@corbat-tech/coco 2.27.0 → 2.27.2

package/dist/cli/index.js

@@ -2324,13 +2324,20 @@ async function isADCConfigured() {
 }
 async function runGcloudADCLogin() {
   try {
-    await execAsync("gcloud auth application-default login --no-launch-browser", {
-      timeout: 12e4
-      // 2 minute timeout for manual login
+    await execAsync(ADC_LOGIN_COMMAND, {
+      timeout: 3e5
+      // 5 minutes for interactive auth
     });
     return true;
   } catch {
-    return false;
+    try {
+      await execAsync(`${ADC_LOGIN_COMMAND} --no-launch-browser`, {
+        timeout: 3e5
+      });
+      return true;
+    } catch {
+      return false;
+    }
   }
 }
 async function getGeminiADCKey() {
@@ -2504,7 +2511,7 @@ function getApiKey(provider) {
     case "gemini":
       return process.env["GEMINI_API_KEY"] ?? process.env["GOOGLE_API_KEY"];
     case "vertex":
-      return void 0;
+      return process.env["VERTEX_API_KEY"] ?? process.env["GOOGLE_API_KEY"];
     case "kimi":
       return process.env["KIMI_API_KEY"] ?? process.env["MOONSHOT_API_KEY"];
     case "kimi-code":
@@ -6117,21 +6124,26 @@ var init_vertex = __esm({
       config = {};
       project = "";
       location = DEFAULT_LOCATION;
+      apiKey;
       retryConfig = DEFAULT_RETRY_CONFIG;
       async initialize(config) {
         this.config = config;
         this.project = config.project ?? process.env["VERTEX_PROJECT"] ?? process.env["GOOGLE_CLOUD_PROJECT"] ?? process.env["GCLOUD_PROJECT"] ?? "";
         this.location = config.location ?? process.env["VERTEX_LOCATION"] ?? process.env["GOOGLE_CLOUD_LOCATION"] ?? DEFAULT_LOCATION;
+        this.apiKey = config.apiKey ?? process.env["VERTEX_API_KEY"] ?? process.env["GOOGLE_API_KEY"];
         if (!this.project.trim()) {
           throw new ProviderError(
             "Vertex AI project not configured. Set provider.project, VERTEX_PROJECT, or GOOGLE_CLOUD_PROJECT.",
             { provider: this.id }
           );
         }
+        if (this.apiKey?.trim()) {
+          return;
+        }
         const token = await getCachedADCToken();
         if (!token) {
           throw new ProviderError(
-            "Vertex AI ADC is not configured. Run `gcloud auth application-default login` manually, then retry.",
+            "Vertex AI authentication is not configured. Set VERTEX_API_KEY (or GOOGLE_API_KEY), or run `gcloud auth application-default login`.",
             { provider: this.id }
           );
         }
@@ -6250,10 +6262,17 @@ var init_vertex = __esm({
         return `${this.getResolvedBaseUrl()}/projects/${encodeURIComponent(this.project)}/locations/${encodeURIComponent(this.location)}/publishers/google/models/${encodeURIComponent(this.getModel(model))}:${action}`;
       }
       async getHeaders() {
+        if (this.apiKey?.trim()) {
+          return {
+            "Content-Type": "application/json",
+            "x-goog-api-key": this.apiKey,
+            "x-goog-user-project": this.project
+          };
+        }
         const token = await getCachedADCToken();
         if (!token) {
           throw new ProviderError(
-            "Vertex AI ADC token is unavailable. Re-authenticate with gcloud and retry.",
+            "Vertex AI token is unavailable. Re-authenticate with gcloud or configure VERTEX_API_KEY.",
             { provider: this.id }
           );
         }
@@ -20329,11 +20348,11 @@ async function runMergeRelease(ctx) {
   }
   const tagName = ctx.newVersion ? `v${ctx.newVersion}` : void 0;
   const mergeMsg = tagName ? `Merge PR #${ctx.prNumber} to ${ctx.profile.defaultBranch} and create release ${tagName}?` : `Merge PR #${ctx.prNumber} to ${ctx.profile.defaultBranch}?`;
-  const confirm22 = await p26.confirm({
+  const confirm23 = await p26.confirm({
     message: mergeMsg,
     initialValue: true
   });
-  if (p26.isCancel(confirm22) || !confirm22) {
+  if (p26.isCancel(confirm23) || !confirm23) {
     return {
       step: "merge-release",
       status: "skipped",
@@ -22508,9 +22527,10 @@ var init_lifecycle = __esm({
     init_errors2();
     init_logger();
     init_version();
-    MCPServerManager = class {
+    MCPServerManager = class _MCPServerManager {
       connections = /* @__PURE__ */ new Map();
       logger = getLogger();
+      static STOP_TIMEOUT_MS = 5e3;
       /**
        * Create transport for a server config
        */
@@ -22597,7 +22617,15 @@ var init_lifecycle = __esm({
         }
         this.logger.info(`Stopping MCP server: ${name}`);
         try {
-          await connection.transport.disconnect();
+          await Promise.race([
+            connection.transport.disconnect(),
+            new Promise(
+              (_, reject) => setTimeout(
+                () => reject(new Error("MCP disconnect timeout")),
+                _MCPServerManager.STOP_TIMEOUT_MS
+              )
+            )
+          ]);
         } catch (error) {
           this.logger.error(
             `Error disconnecting server '${name}': ${error instanceof Error ? error.message : String(error)}`
@@ -29186,13 +29214,14 @@ var PROVIDER_DEFINITIONS = {
       functionCalling: true,
       vision: true
     },
-    // Updated: March 2026 — from docs.github.com/en/copilot/reference/ai-models/supported-models
+    // Updated: April 2026 — from docs.github.com/en/copilot/reference/ai-models/supported-models
+    // Premium request multipliers in descriptions are for paid Copilot plans.
