join(docsDir, "deployment.md");
+          const deployPath = path15__default.join(docsDir, "deployment.md");
           await fs14__default.writeFile(deployPath, docs.deployment, "utf-8");
           artifacts.push({
             type: "documentation",
@@ -9818,7 +11284,7 @@ var OutputExecutor = class {
           });
         }
         if (docs.development) {
-          const devPath = path14__default.join(docsDir, "development.md");
+          const devPath = path15__default.join(docsDir, "development.md");
           await fs14__default.writeFile(devPath, docs.development, "utf-8");
           artifacts.push({
             type: "documentation",
@@ -9884,16 +11350,16 @@ var OutputExecutor = class {
    */
   async loadMetadata(projectPath) {
     try {
-      const packagePath = path14__default.join(projectPath, "package.json");
+      const packagePath = path15__default.join(projectPath, "package.json");
       const content = await fs14__default.readFile(packagePath, "utf-8");
       const pkg = JSON.parse(content);
       let packageManager = "npm";
       try {
-        await fs14__default.access(path14__default.join(projectPath, "pnpm-lock.yaml"));
+        await fs14__default.access(path15__default.join(projectPath, "pnpm-lock.yaml"));
         packageManager = "pnpm";
       } catch {
         try {
-          await fs14__default.access(path14__default.join(projectPath, "yarn.lock"));
+          await fs14__default.access(path15__default.join(projectPath, "yarn.lock"));
           packageManager = "yarn";
         } catch {
         }
@@ -9905,7 +11371,7 @@ var OutputExecutor = class {
         repository = pkg.repository.url;
       }
       return {
-        name: pkg.name || path14__default.basename(projectPath),
+        name: pkg.name || path15__default.basename(projectPath),
         description: pkg.description || "",
         version: pkg.version || "0.1.0",
         language: "typescript",
@@ -9919,7 +11385,7 @@ var OutputExecutor = class {
       };
     } catch {
       return {
-        name: path14__default.basename(projectPath),
+        name: path15__default.basename(projectPath),
         description: "",
         version: "0.1.0",
         language: "typescript",
@@ -9951,7 +11417,7 @@ var DEFAULT_RETRY_CONFIG = {
   jitterFactor: 0.1
 };
 function sleep(ms) {
-  return new Promise((resolve2) => setTimeout(resolve2, ms));
+  return new Promise((resolve3) => setTimeout(resolve3, ms));
 }
 function calculateDelay(baseDelay, jitterFactor, maxDelay) {
   const jitter = baseDelay * jitterFactor * (Math.random() * 2 - 1);
@@ -10054,7 +11520,7 @@ var AnthropicProvider = class {
           model: options?.model ?? this.config.model ?? DEFAULT_MODEL,
           max_tokens: options?.maxTokens ?? this.config.maxTokens ?? 8192,
           temperature: options?.temperature ?? this.config.temperature ?? 0,
-          system: options?.system,
+          system: this.extractSystem(messages, options?.system),
           messages: this.convertMessages(messages),
           stop_sequences: options?.stopSequences
         });
@@ -10084,7 +11550,7 @@ var AnthropicProvider = class {
           model: options?.model ?? this.config.model ?? DEFAULT_MODEL,
           max_tokens: options?.maxTokens ?? this.config.maxTokens ?? 8192,
           temperature: options?.temperature ?? this.config.temperature ?? 0,
-          system: options?.system,
+          system: this.extractSystem(messages, options?.system),
           messages: this.convertMessages(messages),
           tools: this.convertTools(options.tools),
           tool_choice: options.toolChoice ? this.convertToolChoice(options.toolChoice) : void 0
@@ -10116,7 +11582,7 @@ var AnthropicProvider = class {
         model: options?.model ?? this.config.model ?? DEFAULT_MODEL,
         max_tokens: options?.maxTokens ?? this.config.maxTokens ?? 8192,
         temperature: options?.temperature ?? this.config.temperature ?? 0,
-        system: options?.system,
+        system: this.extractSystem(messages, options?.system),
         messages: this.convertMessages(messages)
       });
       for await (const event of stream) {
@@ -10142,7 +11608,7 @@ var AnthropicProvider = class {
         model: options?.model ?? this.config.model ?? DEFAULT_MODEL,
         max_tokens: options?.maxTokens ?? this.config.maxTokens ?? 8192,
         temperature: options?.temperature ?? this.config.temperature ?? 0,
-        system: options?.system,
+        system: this.extractSystem(messages, options?.system),
         messages: this.convertMessages(messages),
         tools: this.convertTools(options.tools),
         tool_choice: options.toolChoice ? this.convertToolChoice(options.toolChoice) : void 0
@@ -10265,6 +11731,22 @@ var AnthropicProvider = class {
       });
     }
   }
+  /**
+   * Extract system prompt from messages array or options.
+   *
+   * The agent-loop passes the system message as the first element of the
+   * messages array (role: "system"). convertMessages() strips it out because
+   * Anthropic requires it as a top-level parameter — but all callers forgot
+   * to also pass it via options.system. This helper bridges that gap.
+   */
+  extractSystem(messages, optionsSystem) {
+    if (optionsSystem !== void 0) return optionsSystem;
+    const systemMsg = messages.find((m) => m.role === "system");
+    if (!systemMsg) return void 0;
+    if (typeof systemMsg.content === "string") return systemMsg.content;
+    const text = systemMsg.content.filter((b) => b.type === "text").map((b) => b.text).join("");
+    return text || void 0;
+  }
   /**
    * Convert messages to Anthropic format
    */
@@ -10425,6 +11907,7 @@ var CONTEXT_WINDOWS2 = {
   "kimi-k2.5": 262144,
   "kimi-k2-0324": 131072,
   "kimi-latest": 131072,
+  "kimi-for-coding": 131072,
   "moonshot-v1-8k": 8e3,
   "moonshot-v1-32k": 32e3,
   "moonshot-v1-128k": 128e3,
@@ -10454,7 +11937,32 @@ var CONTEXT_WINDOWS2 = {
   // Mistral models
   "mistral-7b": 32768,
   "mistral-nemo": 128e3,
-  "mixtral-8x7b": 32768