     models: [
       // Anthropic models
       {
         id: "claude-sonnet-4.6",
         name: "Claude Sonnet 4.6",
-        description: "Anthropic's latest balanced model via Copilot",
+        description: "Balanced Claude model via Copilot \u2014 Premium x1",
         contextWindow: 2e5,
         maxOutputTokens: 64e3,
         recommended: true
@@ -29200,28 +29229,28 @@ var PROVIDER_DEFINITIONS = {
       {
         id: "claude-opus-4.6",
         name: "Claude Opus 4.6",
-        description: "Anthropic's most intelligent model via Copilot",
+        description: "Most capable Claude model via Copilot \u2014 Premium x3",
         contextWindow: 2e5,
         maxOutputTokens: 128e3
       },
       {
         id: "claude-sonnet-4.5",
         name: "Claude Sonnet 4.5",
-        description: "Previous balanced Claude model via Copilot",
+        description: "Previous balanced Claude model via Copilot \u2014 Premium x1",
         contextWindow: 2e5,
         maxOutputTokens: 64e3
       },
       {
         id: "claude-opus-4.5",
         name: "Claude Opus 4.5",
-        description: "Previous flagship Claude model via Copilot",
+        description: "Previous flagship Claude model via Copilot \u2014 Premium x3",
         contextWindow: 2e5,
         maxOutputTokens: 64e3
       },
       {
         id: "claude-haiku-4.5",
         name: "Claude Haiku 4.5",
-        description: "Fast and affordable Claude model via Copilot",
+        description: "Fast low-cost Claude model via Copilot \u2014 Premium x0.33",
         contextWindow: 2e5,
         maxOutputTokens: 64e3
       },
@@ -29229,7 +29258,7 @@ var PROVIDER_DEFINITIONS = {
       {
         id: "gpt-5.4-codex",
         name: "GPT-5.4 Codex",
-        description: "OpenAI's latest coding model via Copilot (Mar 2026)",
+        description: "Latest coding model via Copilot \u2014 Premium x1",
         contextWindow: 4e5,
         maxOutputTokens: 128e3,
         recommended: true
@@ -29237,28 +29266,28 @@ var PROVIDER_DEFINITIONS = {
       {
         id: "gpt-5.3-codex",
         name: "GPT-5.3 Codex",
-        description: "OpenAI's previous coding model via Copilot",
+        description: "Previous coding model via Copilot \u2014 Premium x1",
         contextWindow: 4e5,
         maxOutputTokens: 128e3
       },
       {
         id: "gpt-5.2-codex",
         name: "GPT-5.2 Codex",
-        description: "OpenAI's previous coding model via Copilot",
+        description: "Previous coding model via Copilot \u2014 Premium x1",
         contextWindow: 4e5,
         maxOutputTokens: 128e3
       },
       {
         id: "gpt-5.1-codex-max",
         name: "GPT-5.1 Codex Max",
-        description: "Frontier agentic coding model via Copilot",
+        description: "Frontier agentic coding model via Copilot \u2014 Premium x1",
         contextWindow: 4e5,
         maxOutputTokens: 128e3
       },
       {
         id: "gpt-4.1",
         name: "GPT-4.1",
-        description: "OpenAI long-context model via Copilot (1M)",
+        description: "OpenAI long-context model via Copilot (1M) \u2014 Premium x0",
         contextWindow: 1048576,
         maxOutputTokens: 32768
       },
@@ -29266,21 +29295,21 @@ var PROVIDER_DEFINITIONS = {
       {
         id: "gemini-3.1-pro-preview",
         name: "Gemini 3.1 Pro",
-        description: "Google's latest model via Copilot (1M)",
+        description: "Google's latest model via Copilot (1M) \u2014 Premium x1",
         contextWindow: 1e6,
         maxOutputTokens: 64e3
       },
       {
         id: "gemini-3-flash-preview",
         name: "Gemini 3 Flash",
-        description: "Google's fast model via Copilot (1M)",
+        description: "Google's fast model via Copilot (1M) \u2014 Premium x0.33",
         contextWindow: 1e6,
         maxOutputTokens: 64e3
       },
       {
         id: "gemini-2.5-pro",
         name: "Gemini 2.5 Pro",
-        description: "Google stable model via Copilot (1M)",
+        description: "Google stable model via Copilot (1M) \u2014 Premium x1",
         contextWindow: 1048576,
         maxOutputTokens: 65536
       }
@@ -29419,8 +29448,8 @@ var PROVIDER_DEFINITIONS = {
     name: "Google Vertex AI Gemini",
     emoji: "\u2601\uFE0F",
     description: "Gemini on Vertex AI with GCP project, IAM and ADC",
-    envVar: "VERTEX_PROJECT",
-    apiKeyUrl: "https://console.cloud.google.com/vertex-ai",
+    envVar: "VERTEX_API_KEY",
+    apiKeyUrl: "https://cloud.google.com/vertex-ai/generative-ai/docs/start/api-keys",
     docsUrl: "https://cloud.google.com/vertex-ai/generative-ai/docs/start/quickstart",
     baseUrl: "https://aiplatform.googleapis.com/v1",
     supportsCustomModels: true,
@@ -30098,7 +30127,7 @@ function getConfiguredProviders() {
       return hasLocalProviderConfig(p45.id);
     }
     if (p45.id === "vertex") {
-      return !!(process.env["VERTEX_PROJECT"] ?? process.env["GOOGLE_CLOUD_PROJECT"] ?? process.env["GCLOUD_PROJECT"]);
+      return !!(process.env["VERTEX_API_KEY"] ?? process.env["GOOGLE_API_KEY"] ?? process.env["VERTEX_PROJECT"] ?? process.env["GOOGLE_CLOUD_PROJECT"] ?? process.env["GCLOUD_PROJECT"]);
     }
     return !!process.env[p45.envVar];
   });
@@ -30451,11 +30480,11 @@ async function runRemoveServer(name, options) {
     process.exit(1);
   }
   if (!options.yes) {
-    const confirm22 = await p26.confirm({
+    const confirm23 = await p26.confirm({
       message: `Remove server '${name}'?`,
       initialValue: false
     });
-    if (p26.isCancel(confirm22) || !confirm22) {
+    if (p26.isCancel(confirm23) || !confirm23) {
       p26.outro("Cancelled");
       return;
     }
@@ -30727,10 +30756,10 @@ async function runRemove(name, options) {
     return;
   }
   if (!options.yes) {
-    const confirm22 = await p26.confirm({
+    const confirm23 = await p26.confirm({
       message: `Remove skill "${name}" from ${targetDir}?`
     });
-    if (p26.isCancel(confirm22) || !confirm22) {
+    if (p26.isCancel(confirm23) || !confirm23) {
       p26.log.info("Cancelled.");
       p26.outro("");
       return;
@@ -33282,6 +33311,301 @@ function showToolsHelp() {
 
 // src/cli/repl/commands/clear.ts
 init_session();
+async function getGitContext(projectPath) {
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), 3e3);
+  try {
+    const git = simpleGit({ baseDir: projectPath, abort: controller.signal });
+    const status = await git.status();
+    clearTimeout(timer);
+    return {
+      branch: status.current ?? "HEAD",
+      isDirty: !status.isClean(),
+      staged: status.staged.length,