+  "mixtral-8x7b": 32768,
+  // Mistral AI API models
+  "codestral-latest": 32768,
+  "mistral-large-latest": 131072,
+  "mistral-small-latest": 131072,
+  "open-mixtral-8x22b": 65536,
+  // Groq-hosted models (same models, fast inference)
+  "llama-3.3-70b-versatile": 128e3,
+  "llama-3.1-8b-instant": 128e3,
+  "mixtral-8x7b-32768": 32768,
+  "gemma2-9b-it": 8192,
+  // DeepSeek API models
+  "deepseek-chat": 65536,
+  "deepseek-reasoner": 65536,
+  // Together AI model IDs
+  "Qwen/Qwen2.5-Coder-32B-Instruct": 32768,
+  "meta-llama/Meta-Llama-3.1-70B-Instruct": 128e3,
+  "mistralai/Mixtral-8x7B-Instruct-v0.1": 32768,
+  // HuggingFace model IDs
+  "meta-llama/Llama-3.3-70B-Instruct": 128e3,
+  "microsoft/Phi-4": 16384,
+  // OpenRouter model IDs
+  "anthropic/claude-opus-4-6": 2e5,
+  "openai/gpt-5.3-codex": 4e5,
+  "google/gemini-3-flash-preview": 1e6,
+  "meta-llama/llama-3.3-70b-instruct": 128e3
 };
 var MODELS_WITHOUT_TEMPERATURE = [
   "o1",
@@ -10476,7 +11984,12 @@ var LOCAL_MODEL_PATTERNS = [
   "gemma",
   "starcoder"
 ];
-var MODELS_WITH_THINKING_MODE = ["kimi-k2.5", "kimi-k2-0324", "kimi-latest"];
+var MODELS_WITH_THINKING_MODE = [
+  "kimi-k2.5",
+  "kimi-k2-0324",
+  "kimi-latest",
+  "kimi-for-coding"
+];
 var OpenAIProvider = class {
   id;
   name;
@@ -10741,7 +12254,7 @@ var OpenAIProvider = class {
                 input = JSON.parse(repaired);
                 console.log(`[${this.name}] \u2713 Successfully repaired JSON for ${builder.name}`);
               }
-            } catch (repairError) {
+            } catch {
               console.error(
                 `[${this.name}] Cannot repair JSON for ${builder.name}, using empty object`
               );
@@ -11095,6 +12608,20 @@ function createKimiProvider(config) {
   }
   return provider;
 }
+function createKimiCodeProvider(config) {
+  const provider = new OpenAIProvider("kimi-code", "Kimi Code");
+  const kimiCodeConfig = {
+    ...config,
+    baseUrl: config?.baseUrl ?? process.env["KIMI_CODE_BASE_URL"] ?? "https://api.kimi.com/coding/v1",
+    apiKey: config?.apiKey ?? process.env["KIMI_CODE_API_KEY"],
+    model: config?.model ?? "kimi-for-coding"
+  };
+  if (kimiCodeConfig.apiKey) {
+    provider.initialize(kimiCodeConfig).catch(() => {
+    });
+  }
+  return provider;
+}
 var OAUTH_CONFIGS = {
   /**
    * OpenAI OAuth (ChatGPT Plus/Pro subscriptions)
@@ -11148,11 +12675,11 @@ async function refreshAccessToken(provider, refreshToken) {
 }
 function getTokenStoragePath(provider) {
   const home = process.env.HOME || process.env.USERPROFILE || "";
-  return path14.join(home, ".coco", "tokens", `${provider}.json`);
+  return path15.join(home, ".coco", "tokens", `${provider}.json`);
 }
 async function saveTokens(provider, tokens) {
   const filePath = getTokenStoragePath(provider);
-  const dir = path14.dirname(filePath);
+  const dir = path15.dirname(filePath);
   await fs14.mkdir(dir, { recursive: true, mode: 448 });
   await fs14.writeFile(filePath, JSON.stringify(tokens, null, 2), { mode: 384 });
 }
@@ -11197,6 +12724,17 @@ async function getValidAccessToken(provider) {
   }
   return { accessToken: tokens.accessToken, isNew: false };
 }
+function detectWSL() {
+  if (process.env.WSL_DISTRO_NAME || process.env.WSLENV) return true;
+  try {
+    return /microsoft/i.test(readFileSync("/proc/version", "utf-8"));
+  } catch {
+    return false;
+  }
+}
+var isWSL = detectWSL();
+
+// src/auth/flow.ts
 promisify(execFile);
 var execAsync2 = promisify(exec);
 async function getADCAccessToken() {
@@ -11492,7 +13030,7 @@ var CodexProvider = class {
         const chunk = content.slice(i, i + chunkSize);
         yield { type: "text", text: chunk };
         if (i + chunkSize < content.length) {
-          await new Promise((resolve2) => setTimeout(resolve2, 5));
+          await new Promise((resolve3) => setTimeout(resolve3, 5));
         }
       }
     }
@@ -11587,7 +13125,7 @@ var GeminiProvider = class {
           temperature: options?.temperature ?? this.config.temperature ?? 0,
           stopSequences: options?.stopSequences
         },
-        systemInstruction: options?.system
+        systemInstruction: this.extractSystem(messages, options?.system)
       });
       const { history, lastMessage } = this.convertMessages(messages);
       const chat = model.startChat({ history });
@@ -11615,7 +13153,7 @@ var GeminiProvider = class {
           maxOutputTokens: options?.maxTokens ?? this.config.maxTokens ?? 8192,
           temperature: options?.temperature ?? this.config.temperature ?? 0
         },
-        systemInstruction: options?.system,
+        systemInstruction: this.extractSystem(messages, options?.system),
         tools,
         toolConfig: {
           functionCallingConfig: {
@@ -11644,7 +13182,7 @@ var GeminiProvider = class {
           maxOutputTokens: options?.maxTokens ?? this.config.maxTokens ?? 8192,
           temperature: options?.temperature ?? this.config.temperature ?? 0
         },
-        systemInstruction: options?.system
+        systemInstruction: this.extractSystem(messages, options?.system)
       });
       const { history, lastMessage } = this.convertMessages(messages);
       const chat = model.startChat({ history });
@@ -11678,7 +13216,7 @@ var GeminiProvider = class {
           maxOutputTokens: options?.maxTokens ?? this.config.maxTokens ?? 8192,
           temperature: options?.temperature ?? this.config.temperature ?? 0
         },
-        systemInstruction: options?.system,
+        systemInstruction: this.extractSystem(messages, options?.system),
         tools,
         toolConfig: {
           functionCallingConfig: {
@@ -11779,6 +13317,21 @@ var GeminiProvider = class {
       });
     }
   }
+  /**
+   * Extract system prompt from messages array or options.
+   *
+   * convertMessages() skips system-role messages ("handled via systemInstruction"),
+   * but all callers forgot to also pass it via options.system. This helper bridges
+   * that gap — mirrors the same fix applied to AnthropicProvider.