+      modified: status.modified.length,
+      untracked: status.not_added.length,
+      ahead: status.ahead,
+      behind: status.behind
+    };
+  } catch {
+    clearTimeout(timer);
+    return null;
+  }
+}
+function formatGitLine(ctx) {
+  const branchColor = ctx.isDirty ? chalk.yellow : chalk.green;
+  const parts = [chalk.dim("\u{1F33F} ") + branchColor(ctx.branch)];
+  const changes = [];
+  if (ctx.staged > 0) changes.push(chalk.green(`+${ctx.staged}`));
+  if (ctx.modified > 0) changes.push(chalk.yellow(`~${ctx.modified}`));
+  if (ctx.untracked > 0) changes.push(chalk.dim(`?${ctx.untracked}`));
+  if (ctx.ahead > 0) changes.push(chalk.cyan(`\u2191${ctx.ahead}`));
+  if (ctx.behind > 0) changes.push(chalk.red(`\u2193${ctx.behind}`));
+  if (changes.length > 0) parts.push(changes.join(" "));
+  return parts.join(" \u2022 ");
+}
+function formatGitShort(ctx) {
+  const branch = ctx.isDirty ? chalk.yellow(ctx.branch) : chalk.green(ctx.branch);
+  const dirty = ctx.isDirty ? chalk.yellow(" \u25CF") : "";
+  return chalk.dim("\u{1F33F} ") + branch + dirty;
+}
+
+// src/cli/repl/startup-panel.ts
+init_version();
+init_trust_store();
+init_env();
+
+// src/cli/repl/quality-loop.ts
+init_paths();
+var qualityLoopEnabled = true;
+var hintShown = false;
+function isQualityLoop() {
+  return qualityLoopEnabled;
+}
+function setQualityLoop(enabled) {
+  qualityLoopEnabled = enabled;
+}
+function wasHintShown() {
+  return hintShown;
+}
+function markHintShown() {
+  hintShown = true;
+}
+function looksLikeFeatureRequest(input) {
+  const trimmed = input.trim();
+  if (trimmed.length < 20) return false;
+  if (trimmed.endsWith("?") && trimmed.length < 80) return false;
+  const featureKeywords = [
+    /\bimplement/i,
+    /\bcreate\b/i,
+    /\bbuild\b/i,
+    /\badd\b.*\b(feature|function|component|endpoint|service|module|class)/i,
+    /\brefactor/i,
+    /\bmigrate/i,
+    /\bsetup\b/i,
+    /\bintegrate/i,
+    /\bwrite\b.*\b(code|function|test|module)/i,
+    /\bdevelop/i,
+    /\bdesign\b/i,
+    /\bfix\b.*\b(bug|issue|error|problem)/i,
+    /\bupdate\b.*\b(function|component|service|module)/i,
+    /\bgenerate\b/i,
+    /\bconvert\b/i
+  ];
+  return featureKeywords.some((re) => re.test(trimmed));
+}
+function formatQualityLoopHint() {
+  return chalk.dim("  tip: ") + chalk.magenta("/quality") + chalk.dim(" enables auto-test & iterate until quality converges");
+}
+function formatQualityResult(result) {
+  const lines = [];
+  const scores = result.scoreHistory;
+  const progressStr = scores.map((s) => String(s)).join(" \u2192 ");
+  const convergedLabel = result.converged ? chalk.green("converged") : chalk.yellow("max iterations");
+  lines.push("");
+  lines.push(
+    chalk.magenta("\u2500\u2500 Quality: ") + chalk.white(progressStr) + chalk.dim(` (${convergedLabel})`) + chalk.magenta(" \u2500\u2500")
+  );
+  const parts = [];
+  if (result.testsPassed !== void 0 && result.testsTotal !== void 0) {
+    const testsColor = result.testsPassed === result.testsTotal ? chalk.green : chalk.yellow;
+    parts.push(testsColor(`Tests: ${result.testsPassed}/${result.testsTotal}`));
+  }
+  if (result.coverage !== void 0) {
+    const covColor = result.coverage >= 80 ? chalk.green : chalk.yellow;
+    parts.push(covColor(`Coverage: ${result.coverage}%`));
+  }
+  if (result.securityScore !== void 0) {
+    const secColor = result.securityScore === 100 ? chalk.green : chalk.red;
+    parts.push(secColor(`Security: ${result.securityScore}`));
+  }
+  parts.push(chalk.dim(`Iterations: ${result.iterations}`));
+  if (result.durationMs !== void 0) {
+    const secs = (result.durationMs / 1e3).toFixed(1);
+    parts.push(chalk.dim(`Time: ${secs}s`));
+  }
+  lines.push("   " + parts.join("  "));
+  lines.push("");
+  return lines.join("\n");
+}
+async function loadQualityLoopPreference() {
+  try {
+    const content = await fs35__default.readFile(CONFIG_PATHS.config, "utf-8");
+    const config = JSON.parse(content);
+    const value = config.qualityLoop ?? config.cocoMode;
+    if (typeof value === "boolean") {
+      qualityLoopEnabled = value;
+      return value;
+    }
+  } catch {
+  }
+  return true;
+}
+async function saveQualityLoopPreference(enabled) {
+  try {
+    let config = {};
+    try {
+      const content = await fs35__default.readFile(CONFIG_PATHS.config, "utf-8");
+      config = JSON.parse(content);
+    } catch {
+    }
+    config.qualityLoop = enabled;
+    await fs35__default.writeFile(CONFIG_PATHS.config, JSON.stringify(config, null, 2) + "\n");
+  } catch {
+  }
+}
+function parseQualityLoopReport(content) {
+  const marker = "QUALITY_LOOP_REPORT";
+  const idx = content.indexOf(marker);
+  if (idx === -1) return null;
+  const block = content.slice(idx);
+  const getField = (name) => {
+    const match = block.match(new RegExp(`${name}:\\s*(.+)`));
+    return match?.[1]?.trim();
+  };
+  const scoreHistoryRaw = getField("score_history");
+  if (!scoreHistoryRaw) return null;
+  const scores = scoreHistoryRaw.replace(/[[\]]/g, "").split(",").map((s) => parseFloat(s.trim())).filter((n) => !isNaN(n));
+  if (scores.length === 0) return null;
+  const testsPassed = parseInt(getField("tests_passed") ?? "", 10);
+  const testsTotal = parseInt(getField("tests_total") ?? "", 10);
+  const coverage = parseInt(getField("coverage") ?? "", 10);
+  const security = parseInt(getField("security") ?? "", 10);
+  const iterations = parseInt(getField("iterations") ?? "", 10) || scores.length;
+  const converged = getField("converged") === "true";
+  return {
+    converged,
+    scoreHistory: scores,
+    finalScore: scores[scores.length - 1] ?? 0,
+    iterations,
+    testsPassed: isNaN(testsPassed) ? void 0 : testsPassed,
+    testsTotal: isNaN(testsTotal) ? void 0 : testsTotal,
+    coverage: isNaN(coverage) ? void 0 : coverage,
+    securityScore: isNaN(security) ? void 0 : security
+  };
+}
+function getQualityLoopSystemPrompt() {
+  return `
+## Quality Loop Mode (ACTIVE)
+
+You are operating in quality loop mode. After implementing code changes, you MUST follow this iteration cycle:
+
+1. **Implement** the requested changes (code + tests)
+2. **Run tests** using the run_tests or bash_exec tool
+3. **Self-review**: Analyze your code against these 12 quality dimensions:
+   - Correctness, Completeness, Robustness, Readability
+   - Maintainability, Complexity, Duplication, Test Coverage
+   - Test Quality, Security, Documentation, Style
+4. **Score** your implementation 0-100 for each dimension
+5. **If issues found**: Fix them and go back to step 2