+   */
+  extractSystem(messages, optionsSystem) {
+    if (optionsSystem !== void 0) return optionsSystem;
+    const systemMsg = messages.find((m) => m.role === "system");
+    if (!systemMsg) return void 0;
+    if (typeof systemMsg.content === "string") return systemMsg.content;
+    const text = systemMsg.content.filter((b) => b.type === "text").map((b) => b.text).join("");
+    return text || void 0;
+  }
   /**
    * Convert messages to Gemini format
    */
@@ -11977,6 +13530,10 @@ async function createProvider(type, config = {}) {
       provider = createKimiProvider(mergedConfig);
       await provider.initialize(mergedConfig);
       return provider;
+    case "kimi-code":
+      provider = createKimiCodeProvider(mergedConfig);
+      await provider.initialize(mergedConfig);
+      return provider;
     case "lmstudio":
       provider = new OpenAIProvider("lmstudio", "LM Studio");
       mergedConfig.baseUrl = mergedConfig.baseUrl ?? "http://localhost:1234/v1";
@@ -11987,6 +13544,30 @@ async function createProvider(type, config = {}) {
       mergedConfig.baseUrl = mergedConfig.baseUrl ?? "http://localhost:11434/v1";
       mergedConfig.apiKey = mergedConfig.apiKey ?? "ollama";
       break;
+    case "groq":
+      provider = new OpenAIProvider("groq", "Groq");
+      mergedConfig.baseUrl = mergedConfig.baseUrl ?? "https://api.groq.com/openai/v1";
+      break;
+    case "openrouter":
+      provider = new OpenAIProvider("openrouter", "OpenRouter");
+      mergedConfig.baseUrl = mergedConfig.baseUrl ?? "https://openrouter.ai/api/v1";
+      break;
+    case "mistral":
+      provider = new OpenAIProvider("mistral", "Mistral AI");
+      mergedConfig.baseUrl = mergedConfig.baseUrl ?? "https://api.mistral.ai/v1";
+      break;
+    case "deepseek":
+      provider = new OpenAIProvider("deepseek", "DeepSeek");
+      mergedConfig.baseUrl = mergedConfig.baseUrl ?? "https://api.deepseek.com/v1";
+      break;
+    case "together":
+      provider = new OpenAIProvider("together", "Together AI");
+      mergedConfig.baseUrl = mergedConfig.baseUrl ?? "https://api.together.xyz/v1";
+      break;
+    case "huggingface":
+      provider = new OpenAIProvider("huggingface", "HuggingFace Inference");
+      mergedConfig.baseUrl = mergedConfig.baseUrl ?? "https://api-inference.huggingface.co/v1";
+      break;
     default:
       throw new ProviderError(`Unknown provider type: ${type}`, {
         provider: type
@@ -12185,28 +13766,28 @@ async function createPhaseContext(config, state) {
   };
   const tools = {
     file: {
-      async read(path37) {
+      async read(path38) {
         const fs36 = await import('fs/promises');
-        return fs36.readFile(path37, "utf-8");
+        return fs36.readFile(path38, "utf-8");
       },
-      async write(path37, content) {
+      async write(path38, content) {
         const fs36 = await import('fs/promises');
         const nodePath = await import('path');
-        await fs36.mkdir(nodePath.dirname(path37), { recursive: true });
-        await fs36.writeFile(path37, content, "utf-8");
+        await fs36.mkdir(nodePath.dirname(path38), { recursive: true });
+        await fs36.writeFile(path38, content, "utf-8");
       },
-      async exists(path37) {
+      async exists(path38) {
         const fs36 = await import('fs/promises');
         try {
-          await fs36.access(path37);
+          await fs36.access(path38);
           return true;
         } catch {
           return false;
         }
       },
       async glob(pattern) {
-        const { glob: glob15 } = await import('glob');
-        return glob15(pattern, { cwd: state.path });
+        const { glob: glob17 } = await import('glob');
+        return glob17(pattern, { cwd: state.path });
       }
     },
     bash: {
@@ -12478,7 +14059,22 @@ function generateId() {
   return `proj_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 9)}`;
 }
 var ProviderConfigSchema = z.object({
-  type: z.enum(["anthropic", "openai", "gemini", "kimi", "lmstudio", "ollama"]).default("anthropic"),
+  type: z.enum([
+    "anthropic",
+    "openai",
+    "codex",
+    "gemini",
+    "kimi",
+    "kimi-code",
+    "lmstudio",
+    "ollama",
+    "groq",
+    "openrouter",
+    "mistral",
+    "deepseek",
+    "together",
+    "huggingface"
+  ]).default("anthropic"),
   apiKey: z.string().optional(),
   model: z.string().default("claude-sonnet-4-20250514"),
   maxTokens: z.number().min(1).max(2e5).default(8192),
@@ -12509,7 +14105,7 @@ var StackConfigSchema = z.object({
   profile: z.string().optional()
   // Custom profile path
 });
-var ProjectConfigSchema = z.object({
+var ProjectConfigSchema2 = z.object({
   name: z.string().min(1),
   version: z.string().default("0.1.0"),
   description: z.string().optional()
@@ -12582,8 +14178,22 @@ var ShipConfigSchema = z.object({
   /** CI check poll interval in ms (default 15 seconds) */
   ciCheckPollMs: z.number().default(15e3)
 });
+var SkillsConfigSchema = z.object({
+  /** Enable/disable skills system */
+  enabled: z.boolean().default(true),
+  /** Override global skills directory */
+  globalDir: z.string().optional(),
+  /** Override project skills directory */
+  projectDir: z.string().optional(),
+  /** Auto-activate skills based on user messages */
+  autoActivate: z.boolean().default(true),
+  /** Maximum concurrent active markdown skills */
+  maxActiveSkills: z.number().min(1).max(10).default(3),
+  /** List of skill IDs to disable */
+  disabled: z.array(z.string()).default([])
+});
 var CocoConfigSchema = z.object({
-  project: ProjectConfigSchema,
+  project: ProjectConfigSchema2,
   provider: ProviderConfigSchema.default({
     type: "anthropic",
     model: "claude-sonnet-4-20250514",
@@ -12609,7 +14219,8 @@ var CocoConfigSchema = z.object({
   integrations: IntegrationsConfigSchema.optional(),
   mcp: MCPConfigSchema.optional(),
   tools: ToolsConfigSchema.optional(),
-  ship: ShipConfigSchema.optional()
+  ship: ShipConfigSchema.optional(),
+  skills: SkillsConfigSchema.optional()
 });
 function createDefaultConfigObject(projectName, language = "typescript") {
   return {
@@ -12652,7 +14263,7 @@ async function loadConfig(configPath) {
   if (globalConfig) {
     config = deepMergeConfig(config, globalConfig);
   }
-  const projectConfigPath = configPath || getProjectConfigPath();
+  const projectConfigPath = configPath || getProjectConfigPath2();
   const projectConfig = await loadConfigFile(projectConfigPath);
   if (projectConfig) {
     config = deepMergeConfig(config, projectConfig);
@@ -12717,8 +14328,8 @@ function deepMergeConfig(base, override) {
     ...base.tools || override.tools ? { tools: { ...base.tools, ...override.tools } } : {}
   };
 }
-function getProjectConfigPath() {
-  return path14__default.join(process.cwd(), ".coco", "config.json");
+function getProjectConfigPath2() {
+  return path15__default.join(process.cwd(), ".coco", "config.json");
 }
 async function saveConfig(config, configPath, global = false) {
   const result = CocoConfigSchema.safeParse(config);
@@ -12729,11 +14340,11 @@ async function saveConfig(config, configPath, global = false) {
     }));
     throw new ConfigError("Cannot save invalid configuration", {
       issues,
-      configPath: configPath || getProjectConfigPath()
+      configPath: configPath || getProjectConfigPath2()
     });
   }
-  const resolvedPath = configPath || (global ? CONFIG_PATHS.config : getProjectConfigPath());
-  const dir = path14__default.dirname(resolvedPath);
+  const resolvedPath = configPath || (global ? CONFIG_PATHS.config : getProjectConfigPath2());
+  const dir = path15__default.dirname(resolvedPath);
   await fs14__default.mkdir(dir, { recursive: true });
   const content = JSON.stringify(result.data, null, 2);
   await fs14__default.writeFile(resolvedPath, content, "utf-8");
@@ -12752,7 +14363,7 @@ async function configExists(configPath, scope = "any") {
   }
   if (scope === "project" || scope === "any") {
     try {
-      await fs14__default.access(getProjectConfigPath());
+      await fs14__default.access(getProjectConfigPath2());
       return true;
     } catch {
       if (scope === "project") return false;
@@ -12797,7 +14408,7 @@ function hasNullByte(str) {
 }
 function normalizePath(filePath) {
   let normalized = filePath.replace(/\0/g, "");
-  normalized = path14__default.normalize(normalized);
+  normalized = path15__default.normalize(normalized);
   return normalized;
 }
 function isPathAllowed(filePath, operation) {
@@ -12805,31 +14416,31 @@ function isPathAllowed(filePath, operation) {
     return { allowed: false, reason: "Path contains invalid characters" };
   }
   const normalized = normalizePath(filePath);
-  const absolute = path14__default.resolve(normalized);
+  const absolute = path15__default.resolve(normalized);
   const cwd = process.cwd();
   for (const blocked of BLOCKED_PATHS) {
-    const normalizedBlocked = path14__default.normalize(blocked);
-    if (absolute === normalizedBlocked || absolute.startsWith(normalizedBlocked + path14__default.sep)) {
+    const normalizedBlocked = path15__default.normalize(blocked);
+    if (absolute === normalizedBlocked || absolute.startsWith(normalizedBlocked + path15__default.sep)) {
       return { allowed: false, reason: `Access to system path '${blocked}' is not allowed` };
     }
   }
   const home = process.env.HOME;
   if (home) {
-    const normalizedHome = path14__default.normalize(home);
-    const normalizedCwd = path14__default.normalize(cwd);
+    const normalizedHome = path15__default.normalize(home);
+    const normalizedCwd = path15__default.normalize(cwd);
     if (absolute.startsWith(normalizedHome) && !absolute.startsWith(normalizedCwd)) {
       if (isWithinAllowedPath(absolute, operation)) ; else if (operation === "read") {
         const allowedHomeReads = [".gitconfig", ".zshrc", ".bashrc"];
-        const basename4 = path14__default.basename(absolute);
-        if (!allowedHomeReads.includes(basename4)) {
-          const targetDir = path14__default.dirname(absolute);
+        const basename5 = path15__default.basename(absolute);
+        if (!allowedHomeReads.includes(basename5)) {
+          const targetDir = path15__default.dirname(absolute);
           return {
             allowed: false,
             reason: `Reading files outside project directory is not allowed. Use /allow-path ${targetDir} to grant access.`
           };
         }
       } else {
-        const targetDir = path14__default.dirname(absolute);
+        const targetDir = path15__default.dirname(absolute);
         return {
           allowed: false,
           reason: `${operation} operations outside project directory are not allowed. Use /allow-path ${targetDir} to grant access.`
@@ -12838,12 +14449,12 @@ function isPathAllowed(filePath, operation) {
     }
   }
   if (operation === "write" || operation === "delete") {
-    const basename4 = path14__default.basename(absolute);
+    const basename5 = path15__default.basename(absolute);
     for (const pattern of SENSITIVE_PATTERNS) {
-      if (pattern.test(basename4)) {
+      if (pattern.test(basename5)) {
         return {
           allowed: false,
-          reason: `Operation on sensitive file '${basename4}' requires explicit confirmation`
+          reason: `Operation on sensitive file '${basename5}' requires explicit confirmation`
         };
       }
     }
@@ -12874,7 +14485,7 @@ Examples:
   async execute({ path: filePath, encoding, maxSize }) {
     validatePath(filePath, "read");
     try {
-      const absolutePath = path14__default.resolve(filePath);
+      const absolutePath = path15__default.resolve(filePath);
       const stats = await fs14__default.stat(absolutePath);
       const maxBytes = maxSize ?? DEFAULT_MAX_FILE_SIZE;
       let truncated = false;
@@ -12925,7 +14536,7 @@ Examples:
   async execute({ path: filePath, content, createDirs, dryRun }) {
     validatePath(filePath, "write");
     try {
-      const absolutePath = path14__default.resolve(filePath);
+      const absolutePath = path15__default.resolve(filePath);
       let wouldCreate = false;
       try {
         await fs14__default.access(absolutePath);
@@ -12941,7 +14552,7 @@ Examples:
         };
       }
       if (createDirs) {
-        await fs14__default.mkdir(path14__default.dirname(absolutePath), { recursive: true });
+        await fs14__default.mkdir(path15__default.dirname(absolutePath), { recursive: true });
       }
       await fs14__default.writeFile(absolutePath, content, "utf-8");
       const stats = await fs14__default.stat(absolutePath);
@@ -12979,7 +14590,7 @@ Examples:
   async execute({ path: filePath, oldText, newText, all, dryRun }) {
     validatePath(filePath, "write");
     try {
-      const absolutePath = path14__default.resolve(filePath);
+      const absolutePath = path15__default.resolve(filePath);
       let content = await fs14__default.readFile(absolutePath, "utf-8");
       let replacements = 0;
       if (all) {
@@ -13068,7 +14679,7 @@ Examples:
   }),
   async execute({ path: filePath }) {
     try {
-      const absolutePath = path14__default.resolve(filePath);
+      const absolutePath = path15__default.resolve(filePath);
       const stats = await fs14__default.stat(absolutePath);
       return {
         exists: true,
@@ -13099,12 +14710,12 @@ Examples:
   }),
   async execute({ path: dirPath, recursive }) {
     try {
-      const absolutePath = path14__default.resolve(dirPath);
+      const absolutePath = path15__default.resolve(dirPath);
       const entries = [];
       async function listDir(dir, prefix = "") {
         const items = await fs14__default.readdir(dir, { withFileTypes: true });
         for (const item of items) {
-          const fullPath = path14__default.join(dir, item.name);
+          const fullPath = path15__default.join(dir, item.name);
           const relativePath = prefix ? `${prefix}/${item.name}` : item.name;
           if (item.isDirectory()) {
             entries.push({ name: relativePath, type: "directory" });
@@ -13151,7 +14762,7 @@ Examples:
     }
     validatePath(filePath, "delete");
     try {
-      const absolutePath = path14__default.resolve(filePath);
+      const absolutePath = path15__default.resolve(filePath);
       const stats = await fs14__default.stat(absolutePath);
       if (stats.isDirectory()) {
         if (!recursive) {
@@ -13167,7 +14778,7 @@ Examples:
     } catch (error) {
       if (error instanceof ToolError) throw error;
       if (error.code === "ENOENT") {
-        return { deleted: false, path: path14__default.resolve(filePath) };
+        return { deleted: false, path: path15__default.resolve(filePath) };
       }
       throw new FileSystemError(`Failed to delete: ${filePath}`, {
         path: filePath,
@@ -13195,8 +14806,8 @@ Examples:
     validatePath(source, "read");
     validatePath(destination, "write");
     try {
-      const srcPath = path14__default.resolve(source);
-      const destPath = path14__default.resolve(destination);
+      const srcPath = path15__default.resolve(source);
+      const destPath = path15__default.resolve(destination);
       if (!overwrite) {
         try {
           await fs14__default.access(destPath);
@@ -13212,7 +14823,7 @@ Examples:
           }
         }
       }
-      await fs14__default.mkdir(path14__default.dirname(destPath), { recursive: true });
+      await fs14__default.mkdir(path15__default.dirname(destPath), { recursive: true });
       await fs14__default.copyFile(srcPath, destPath);
       const stats = await fs14__default.stat(destPath);
       return {
@@ -13248,8 +14859,8 @@ Examples:
     validatePath(source, "delete");
     validatePath(destination, "write");
     try {
-      const srcPath = path14__default.resolve(source);
-      const destPath = path14__default.resolve(destination);
+      const srcPath = path15__default.resolve(source);
+      const destPath = path15__default.resolve(destination);
       if (!overwrite) {
         try {
           await fs14__default.access(destPath);
@@ -13265,7 +14876,7 @@ Examples:
           }
         }
       }
-      await fs14__default.mkdir(path14__default.dirname(destPath), { recursive: true });
+      await fs14__default.mkdir(path15__default.dirname(destPath), { recursive: true });
       await fs14__default.rename(srcPath, destPath);
       return {
         source: srcPath,
@@ -13300,10 +14911,10 @@ Examples:
   }),
   async execute({ path: dirPath, depth, showHidden, dirsOnly }) {
     try {
-      const absolutePath = path14__default.resolve(dirPath ?? ".");
+      const absolutePath = path15__default.resolve(dirPath ?? ".");
       let totalFiles = 0;
       let totalDirs = 0;
-      const lines = [path14__default.basename(absolutePath) + "/"];
+      const lines = [path15__default.basename(absolutePath) + "/"];
       async function buildTree(dir, prefix, currentDepth) {
         if (currentDepth > (depth ?? 4)) return;
         let items = await fs14__default.readdir(dir, { withFileTypes: true });
@@ -13326,7 +14937,7 @@ Examples:
           if (item.isDirectory()) {
             totalDirs++;
             lines.push(`${prefix}${connector}${item.name}/`);
-            await buildTree(path14__default.join(dir, item.name), prefix + childPrefix, currentDepth + 1);
+            await buildTree(path15__default.join(dir, item.name), prefix + childPrefix, currentDepth + 1);
           } else {
             totalFiles++;
             lines.push(`${prefix}${connector}${item.name}`);
@@ -14287,7 +15898,7 @@ var checkAgentCapabilityTool = defineTool({
 var simpleAgentTools = [spawnSimpleAgentTool, checkAgentCapabilityTool];
 async function detectTestFramework2(cwd) {
   try {
-    const pkgPath = path14__default.join(cwd, "package.json");
+    const pkgPath = path15__default.join(cwd, "package.json");
     const pkgContent = await fs14__default.readFile(pkgPath, "utf-8");
     const pkg = JSON.parse(pkgContent);
     const deps = {
@@ -14464,9 +16075,9 @@ Examples:
     const projectDir = cwd ?? process.cwd();
     try {
       const coverageLocations = [
-        path14__default.join(projectDir, "coverage", "coverage-summary.json"),
-        path14__default.join(projectDir, "coverage", "coverage-final.json"),
-        path14__default.join(projectDir, ".nyc_output", "coverage-summary.json")
+        path15__default.join(projectDir, "coverage", "coverage-summary.json"),
+        path15__default.join(projectDir, "coverage", "coverage-final.json"),
+        path15__default.join(projectDir, ".nyc_output", "coverage-summary.json")
       ];
       for (const location of coverageLocations) {
         try {
@@ -14522,7 +16133,7 @@ Examples:
 var testTools = [runTestsTool, getCoverageTool, runTestFileTool];
 async function detectLinter2(cwd) {
   try {
-    const pkgPath = path14__default.join(cwd, "package.json");
+    const pkgPath = path15__default.join(cwd, "package.json");
     const pkgContent = await fs14__default.readFile(pkgPath, "utf-8");
     const pkg = JSON.parse(pkgContent);
     const deps = {
@@ -14710,8 +16321,8 @@ Examples:
   }
 });
 async function findSourceFiles(cwd) {
-  const { glob: glob15 } = await import('glob');
-  return glob15("src/**/*.{ts,js,tsx,jsx}", {
+  const { glob: glob17 } = await import('glob');
+  return glob17("src/**/*.{ts,js,tsx,jsx}", {
     cwd,
     absolute: true,
     ignore: ["**/*.test.*", "**/*.spec.*", "**/node_modules/**"]
@@ -14785,7 +16396,7 @@ Examples:
   async execute({ cwd, files, useSnyk }) {
     const projectDir = cwd ?? process.cwd();
     try {
-      const evaluator = createQualityEvaluator(projectDir, useSnyk);
+      const evaluator = createQualityEvaluatorWithRegistry(projectDir, useSnyk);
       const evaluation = await evaluator.evaluate(files);
       return evaluation.scores;
     } catch (error) {
@@ -14828,7 +16439,7 @@ Examples:
     caseSensitive,
     wholeWord
   }) {
-    const targetPath = searchPath ? path14__default.resolve(searchPath) : process.cwd();
+    const targetPath = searchPath ? path15__default.resolve(searchPath) : process.cwd();
     const matches = [];
     let filesSearched = 0;
     const filesWithMatches = /* @__PURE__ */ new Set();
@@ -14895,7 +16506,7 @@ Examples:
                 contextAfter.push(lines[j] ?? "");
               }
               matches.push({
-                file: path14__default.relative(process.cwd(), file),
+                file: path15__default.relative(process.cwd(), file),
                 line: i + 1,
                 column: match.index + 1,
                 content: line,
@@ -14946,7 +16557,7 @@ Examples:
   }),
   async execute({ file, pattern, caseSensitive }) {
     try {
-      const absolutePath = path14__default.resolve(file);
+      const absolutePath = path15__default.resolve(file);
       const content = await fs14__default.readFile(absolutePath, "utf-8");
       const lines = content.split("\n");
       const matches = [];
@@ -15123,7 +16734,7 @@ async function detectPackageManager(cwd) {
   ];
   for (const { file, pm } of lockfiles) {
     try {
-      await fs14__default.access(path14__default.join(cwd, file));
+      await fs14__default.access(path15__default.join(cwd, file));
       return pm;
     } catch {
     }
@@ -15388,7 +16999,7 @@ ${message}
     });
     try {
       try {
-        await fs14__default.access(path14__default.join(projectDir, "Makefile"));
+        await fs14__default.access(path15__default.join(projectDir, "Makefile"));
       } catch {
         throw new ToolError("No Makefile found in directory", { tool: "make" });
       }
@@ -15560,7 +17171,32 @@ CONFIG_PATHS.home;
 
 // src/cli/repl/session.ts
 init_paths();
-path14__default.dirname(CONFIG_PATHS.trustedTools);
+z.object({
+  name: z.string().min(1).max(64),
+  description: z.string().min(1).max(1024),
+  version: z.string().default("1.0.0"),
+  license: z.string().optional(),
+  globs: z.union([z.string(), z.array(z.string())]).optional(),
+  // skills.sh standard fields
+  "disable-model-invocation": z.boolean().optional(),
+  "allowed-tools": z.union([z.string(), z.array(z.string())]).optional(),
+  "argument-hint": z.string().optional(),
+  compatibility: z.string().max(500).optional(),
+  model: z.string().optional(),