+6. **If quality is good** (overall \u2265 85 and improving < 2 points): Stop and report
+
+After completing the cycle, output a quality summary in this exact format:
+
+\`\`\`
+QUALITY_LOOP_REPORT
+score_history: [first_score, ..., final_score]
+tests_passed: X
+tests_total: Y
+coverage: Z
+security: 100
+iterations: N
+converged: true|false
+\`\`\`
+
+Key rules:
+- Always write tests alongside code
+- Run tests after every change
+- Minimum 2 iterations before declaring convergence
+- Maximum 10 iterations
+- Fix critical issues before moving on
+- Report honestly - don't inflate scores`;
+}
+
+// src/cli/repl/startup-panel.ts
+async function renderStartupPanel(session, gitCtx, mcpServers = []) {
+  const trustStore = createTrustStore();
+  await trustStore.init();
+  const trustLevel = trustStore.getLevel(session.projectPath);
+  const boxWidth = 41;
+  const innerWidth = boxWidth - 2;
+  const versionText = `v${VERSION}`;
+  const subtitleText = "open source \u2022 corbat.tech";
+  const boxLine = (content) => {
+    const pad = Math.max(0, innerWidth - stringWidth2(content));
+    return chalk.magenta("\u2502") + content + " ".repeat(pad) + chalk.magenta("\u2502");
+  };
+  const titleLeftRaw = " COCO";
+  const titleRightRaw = versionText + " ";
+  const titleLeftStyled = " " + chalk.bold.white("COCO");
+  const titleGap = Math.max(1, innerWidth - stringWidth2(titleLeftRaw) - stringWidth2(titleRightRaw));
+  const titleContent = titleLeftStyled + " ".repeat(titleGap) + chalk.dim(titleRightRaw);
+  const taglineText = "code that converges to quality";
+  const taglineContent = " " + chalk.magenta(taglineText) + " ";
+  const subtitleContent = " " + chalk.dim(subtitleText) + " ";
+  console.log();
+  console.log(chalk.magenta("  \u256D" + "\u2500".repeat(boxWidth - 2) + "\u256E"));
+  console.log("  " + boxLine(titleContent));
+  console.log("  " + boxLine(taglineContent));
+  console.log("  " + boxLine(subtitleContent));
+  console.log(chalk.magenta("  \u2570" + "\u2500".repeat(boxWidth - 2) + "\u256F"));
+  const maxPathLen = 50;
+  let displayPath = session.projectPath;
+  if (displayPath.length > maxPathLen) {
+    displayPath = "..." + displayPath.slice(-maxPathLen + 3);
+  }
+  const lastSep = displayPath.lastIndexOf("/");
+  const parentPath = lastSep > 0 ? displayPath.slice(0, lastSep + 1) : "";
+  const projectName = lastSep > 0 ? displayPath.slice(lastSep + 1) : displayPath;
+  const providerName = session.config.provider.type;
+  const configuredModel = session.config.provider.model?.trim();
+  const modelName = configuredModel && !["default", "none", "null", "undefined"].includes(configuredModel.toLowerCase()) ? configuredModel : getDefaultModel(session.config.provider.type);
+  const trustText = trustLevel === "full" ? "full" : trustLevel === "write" ? "write" : trustLevel === "read" ? "read" : "";
+  console.log();
+  console.log(chalk.dim(`  \u{1F4C1} ${parentPath}`) + chalk.magenta.bold(projectName));
+  console.log(
+    chalk.dim(`  \u{1F916} ${providerName}/`) + chalk.magenta(modelName) + (trustText ? chalk.dim(` \u2022 \u{1F510} ${trustText}`) : "")
+  );
+  if (gitCtx) {
+    console.log(`  ${formatGitLine(gitCtx)}`);
+  }
+  const cocoStatus = isQualityLoop() ? chalk.magenta("  \u{1F504} quality mode: ") + chalk.green.bold("on") + chalk.dim(" \u2014 iterates until quality \u2265 85. /quality to disable") : chalk.dim("  \u{1F4A1} /quality on \u2014 enable auto-test & quality iteration");
+  console.log(cocoStatus);
+  const skillTotal = session.skillRegistry?.size ?? 0;
+  const hasSomething = skillTotal > 0 || mcpServers.length > 0;
+  if (hasSomething) {
+    if (skillTotal > 0) {
+      const allMeta = session.skillRegistry.getAllMetadata();
+      const builtinCount = allMeta.filter((s) => s.scope === "builtin").length;
+      const projectCount = skillTotal - builtinCount;
+      const parts = [];
+      if (builtinCount > 0) parts.push(`${builtinCount} builtin`);
+      if (projectCount > 0) parts.push(`${projectCount} project`);
+      const detail = parts.length > 0 ? ` (${parts.join(" \xB7 ")})` : "";
+      console.log(chalk.green("  \u2713") + chalk.dim(` Skills: ${skillTotal} loaded${detail}`));
+    } else {
+      console.log(chalk.dim("  \xB7 Skills: none loaded"));
+    }
+    if (mcpServers.length > 0) {
+      const names = mcpServers.join(", ");
+      console.log(
+        chalk.green("  \u2713") + chalk.dim(
+          ` MCP: ${names} (${mcpServers.length} server${mcpServers.length === 1 ? "" : "s"} active)`
+        )
+      );
+    }
+  }
+  console.log();
+  console.log(
+    chalk.dim("  Type your request or ") + chalk.magenta("/help") + chalk.dim(" for commands")
+  );
+  const pasteHint = process.platform === "darwin" ? chalk.dim("  \u{1F4CB} \u2318V paste text \u2022 \u2303V paste image") : chalk.dim("  \u{1F4CB} Ctrl+V paste image from clipboard");
+  console.log(pasteHint);
+  console.log();
+}
+
+// src/cli/repl/commands/clear.ts
+init_env();
 var clearCommand = {
   name: "clear",
   aliases: ["c"],
@@ -33289,7 +33613,22 @@ var clearCommand = {
   usage: "/clear",
   async execute(_args, session) {
     clearSession(session);
-    console.log(chalk.dim("Conversation cleared.\n"));
+    process.stdout.write("\x1B[2J\x1B[H");
+    const projectPath = session.projectPath || process.cwd();
+    const gitCtx = await getGitContext(projectPath);
+    const panelSession = {
+      ...session,
+      projectPath,
+      config: session.config ?? {
+        provider: {
+          type: "anthropic",
+          model: getDefaultModel("anthropic"),
+          maxTokens: 8192
+        }
+      }
+    };
+    await renderStartupPanel(panelSession, gitCtx);
+    console.log(chalk.dim("Context cleared.\n"));
     return false;
   }
 };
@@ -33763,6 +34102,12 @@ async function setupProviderWithAuth(provider) {
   showProviderInfo(provider);
   const apiKey = await requestApiKey(provider);
   if (!apiKey) return null;
+  let vertexSettings;
+  if (provider.id === "vertex") {
+    const settings = await promptVertexSettings();
+    if (!settings) return null;
+    vertexSettings = settings;
+  }
   let baseUrl;
   if (provider.askForCustomUrl) {
     const wantsCustomUrl = await p26.confirm({
@@ -33786,7 +34131,7 @@ async function setupProviderWithAuth(provider) {
   }
   const model = await selectModel(provider);
   if (!model) return null;
-  const valid = await testConnection(provider, apiKey, model, baseUrl);
+  const valid = await testConnection(provider, apiKey, model, baseUrl, vertexSettings);