+  context: z.enum(["fork", "agent", "inline"]).optional(),
+  // Top-level tags/author (skills.sh style) — also accepted inside metadata
+  tags: z.union([z.string(), z.array(z.string())]).optional(),
+  author: z.string().optional(),
+  // Nested metadata (Coco style)
+  metadata: z.object({
+    author: z.string().optional(),
+    tags: z.array(z.string()).optional(),
+    category: z.string().optional()
+  }).passthrough().optional()
+});
+
+// src/cli/repl/session.ts
+path15__default.dirname(CONFIG_PATHS.trustedTools);
 CONFIG_PATHS.trustedTools;
 
 // src/cli/repl/recommended-permissions.ts
@@ -15862,7 +17498,7 @@ async function enforceRateLimit() {
   const now = Date.now();
   const elapsed = now - lastRequestTime;
   if (elapsed < MIN_REQUEST_INTERVAL_MS) {
-    await new Promise((resolve2) => setTimeout(resolve2, MIN_REQUEST_INTERVAL_MS - elapsed));
+    await new Promise((resolve3) => setTimeout(resolve3, MIN_REQUEST_INTERVAL_MS - elapsed));
   }
   lastRequestTime = Date.now();
 }
@@ -16669,7 +18305,7 @@ var getTerminalWidth = () => process.stdout.columns || 80;
 function stripAnsi(str) {
   return str.replace(/\x1b\[[0-9;]*m/g, "");
 }
-function detectLanguage(filePath) {
+function detectLanguage2(filePath) {
   const ext = filePath.split(".").pop()?.toLowerCase() ?? "";
   const extMap = {
     ts: "typescript",
@@ -16714,7 +18350,7 @@ function renderDiff(diff, options) {
 }
 function renderFileBlock(file, opts) {
   const { maxWidth, showLineNumbers, compact } = opts;
-  const lang = detectLanguage(file.path);
+  const lang = detectLanguage2(file.path);
   const contentWidth = Math.max(1, maxWidth - 4);
   const typeLabel = file.type === "modified" ? "modified" : file.type === "added" ? "new file" : file.type === "deleted" ? "deleted" : `renamed from ${file.oldPath}`;
   const statsLabel = ` +${file.additions} -${file.deletions}`;
@@ -16862,9 +18498,9 @@ async function fileExists(filePath) {
     return false;
   }
 }
-async function fileExists2(path37) {
+async function fileExists2(path38) {
   try {
-    await access(path37);
+    await access(path38);
     return true;
   } catch {
     return false;
@@ -17119,7 +18755,7 @@ async function checkTestCoverage(diff, cwd) {
     );
     if (!hasTestChange) {
       const ext = src.path.match(/\.(ts|tsx|js|jsx)$/)?.[0] ?? ".ts";
-      const testExists = await fileExists(path14__default.join(cwd, `${baseName}.test${ext}`)) || await fileExists(path14__default.join(cwd, `${baseName}.spec${ext}`));
+      const testExists = await fileExists(path15__default.join(cwd, `${baseName}.test${ext}`)) || await fileExists(path15__default.join(cwd, `${baseName}.spec${ext}`));
       if (testExists) {
         if (src.additions >= TEST_COVERAGE_LARGE_CHANGE_THRESHOLD) {
           findings.push({
@@ -17338,8 +18974,8 @@ Examples:
 });
 var reviewTools = [reviewCodeTool];
 var fs23 = await import('fs/promises');
-var path24 = await import('path');
-var { glob: glob12 } = await import('glob');
+var path25 = await import('path');
+var { glob: glob14 } = await import('glob');
 var DEFAULT_MAX_FILES = 200;
 var LANGUAGE_EXTENSIONS = {
   typescript: [".ts", ".tsx", ".mts", ".cts"],
@@ -17363,8 +18999,8 @@ var DEFAULT_EXCLUDES = [
   "**/*.min.*",
   "**/*.d.ts"
 ];
-function detectLanguage2(filePath) {
-  const ext = path24.extname(filePath).toLowerCase();
+function detectLanguage3(filePath) {
+  const ext = path25.extname(filePath).toLowerCase();
   for (const [lang, extensions] of Object.entries(LANGUAGE_EXTENSIONS)) {
     if (extensions.includes(ext)) return lang;
   }
@@ -17773,7 +19409,7 @@ Examples:
   }),
   async execute({ path: rootPath, include, exclude, languages, maxFiles, depth }) {
     const startTime = performance.now();
-    const absPath = path24.resolve(rootPath);
+    const absPath = path25.resolve(rootPath);
     try {
       const stat2 = await fs23.stat(absPath);
       if (!stat2.isDirectory()) {
@@ -17800,7 +19436,7 @@ Examples:
       pattern = `**/*{${allExts.join(",")}}`;
     }
     const excludePatterns = [...DEFAULT_EXCLUDES, ...exclude ?? []];
-    const files = await glob12(pattern, {
+    const files = await glob14(pattern, {
       cwd: absPath,
       ignore: excludePatterns,
       nodir: true,
@@ -17812,8 +19448,8 @@ Examples:
     let totalDefinitions = 0;
     let exportedSymbols = 0;
     for (const file of limitedFiles) {
-      const fullPath = path24.join(absPath, file);
-      const language = detectLanguage2(file);
+      const fullPath = path25.join(absPath, file);
+      const language = detectLanguage3(file);
       if (!language) continue;
       if (languages && !languages.includes(language)) {
         continue;
@@ -17853,9 +19489,9 @@ Examples:
 var codebaseMapTools = [codebaseMapTool];
 init_paths();
 var fs24 = await import('fs/promises');
-var path25 = await import('path');
+var path26 = await import('path');
 var crypto3 = await import('crypto');
-var GLOBAL_MEMORIES_DIR = path25.join(COCO_HOME, "memories");
+var GLOBAL_MEMORIES_DIR = path26.join(COCO_HOME, "memories");
 var PROJECT_MEMORIES_DIR = ".coco/memories";
 var DEFAULT_MAX_MEMORIES = 1e3;
 async function ensureDir(dirPath) {
@@ -17866,7 +19502,7 @@ function getMemoriesDir(scope) {
 }
 async function loadIndex(scope) {
   const dir = getMemoriesDir(scope);
-  const indexPath = path25.join(dir, "index.json");
+  const indexPath = path26.join(dir, "index.json");
   try {
     const content = await fs24.readFile(indexPath, "utf-8");
     return JSON.parse(content);
@@ -17877,12 +19513,12 @@ async function loadIndex(scope) {
 async function saveIndex(scope, index) {
   const dir = getMemoriesDir(scope);
   await ensureDir(dir);
-  const indexPath = path25.join(dir, "index.json");
+  const indexPath = path26.join(dir, "index.json");
   await fs24.writeFile(indexPath, JSON.stringify(index, null, 2), "utf-8");
 }
 async function loadMemory(scope, id) {
   const dir = getMemoriesDir(scope);
-  const memPath = path25.join(dir, `${id}.json`);
+  const memPath = path26.join(dir, `${id}.json`);
   try {
     const content = await fs24.readFile(memPath, "utf-8");
     return JSON.parse(content);
@@ -17893,7 +19529,7 @@ async function loadMemory(scope, id) {
 async function saveMemory(scope, memory) {
   const dir = getMemoriesDir(scope);
   await ensureDir(dir);
-  const memPath = path25.join(dir, `${memory.id}.json`);
+  const memPath = path26.join(dir, `${memory.id}.json`);
   await fs24.writeFile(memPath, JSON.stringify(memory, null, 2), "utf-8");
 }
 var createMemoryTool = defineTool({
@@ -18225,8 +19861,8 @@ Examples:
 });
 var checkpointTools = [createCheckpointTool, restoreCheckpointTool, listCheckpointsTool];
 var fs26 = await import('fs/promises');
-var path26 = await import('path');
-var { glob: glob13 } = await import('glob');
+var path27 = await import('path');
+var { glob: glob15 } = await import('glob');
 var INDEX_DIR = ".coco/search-index";
 var DEFAULT_CHUNK_SIZE = 20;
 var BINARY_EXTENSIONS = /* @__PURE__ */ new Set([
@@ -18351,7 +19987,7 @@ async function getEmbedding(text) {
 }
 async function loadIndex2(indexDir) {
   try {
-    const indexPath = path26.join(indexDir, "index.json");
+    const indexPath = path27.join(indexDir, "index.json");
     const content = await fs26.readFile(indexPath, "utf-8");
     return JSON.parse(content);
   } catch {
@@ -18360,11 +19996,11 @@ async function loadIndex2(indexDir) {
 }