   if (!valid) {
     const retry = await p26.confirm({
       message: "Would you like to try again?",
@@ -33801,7 +34146,9 @@ async function setupProviderWithAuth(provider) {
     type: provider.id,
     model,
     apiKey,
-    baseUrl
+    baseUrl,
+    project: vertexSettings?.project,
+    location: vertexSettings?.location
   };
 }
 async function setupGcloudADC(provider) {
@@ -33817,11 +34164,6 @@ async function setupGcloudADC(provider) {
     p26.log.error("gcloud CLI is not installed");
     console.log(chalk.dim("   Install it from: https://cloud.google.com/sdk/docs/install"));
     console.log();
-    if (provider.id === "vertex") {
-      console.log(chalk.dim("   Vertex AI requires gcloud ADC plus a Google Cloud project."));
-      console.log();
-      return null;
-    }
     const useFallback2 = await p26.confirm({
       message: "Use API key instead?",
       initialValue: true
@@ -33832,25 +34174,37 @@ async function setupGcloudADC(provider) {
     if (!apiKey2) return null;
     const model2 = await selectModel(provider);
     if (!model2) return null;
-    const valid2 = await testConnection(provider, apiKey2, model2);
+    let vertexSettings2;
+    if (provider.id === "vertex") {
+      const settings = await promptVertexSettings();
+      if (!settings) return null;
+      vertexSettings2 = settings;
+    }
+    const valid2 = await testConnection(provider, apiKey2, model2, void 0, vertexSettings2);
     if (!valid2) return null;
-    return { type: provider.id, model: model2, apiKey: apiKey2 };
+    return {
+      type: provider.id,
+      model: model2,
+      apiKey: apiKey2,
+      project: vertexSettings2?.project,
+      location: vertexSettings2?.location
+    };
   }
-  const adc = await inspectADC();
+  let adc = await inspectADC();
   if (adc.status === "ok" && adc.token) {
     console.log(chalk.green("   \u2713 gcloud ADC is already configured!"));
     console.log();
     p26.log.success("Authentication verified");
-    const vertexSettings = provider.id === "vertex" ? await promptVertexSettings() : void 0;
-    if (provider.id === "vertex" && !vertexSettings) return null;
+    const vertexSettings2 = provider.id === "vertex" ? await promptVertexSettings() : void 0;
+    if (provider.id === "vertex" && !vertexSettings2) return null;
     const model2 = await selectModel(provider);
     if (!model2) return null;
     return {
       type: provider.id,
       model: model2,
       apiKey: "__gcloud_adc__",
-      project: vertexSettings?.project,
-      location: vertexSettings?.location
+      project: vertexSettings2?.project,
+      location: vertexSettings2?.location
     };
   }
   console.log(chalk.yellow("   No reusable gcloud ADC session was found for Coco."));
@@ -33859,6 +34213,36 @@ async function setupGcloudADC(provider) {
     console.log(chalk.dim(`   ${adc.message}`));
     console.log();
   }
+  const runLoginNow = await p26.confirm({
+    message: "Authenticate with gcloud now from Coco?",
+    initialValue: true
+  });
+  if (p26.isCancel(runLoginNow)) return null;
+  if (runLoginNow) {
+    p26.log.step("Running `gcloud auth application-default login`...");
+    const loginOk = await runGcloudADCLogin();
+    if (loginOk) {
+      adc = await inspectADC();
+      if (adc.status === "ok" && adc.token) {
+        console.log(chalk.green("   \u2713 gcloud ADC is now configured."));
+        console.log();
+        p26.log.success("Authentication verified");
+        const vertexSettings2 = provider.id === "vertex" ? await promptVertexSettings() : void 0;
+        if (provider.id === "vertex" && !vertexSettings2) return null;
+        const model2 = await selectModel(provider);
+        if (!model2) return null;
+        return {
+          type: provider.id,
+          model: model2,
+          apiKey: "__gcloud_adc__",
+          project: vertexSettings2?.project,
+          location: vertexSettings2?.location
+        };
+      }
+    }
+    p26.log.error("Could not complete gcloud ADC login from Coco.");
+    console.log();
+  }
   console.log(chalk.dim("   Check the current machine-wide ADC state with:"));
   console.log(chalk.cyan("   $ gcloud auth application-default print-access-token"));
   console.log();
@@ -33871,13 +34255,6 @@ async function setupGcloudADC(provider) {
   }
   console.log(chalk.dim("   Coco will reuse the login on the next attempt if ADC is valid."));
   console.log();
-  if (provider.id === "vertex") {
-    console.log(
-      chalk.dim("   Vertex AI does not use API keys in Coco. Configure ADC, then retry.")
-    );
-    console.log();
-    return null;
-  }
   const useFallback = await p26.confirm({
     message: "Use API key for now?",
     initialValue: true
@@ -33888,9 +34265,21 @@ async function setupGcloudADC(provider) {
   if (!apiKey) return null;
   const model = await selectModel(provider);
   if (!model) return null;
-  const valid = await testConnection(provider, apiKey, model);
+  let vertexSettings;
+  if (provider.id === "vertex") {
+    const settings = await promptVertexSettings();
+    if (!settings) return null;
+    vertexSettings = settings;
+  }
+  const valid = await testConnection(provider, apiKey, model, void 0, vertexSettings);
   if (!valid) return null;
-  return { type: provider.id, model, apiKey };
+  return {
+    type: provider.id,
+    model,
+    apiKey,
+    project: vertexSettings?.project,
+    location: vertexSettings?.location
+  };
 }
 async function promptVertexSettings() {
   const projectDefault = process.env["VERTEX_PROJECT"] ?? process.env["GOOGLE_CLOUD_PROJECT"] ?? process.env["GCLOUD_PROJECT"] ?? "";
@@ -34424,8 +34813,8 @@ async function testConnection(provider, apiKey, model, baseUrl, vertexSettings)
       process.env[`${provider.id.toUpperCase()}_BASE_URL`] = baseUrl;
     }
     if (provider.id === "vertex") {
-      if (vertexSettings?.project) ;
-      if (vertexSettings?.location) ;
+      if (vertexSettings?.project) process.env["VERTEX_PROJECT"] = vertexSettings.project;
+      if (vertexSettings?.location) process.env["VERTEX_LOCATION"] = vertexSettings.location;
     }
     const testProvider = await createProvider(provider.id, {
       model,
@@ -34724,8 +35113,9 @@ async function ensureConfiguredV2(config) {
     });
     for (const prov of configuredProviders) {
       try {
+        const rememberedModel = await getLastUsedModel(prov.id);
         const recommended = getRecommendedModel(prov.id);
-        const model = recommended?.id || prov.models[0]?.id || "";
+        const model = rememberedModel || recommended?.id || prov.models[0]?.id || "";
         let providerId = prov.id;
         if (prov.id === "openai" && hasOpenAIOAuthTokens && !process.env[prov.envVar]) {
           const tokenResult = await getOrRefreshOAuthToken("openai");
@@ -34953,7 +35343,7 @@ async function switchProvider(initialProvider, session) {
 `));
     return false;
   }
-  const supportsApiKey = newProvider.id !== "vertex" && newProvider.requiresApiKey !== false;
+  const supportsApiKey = newProvider.requiresApiKey !== false;
   const apiKey = supportsApiKey ? process.env[newProvider.envVar] : void 0;
   const hasOAuth = supportsOAuth(newProvider.id) || newProvider.supportsOAuth;
   const hasGcloudADC = newProvider.supportsGcloudADC;
@@ -35087,7 +35477,10 @@ Using existing OAuth session...`));
         if (!adcResult) return false;
         selectedAuthMethod = "gcloud";
         if (newProvider.id === "vertex") {
-          const settings = await promptVertexSettings2();
+          const settings = await promptVertexSettings2({
+            project: session.config.provider.project,
+            location: session.config.provider.location
+          });
           if (!settings) return false;
           vertexSettings = settings;
         }
@@ -35108,6 +35501,14 @@ Using existing API key...`));
           selectedAuthMethod = "apikey";
           newApiKeyForSaving = key;
         }
+        if (newProvider.id === "vertex") {
+          const settings = await promptVertexSettings2({
+            project: session.config.provider.project,
+            location: session.config.provider.location
+          });
+          if (!settings) return false;
+          vertexSettings = settings;
+        }
       } else if (authChoice === "remove") {
         const removeOptions = [];
         if (oauthConnected) {
@@ -35164,7 +35565,10 @@ ${newProvider.emoji} ${newProvider.name} is not configured.`));
         if (!adcResult) return false;
         selectedAuthMethod = "gcloud";
         if (newProvider.id === "vertex") {
-          const settings = await promptVertexSettings2();
+          const settings = await promptVertexSettings2({
+            project: session.config.provider.project,
+            location: session.config.provider.location
+          });
           if (!settings) return false;
           vertexSettings = settings;
         }
@@ -35215,7 +35619,9 @@ ${newProvider.emoji} ${newProvider.name} is not configured.`));
       await saveConfiguration({
         type: userFacingProviderId,
         model: newModel,
-        apiKey: newApiKeyForSaving
+        apiKey: newApiKeyForSaving,
+        project: vertexSettings?.project,
+        location: vertexSettings?.location
       });
     } else {
       await saveProviderPreference(userFacingProviderId, newModel, {
@@ -35255,8 +35661,26 @@ async function setupGcloudADCForProvider(_provider) {
     return true;
   }
   console.log(chalk.yellow("\n   No reusable gcloud ADC session was found for Coco."));
-  if (adc.message) {
-    console.log(chalk.dim(`   ${adc.message}`));
+  console.log();
+  if (adc.message) console.log(chalk.dim(`   ${adc.message}`));
+  console.log();
+  const runLoginNow = await p26.confirm({
+    message: "Authenticate with gcloud now from Coco?",
+    initialValue: true
+  });
+  if (p26.isCancel(runLoginNow)) return false;
+  if (runLoginNow) {
+    p26.log.step("Running `gcloud auth application-default login`...");
+    const loginOk = await runGcloudADCLogin();
+    if (loginOk) {
+      const refreshed = await inspectADC();
+      if (refreshed.status === "ok" && refreshed.token) {
+        console.log(chalk.green("   \u2713 gcloud ADC is now configured.\n"));
+        return true;
+      }
+    }
+    p26.log.error("Could not complete gcloud ADC login from Coco.");
+    console.log();
   }
   console.log(chalk.dim("\n   Check the current ADC state with:"));
   console.log(chalk.cyan("   $ gcloud auth application-default print-access-token"));
@@ -35269,9 +35693,9 @@ async function setupGcloudADCForProvider(_provider) {
   console.log();
   return false;
 }
-async function promptVertexSettings2() {
-  const projectDefault = process.env["VERTEX_PROJECT"] ?? process.env["GOOGLE_CLOUD_PROJECT"] ?? process.env["GCLOUD_PROJECT"] ?? "";
-  const locationDefault = process.env["VERTEX_LOCATION"] ?? process.env["GOOGLE_CLOUD_LOCATION"] ?? "global";
+async function promptVertexSettings2(defaults) {
+  const projectDefault = defaults?.project ?? process.env["VERTEX_PROJECT"] ?? process.env["GOOGLE_CLOUD_PROJECT"] ?? process.env["GCLOUD_PROJECT"] ?? "";
+  const locationDefault = defaults?.location ?? process.env["VERTEX_LOCATION"] ?? process.env["GOOGLE_CLOUD_LOCATION"] ?? "global";
   const project = await p26.text({
     message: "Google Cloud project ID:",
     placeholder: projectDefault || "my-gcp-project",
@@ -35980,11 +36404,11 @@ async function revokeTrust(session, trustStore) {
     p26.log.info("This project is not currently trusted");
     return;
   }
-  const confirm22 = await p26.confirm({
+  const confirm23 = await p26.confirm({
     message: "Revoke all access to this project?",
     initialValue: false
   });
-  if (p26.isCancel(confirm22) || !confirm22) {
+  if (p26.isCancel(confirm23) || !confirm23) {
     p26.outro("Cancelled");
     return;
   }
@@ -36101,11 +36525,11 @@ var initCommand = {
         p26.log.message(`  Description: ${description}`);
       }
       p26.log.message("");
-      const confirm22 = await p26.confirm({
+      const confirm23 = await p26.confirm({
         message: "Create project?",
         initialValue: true
       });
-      if (p26.isCancel(confirm22) || !confirm22) {
+      if (p26.isCancel(confirm23) || !confirm23) {
         p26.outro("Cancelled");
         return false;
       }
@@ -37331,11 +37755,11 @@ async function runInteractiveMode(session) {
     );
   }
   console.log();
-  const confirm22 = await p26.confirm({
+  const confirm23 = await p26.confirm({
     message: "Proceed with restoration?",
     initialValue: true
   });
-  if (p26.isCancel(confirm22) || !confirm22) {
+  if (p26.isCancel(confirm23) || !confirm23) {
     p26.outro("Cancelled");
     return false;
   }
@@ -37378,11 +37802,11 @@ async function runDirectMode(session, checkpointId) {
     console.log(`${chalk.dim("Conversation:")} ${checkpoint.conversation?.messageCount} messages`);
   }
   console.log();
-  const confirm22 = await p26.confirm({
+  const confirm23 = await p26.confirm({
     message: "Restore this checkpoint?",
     initialValue: true
   });
-  if (p26.isCancel(confirm22) || !confirm22) {