 async function saveIndex2(indexDir, index) {
   await fs26.mkdir(indexDir, { recursive: true });
-  const indexPath = path26.join(indexDir, "index.json");
+  const indexPath = path27.join(indexDir, "index.json");
   await fs26.writeFile(indexPath, JSON.stringify(index), "utf-8");
 }
 function isBinary(filePath) {
-  return BINARY_EXTENSIONS.has(path26.extname(filePath).toLowerCase());
+  return BINARY_EXTENSIONS.has(path27.extname(filePath).toLowerCase());
 }
 var semanticSearchTool = defineTool({
   name: "semantic_search",
@@ -18389,12 +20025,12 @@ Examples:
     const effectivePath = rootPath ?? ".";
     const effectiveMaxResults = maxResults ?? 10;
     const effectiveThreshold = threshold ?? 0.3;
-    const absPath = path26.resolve(effectivePath);
-    const indexDir = path26.join(absPath, INDEX_DIR);
+    const absPath = path27.resolve(effectivePath);
+    const indexDir = path27.join(absPath, INDEX_DIR);
     let index = reindex ? null : await loadIndex2(indexDir);
     if (!index) {
       const pattern = include ?? "**/*";
-      const files = await glob13(pattern, {
+      const files = await glob15(pattern, {
         cwd: absPath,
         ignore: DEFAULT_EXCLUDES2,
         nodir: true,
@@ -18403,7 +20039,7 @@ Examples:
       const chunks = [];
       for (const file of files) {
         if (isBinary(file)) continue;
-        const fullPath = path26.join(absPath, file);
+        const fullPath = path27.join(absPath, file);
         try {
           const stat2 = await fs26.stat(fullPath);
           const content = await fs26.readFile(fullPath, "utf-8");
@@ -18466,11 +20102,11 @@ Examples:
 });
 var semanticSearchTools = [semanticSearchTool];
 var fs27 = await import('fs/promises');
-var path27 = await import('path');
-var { glob: glob14 } = await import('glob');
+var path28 = await import('path');
+var { glob: glob16 } = await import('glob');
 async function parseClassRelationships(rootPath, include) {
   const pattern = include ?? "**/*.{ts,tsx,js,jsx}";
-  const files = await glob14(pattern, {
+  const files = await glob16(pattern, {
     cwd: rootPath,
     ignore: ["**/node_modules/**", "**/dist/**", "**/*.test.*", "**/*.d.ts"],
     nodir: true
@@ -18479,7 +20115,7 @@ async function parseClassRelationships(rootPath, include) {
   const interfaces = [];
   for (const file of files.slice(0, 100)) {
     try {
-      const content = await fs27.readFile(path27.join(rootPath, file), "utf-8");
+      const content = await fs27.readFile(path28.join(rootPath, file), "utf-8");
       const lines = content.split("\n");
       for (let i = 0; i < lines.length; i++) {
         const line = lines[i];
@@ -18605,7 +20241,7 @@ async function generateArchitectureDiagram(rootPath) {
   const lines = ["graph TD"];
   let nodeCount = 0;
   let edgeCount = 0;
-  const rootName = path27.basename(rootPath);
+  const rootName = path28.basename(rootPath);
   lines.push(`  ROOT["${rootName}"]`);
   nodeCount++;
   for (const dir of dirs) {
@@ -18615,7 +20251,7 @@ async function generateArchitectureDiagram(rootPath) {
     nodeCount++;
     edgeCount++;
     try {
-      const subEntries = await fs27.readdir(path27.join(rootPath, dir.name), {
+      const subEntries = await fs27.readdir(path28.join(rootPath, dir.name), {
         withFileTypes: true
       });
       const subDirs = subEntries.filter(
@@ -18738,7 +20374,7 @@ Examples:
         tool: "generate_diagram"
       });
     }
-    const absPath = rootPath ? path27.resolve(rootPath) : process.cwd();
+    const absPath = rootPath ? path28.resolve(rootPath) : process.cwd();
     switch (type) {
       case "class":
         return generateClassDiagram(absPath, include);
@@ -18800,7 +20436,7 @@ Examples:
 });
 var diagramTools = [generateDiagramTool];
 var fs28 = await import('fs/promises');
-var path28 = await import('path');
+var path29 = await import('path');
 var DEFAULT_MAX_PAGES = 20;
 var MAX_FILE_SIZE = 50 * 1024 * 1024;
 function parsePageRange(rangeStr, totalPages) {
@@ -18835,7 +20471,7 @@ Examples:
   }),
   async execute({ path: filePath, pages, maxPages }) {
     const startTime = performance.now();
-    const absPath = path28.resolve(filePath);
+    const absPath = path29.resolve(filePath);
     try {
       const stat2 = await fs28.stat(absPath);
       if (!stat2.isFile()) {
@@ -18915,7 +20551,7 @@ Examples:
 });
 var pdfTools = [readPdfTool];
 var fs29 = await import('fs/promises');
-var path29 = await import('path');
+var path30 = await import('path');
 var SUPPORTED_FORMATS = /* @__PURE__ */ new Set([".png", ".jpg", ".jpeg", ".gif", ".webp", ".bmp"]);
 var MAX_IMAGE_SIZE = 20 * 1024 * 1024;
 var MIME_TYPES = {
@@ -18943,15 +20579,15 @@ Examples:
   async execute({ path: filePath, prompt, provider }) {
     const startTime = performance.now();
     const effectivePrompt = prompt ?? "Describe this image in detail. If it's code or a UI, identify the key elements.";
-    const absPath = path29.resolve(filePath);
+    const absPath = path30.resolve(filePath);
     const cwd = process.cwd();
-    if (!absPath.startsWith(cwd + path29.sep) && absPath !== cwd) {
+    if (!absPath.startsWith(cwd + path30.sep) && absPath !== cwd) {
       throw new ToolError(
         `Path traversal denied: '${filePath}' resolves outside the project directory`,
         { tool: "read_image" }
       );
     }
-    const ext = path29.extname(absPath).toLowerCase();
+    const ext = path30.extname(absPath).toLowerCase();
     if (!SUPPORTED_FORMATS.has(ext)) {
       throw new ToolError(
         `Unsupported image format '${ext}'. Supported: ${Array.from(SUPPORTED_FORMATS).join(", ")}`,
@@ -19093,7 +20729,7 @@ Examples:
   }
 });
 var imageTools = [readImageTool];
-var path30 = await import('path');
+var path31 = await import('path');
 var DANGEROUS_PATTERNS2 = [
   /\bDROP\s+(?:TABLE|DATABASE|INDEX|VIEW)\b/i,
   /\bTRUNCATE\b/i,
@@ -19124,7 +20760,7 @@ Examples:
   async execute({ database, query, params, readonly: isReadonlyParam }) {
     const isReadonly = isReadonlyParam ?? true;
     const startTime = performance.now();
-    const absPath = path30.resolve(database);
+    const absPath = path31.resolve(database);
     if (isReadonly && isDangerousSql(query)) {
       throw new ToolError(
         "Write operations (INSERT, UPDATE, DELETE, DROP, ALTER, TRUNCATE, CREATE) are blocked in readonly mode. Set readonly: false to allow writes.",
@@ -19197,7 +20833,7 @@ Examples:
   }),
   async execute({ database, table }) {
     const startTime = performance.now();
-    const absPath = path30.resolve(database);
+    const absPath = path31.resolve(database);
     try {
       const { default: Database } = await import('better-sqlite3');
       const db = new Database(absPath, { readonly: true, fileMustExist: true });
@@ -19251,7 +20887,7 @@ Examples:
 });
 var databaseTools = [sqlQueryTool, inspectSchemaTool];
 var fs30 = await import('fs/promises');
-var path31 = await import('path');
+var path32 = await import('path');
 var AnalyzeFileSchema = z.object({
   filePath: z.string().describe("Path to file to analyze"),
   includeAst: z.boolean().default(false).describe("Include AST in result")
@@ -19348,8 +20984,8 @@ async function analyzeFile(filePath, includeAst = false) {
   };
 }
 async function analyzeDirectory(dirPath) {
-  const { glob: glob15 } = await import('glob');
-  const files = await glob15("**/*.{ts,tsx,js,jsx}", {
+  const { glob: glob17 } = await import('glob');
+  const files = await glob17("**/*.{ts,tsx,js,jsx}", {
     cwd: dirPath,
     ignore: ["**/node_modules/**", "**/dist/**", "**/build/**"],
     absolute: true
@@ -19361,10 +20997,10 @@ async function analyzeDirectory(dirPath) {
     try {
       const analysis = await analyzeFile(file, false);
       totalLines += analysis.lines;
-      const ext = path31.extname(file);
+      const ext = path32.extname(file);
       filesByType[ext] = (filesByType[ext] || 0) + 1;
       fileStats.push({
-        file: path31.relative(dirPath, file),
+        file: path32.relative(dirPath, file),
         lines: analysis.lines,
         complexity: analysis.complexity.cyclomatic
       });
@@ -19877,7 +21513,7 @@ var calculateCodeScoreTool = defineTool({
 });
 var smartSuggestionsTools = [suggestImprovementsTool, calculateCodeScoreTool];
 var fs32 = await import('fs/promises');
-var path32 = await import('path');
+var path33 = await import('path');
 var ContextMemoryStore = class {
   items = /* @__PURE__ */ new Map();
   learnings = /* @__PURE__ */ new Map();
@@ -19897,7 +21533,7 @@ var ContextMemoryStore = class {
     }
   }
   async save() {
-    const dir = path32.dirname(this.storePath);
+    const dir = path33.dirname(this.storePath);
     await fs32.mkdir(dir, { recursive: true });
     const data = {
       sessionId: this.sessionId,
@@ -20071,7 +21707,7 @@ var contextEnhancerTools = [
   getLearnedPatternsTool
 ];
 var fs33 = await import('fs/promises');
-var path33 = await import('path');
+var path34 = await import('path');
 async function discoverSkills(skillsDir) {
   try {
     const files = await fs33.readdir(skillsDir);
@@ -20087,7 +21723,7 @@ async function loadSkillMetadata(skillPath) {
     const descMatch = content.match(/@description\s+(.+)/);
     const versionMatch = content.match(/@version\s+(\S+)/);
     return {
-      name: nameMatch?.[1] || path33.basename(skillPath, path33.extname(skillPath)),
+      name: nameMatch?.[1] || path34.basename(skillPath, path34.extname(skillPath)),
       description: descMatch?.[1] || "No description",
       version: versionMatch?.[1] || "1.0.0",
       dependencies: []
@@ -20131,7 +21767,7 @@ var discoverSkillsTool = defineTool({
     const { skillsDir } = input;
     const skills = await discoverSkills(skillsDir);
     const metadata = await Promise.all(
-      skills.map((s) => loadSkillMetadata(path33.join(skillsDir, s)))
+      skills.map((s) => loadSkillMetadata(path34.join(skillsDir, s)))
     );
     return {
       skillsDir,
@@ -20622,16 +22258,18 @@ var DANGEROUS_ARG_PATTERNS = [
   /\beval\s+/,
   /\bcurl\s+.*\|\s*(ba)?sh/
 ];
-function getSystemOpenCommand() {
-  return process.platform === "darwin" ? "open" : "xdg-open";
+function getSystemOpen(target) {
+  if (process.platform === "darwin") return { cmd: "open", args: [target] };
+  if (isWSL) return { cmd: "cmd.exe", args: ["/c", "start", "", target] };
+  return { cmd: "xdg-open", args: [target] };
 }
 function hasNullByte2(str) {
   return str.includes("\0");
 }
 function isBlockedPath(absolute) {
   for (const blocked of BLOCKED_PATHS2) {
-    const normalizedBlocked = path14__default.normalize(blocked);
-    if (absolute === normalizedBlocked || absolute.startsWith(normalizedBlocked + path14__default.sep)) {
+    const normalizedBlocked = path15__default.normalize(blocked);
+    if (absolute === normalizedBlocked || absolute.startsWith(normalizedBlocked + path15__default.sep)) {
       return blocked;
     }
   }
@@ -20689,7 +22327,7 @@ Examples:
       throw new ToolError("Invalid file path", { tool: "open_file" });
     }
     const workDir = cwd ?? process.cwd();
-    const absolute = path14__default.isAbsolute(filePath) ? path14__default.normalize(filePath) : path14__default.resolve(workDir, filePath);
+    const absolute = path15__default.isAbsolute(filePath) ? path15__default.normalize(filePath) : path15__default.resolve(workDir, filePath);
     const blockedBy = isBlockedPath(absolute);
     if (blockedBy) {
       throw new ToolError(`Access to system path '${blockedBy}' is not allowed`, {
@@ -20702,8 +22340,8 @@ Examples:
       throw new ToolError(`File not found: ${absolute}`, { tool: "open_file" });
     }
     if (mode === "open") {
-      const cmd = getSystemOpenCommand();
-      await execa(cmd, [absolute], { timeout: 1e4 });
+      const { cmd, args: args2 } = getSystemOpen(absolute);
+      await execa(cmd, args2, { timeout: 1e4 });
       return {
         action: "opened",
         path: absolute,
@@ -20712,14 +22350,14 @@ Examples:
       };
     }
     if (isBlockedExecFile(absolute)) {
-      throw new ToolError(`Execution of sensitive file is blocked: ${path14__default.basename(absolute)}`, {
+      throw new ToolError(`Execution of sensitive file is blocked: ${path15__default.basename(absolute)}`, {
         tool: "open_file"
       });
     }
     if (args.length > 0 && hasDangerousArgs(args)) {
       throw new ToolError("Arguments contain dangerous patterns", { tool: "open_file" });
     }
-    const ext = path14__default.extname(absolute);
+    const ext = path15__default.extname(absolute);
     const interpreter = getInterpreter(ext);
     const executable = await isExecutable(absolute);
     let command;
@@ -20732,7 +22370,7 @@ Examples:
       cmdArgs = [...args];
     } else {
       throw new ToolError(
-        `Cannot execute '${path14__default.basename(absolute)}': no known interpreter for '${ext || "(no extension)"}' and file is not executable`,
+        `Cannot execute '${path15__default.basename(absolute)}': no known interpreter for '${ext || "(no extension)"}' and file is not executable`,
         { tool: "open_file" }
       );
     }
@@ -20784,7 +22422,7 @@ Examples:
     reason: z.string().optional().describe("Why access is needed (shown to user for context)")
   }),
   async execute({ path: dirPath, reason }) {
-    const absolute = path14__default.resolve(dirPath);
+    const absolute = path15__default.resolve(dirPath);
     if (isWithinAllowedPath(absolute, "read")) {
       return {
         authorized: true,
@@ -20793,8 +22431,8 @@ Examples:
       };
     }
     for (const blocked of BLOCKED_SYSTEM_PATHS) {
-      const normalizedBlocked = path14__default.normalize(blocked);
-      if (absolute === normalizedBlocked || absolute.startsWith(normalizedBlocked + path14__default.sep)) {
+      const normalizedBlocked = path15__default.normalize(blocked);
+      if (absolute === normalizedBlocked || absolute.startsWith(normalizedBlocked + path15__default.sep)) {
         return {
           authorized: false,
           path: absolute,
@@ -20803,7 +22441,7 @@ Examples:
       }
     }
     const cwd = process.cwd();
-    if (absolute === path14__default.normalize(cwd) || absolute.startsWith(path14__default.normalize(cwd) + path14__default.sep)) {
+    if (absolute === path15__default.normalize(cwd) || absolute.startsWith(path15__default.normalize(cwd) + path15__default.sep)) {
       return {
         authorized: true,
         path: absolute,
@@ -20827,7 +22465,7 @@ Examples:
       };
     }
     const existing = getAllowedPaths();
-    if (existing.some((e) => path14__default.normalize(e.path) === path14__default.normalize(absolute))) {
+    if (existing.some((e) => path15__default.normalize(e.path) === path15__default.normalize(absolute))) {
       return {
         authorized: true,
         path: absolute,