+  if (p26.isCancel(confirm23) || !confirm23) {
     p26.outro("Cancelled");
     return false;
   }
@@ -37833,11 +38257,11 @@ async function runInteractiveMode2(session) {
     return false;
   }
   displaySessionDetails(selectedSession);
-  const confirm22 = await p26.confirm({
+  const confirm23 = await p26.confirm({
     message: "Resume this session?",
     initialValue: true
   });
-  if (p26.isCancel(confirm22) || !confirm22) {
+  if (p26.isCancel(confirm23) || !confirm23) {
     p26.outro("Cancelled");
     return false;
   }
@@ -37855,11 +38279,11 @@ async function runDirectMode2(session, sessionId) {
     return false;
   }
   displaySessionDetails(targetSession);
-  const confirm22 = await p26.confirm({
+  const confirm23 = await p26.confirm({
     message: "Resume this session?",
     initialValue: true
   });
-  if (p26.isCancel(confirm22) || !confirm22) {
+  if (p26.isCancel(confirm23) || !confirm23) {
     p26.outro("Cancelled");
     return false;
   }
@@ -38872,7 +39296,9 @@ async function loadPermissionPreferences() {
       recommendedAllowlistApplied: config.recommendedAllowlistApplied,
       recommendedAllowlistDismissed: config.recommendedAllowlistDismissed,
       recommendedAllowlistPrompted: config.recommendedAllowlistPrompted,
-      recommendedAllowlistPromptedProjects: config.recommendedAllowlistPromptedProjects
+      recommendedAllowlistPromptedProjects: config.recommendedAllowlistPromptedProjects,
+      recommendedAllowlistAppliedProjects: config.recommendedAllowlistAppliedProjects,
+      recommendedAllowlistDismissedProjects: config.recommendedAllowlistDismissedProjects
     };
   } catch {
     return {};
@@ -38892,7 +39318,27 @@ async function savePermissionPreference(key, value) {
   } catch {
   }
 }
-async function markPermissionSuggestionShownForProject(projectPath) {
+function isRecommendedAllowlistAppliedForProject(prefs, projectPath) {
+  const projectKey = getProjectPreferenceKey(projectPath);
+  if (prefs.recommendedAllowlistAppliedProjects?.[projectKey] === true) {
+    return true;
+  }
+  if (prefs.recommendedAllowlistApplied === true && !prefs.recommendedAllowlistAppliedProjects) {
+    return true;
+  }
+  return false;
+}
+function isRecommendedAllowlistDismissedForProject(prefs, projectPath) {
+  const projectKey = getProjectPreferenceKey(projectPath);
+  if (prefs.recommendedAllowlistDismissedProjects?.[projectKey] === true) {
+    return true;
+  }
+  if (prefs.recommendedAllowlistDismissed === true && !prefs.recommendedAllowlistDismissedProjects) {
+    return true;
+  }
+  return false;
+}
+async function saveProjectPermissionPreference(key, projectPath, value) {
   try {
     let config = {};
     try {
@@ -38900,12 +39346,12 @@ async function markPermissionSuggestionShownForProject(projectPath) {
       config = JSON.parse(content);
     } catch {
     }
-    const promptedProjects = {
-      ...config.recommendedAllowlistPromptedProjects,
-      [getProjectPreferenceKey(projectPath)]: true
+    const projectKey = getProjectPreferenceKey(projectPath);
+    const currentMap = config[key] ?? {};
+    config[key] = {
+      ...currentMap,
+      [projectKey]: value
     };
-    config.recommendedAllowlistPromptedProjects = promptedProjects;
-    config.recommendedAllowlistPrompted = true;
     await fs35__default.mkdir(path39__default.dirname(CONFIG_PATHS.config), { recursive: true });
     await fs35__default.writeFile(CONFIG_PATHS.config, JSON.stringify(config, null, 2), "utf-8");
   } catch {
@@ -38913,26 +39359,26 @@ async function markPermissionSuggestionShownForProject(projectPath) {
 }
 async function shouldShowPermissionSuggestion(projectPath = process.cwd()) {
   const prefs = await loadPermissionPreferences();
-  if (prefs.recommendedAllowlistDismissed) {
-    return false;
-  }
-  if (prefs.recommendedAllowlistApplied) {
+  if (isRecommendedAllowlistDismissedForProject(prefs, projectPath)) {
     return false;
   }
-  const projectKey = getProjectPreferenceKey(projectPath);
-  if (prefs.recommendedAllowlistPromptedProjects?.[projectKey]) {
+  if (isRecommendedAllowlistAppliedForProject(prefs, projectPath)) {
     return false;
   }
   return true;
 }
-async function applyRecommendedPermissions() {
+async function applyRecommendedPermissions(projectPath = process.cwd()) {
   for (const tool of [...RECOMMENDED_GLOBAL, ...RECOMMENDED_PROJECT]) {
     await saveTrustedTool(tool, null, true);
   }
-  await savePermissionPreference("recommendedAllowlistApplied", true);
+  await saveProjectPermissionPreference("recommendedAllowlistAppliedProjects", projectPath, true);
+  await saveProjectPermissionPreference(
+    "recommendedAllowlistDismissedProjects",
+    projectPath,
+    false
+  );
 }
 async function showPermissionSuggestion(projectPath = process.cwd()) {
-  await markPermissionSuggestionShownForProject(projectPath);
   console.log();
   console.log(chalk.magenta.bold("  \u{1F4CB} Recommended Permissions"));
   console.log();
@@ -38959,8 +39405,11 @@ async function showPermissionSuggestion(projectPath = process.cwd()) {
     return;
   }
   if (action === "dismiss") {
-    await savePermissionPreference("recommendedAllowlistPrompted", true);
-    await savePermissionPreference("recommendedAllowlistDismissed", true);
+    await saveProjectPermissionPreference(
+      "recommendedAllowlistDismissedProjects",
+      projectPath,
+      true
+    );
     console.log(chalk.dim("  Won't show again. Use /permissions to apply later."));
     return;
   }
@@ -38974,8 +39423,7 @@ async function showPermissionSuggestion(projectPath = process.cwd()) {
       return;
     }
   }
-  await applyRecommendedPermissions();
-  await savePermissionPreference("recommendedAllowlistPrompted", true);
+  await applyRecommendedPermissions(projectPath);
   console.log(chalk.green("  \u2713 Recommended permissions applied"));
   console.log(chalk.dim("  Use /permissions to review or modify anytime."));
 }
@@ -39066,7 +39514,7 @@ async function showStatus(session) {
   console.log(chalk.magenta.bold("  \u{1F510} Tool Permissions"));
   console.log();
   const allowCount = RECOMMENDED_GLOBAL.length + RECOMMENDED_PROJECT.length;
-  if (prefs.recommendedAllowlistApplied) {
+  if (isRecommendedAllowlistAppliedForProject(prefs, session.projectPath)) {
     console.log(
       chalk.green("  \u2713 Recommended allowlist applied") + chalk.dim(` (${allowCount} allow, ${RECOMMENDED_DENY.length} deny)`)
     );
@@ -39108,7 +39556,7 @@ async function showStatus(session) {
   console.log();
 }
 async function applyRecommended(session) {
-  await applyRecommendedPermissions();
+  await applyRecommendedPermissions(session.projectPath);
   for (const tool of RECOMMENDED_GLOBAL) {
     session.trustedTools.add(tool);
   }
@@ -39158,177 +39606,18 @@ async function resetPermissions(session) {
   } catch {
   }
   await savePermissionPreference("recommendedAllowlistApplied", false);
-  console.log(chalk.green("  \u2713 All tool permissions reset."));
-}
-
-// src/cli/repl/quality-loop.ts
-init_paths();
-var qualityLoopEnabled = true;
-var hintShown = false;
-function isQualityLoop() {
-  return qualityLoopEnabled;
-}
-function setQualityLoop(enabled) {
-  qualityLoopEnabled = enabled;
-}
-function wasHintShown() {
-  return hintShown;
-}
-function markHintShown() {
-  hintShown = true;
-}
-function looksLikeFeatureRequest(input) {
-  const trimmed = input.trim();
-  if (trimmed.length < 20) return false;
-  if (trimmed.endsWith("?") && trimmed.length < 80) return false;
-  const featureKeywords = [
-    /\bimplement/i,
-    /\bcreate\b/i,
-    /\bbuild\b/i,
-    /\badd\b.*\b(feature|function|component|endpoint|service|module|class)/i,
-    /\brefactor/i,
-    /\bmigrate/i,
-    /\bsetup\b/i,
-    /\bintegrate/i,
-    /\bwrite\b.*\b(code|function|test|module)/i,
-    /\bdevelop/i,
-    /\bdesign\b/i,
-    /\bfix\b.*\b(bug|issue|error|problem)/i,
-    /\bupdate\b.*\b(function|component|service|module)/i,
-    /\bgenerate\b/i,
-    /\bconvert\b/i
-  ];
-  return featureKeywords.some((re) => re.test(trimmed));
-}
-function formatQualityLoopHint() {
-  return chalk.dim("  tip: ") + chalk.magenta("/quality") + chalk.dim(" enables auto-test & iterate until quality converges");
-}
-function formatQualityResult(result) {
-  const lines = [];
-  const scores = result.scoreHistory;
-  const progressStr = scores.map((s) => String(s)).join(" \u2192 ");
-  const convergedLabel = result.converged ? chalk.green("converged") : chalk.yellow("max iterations");
-  lines.push("");
-  lines.push(
-    chalk.magenta("\u2500\u2500 Quality: ") + chalk.white(progressStr) + chalk.dim(` (${convergedLabel})`) + chalk.magenta(" \u2500\u2500")
+  await saveProjectPermissionPreference(
+    "recommendedAllowlistAppliedProjects",
+    session.projectPath,
+    false
   );
-  const parts = [];
-  if (result.testsPassed !== void 0 && result.testsTotal !== void 0) {
-    const testsColor = result.testsPassed === result.testsTotal ? chalk.green : chalk.yellow;
-    parts.push(testsColor(`Tests: ${result.testsPassed}/${result.testsTotal}`));
-  }
-  if (result.coverage !== void 0) {
-    const covColor = result.coverage >= 80 ? chalk.green : chalk.yellow;
-    parts.push(covColor(`Coverage: ${result.coverage}%`));
-  }
-  if (result.securityScore !== void 0) {
-    const secColor = result.securityScore === 100 ? chalk.green : chalk.red;
-    parts.push(secColor(`Security: ${result.securityScore}`));
-  }
-  parts.push(chalk.dim(`Iterations: ${result.iterations}`));
-  if (result.durationMs !== void 0) {
-    const secs = (result.durationMs / 1e3).toFixed(1);
-    parts.push(chalk.dim(`Time: ${secs}s`));
-  }
-  lines.push("   " + parts.join("  "));
-  lines.push("");
-  return lines.join("\n");
-}
-async function loadQualityLoopPreference() {
-  try {
-    const content = await fs35__default.readFile(CONFIG_PATHS.config, "utf-8");
-    const config = JSON.parse(content);
-    const value = config.qualityLoop ?? config.cocoMode;
-    if (typeof value === "boolean") {
-      qualityLoopEnabled = value;
-      return value;
-    }
-  } catch {
-  }
-  return true;
-}
-async function saveQualityLoopPreference(enabled) {
-  try {
-    let config = {};
-    try {
-      const content = await fs35__default.readFile(CONFIG_PATHS.config, "utf-8");
-      config = JSON.parse(content);
-    } catch {
-    }
-    config.qualityLoop = enabled;
-    await fs35__default.writeFile(CONFIG_PATHS.config, JSON.stringify(config, null, 2) + "\n");
-  } catch {
-  }
-}
-function parseQualityLoopReport(content) {
-  const marker = "QUALITY_LOOP_REPORT";
-  const idx = content.indexOf(marker);
-  if (idx === -1) return null;
-  const block = content.slice(idx);
-  const getField = (name) => {
-    const match = block.match(new RegExp(`${name}:\\s*(.+)`));
-    return match?.[1]?.trim();
-  };
-  const scoreHistoryRaw = getField("score_history");
-  if (!scoreHistoryRaw) return null;
-  const scores = scoreHistoryRaw.replace(/[[\]]/g, "").split(",").map((s) => parseFloat(s.trim())).filter((n) => !isNaN(n));
-  if (scores.length === 0) return null;
-  const testsPassed = parseInt(getField("tests_passed") ?? "", 10);
-  const testsTotal = parseInt(getField("tests_total") ?? "", 10);
-  const coverage = parseInt(getField("coverage") ?? "", 10);
-  const security = parseInt(getField("security") ?? "", 10);
-  const iterations = parseInt(getField("iterations") ?? "", 10) || scores.length;
-  const converged = getField("converged") === "true";
-  return {
-    converged,
-    scoreHistory: scores,
-    finalScore: scores[scores.length - 1] ?? 0,
-    iterations,
-    testsPassed: isNaN(testsPassed) ? void 0 : testsPassed,
-    testsTotal: isNaN(testsTotal) ? void 0 : testsTotal,
-    coverage: isNaN(coverage) ? void 0 : coverage,
-    securityScore: isNaN(security) ? void 0 : security
-  };
-}
-function getQualityLoopSystemPrompt() {
-  return `
-## Quality Loop Mode (ACTIVE)
-
-You are operating in quality loop mode. After implementing code changes, you MUST follow this iteration cycle:
-
-1. **Implement** the requested changes (code + tests)
-2. **Run tests** using the run_tests or bash_exec tool
-3. **Self-review**: Analyze your code against these 12 quality dimensions:
-   - Correctness, Completeness, Robustness, Readability
-   - Maintainability, Complexity, Duplication, Test Coverage
-   - Test Quality, Security, Documentation, Style
-4. **Score** your implementation 0-100 for each dimension
-5. **If issues found**: Fix them and go back to step 2
-6. **If quality is good** (overall \u2265 85 and improving < 2 points): Stop and report
-
-After completing the cycle, output a quality summary in this exact format:
-
-\`\`\`
-QUALITY_LOOP_REPORT
-score_history: [first_score, ..., final_score]
-tests_passed: X
-tests_total: Y
-coverage: Z
-security: 100
-iterations: N
-converged: true|false
-\`\`\`
-
-Key rules:
-- Always write tests alongside code
-- Run tests after every change
-- Minimum 2 iterations before declaring convergence
-- Maximum 10 iterations
-- Fix critical issues before moving on
-- Report honestly - don't inflate scores`;
+  await saveProjectPermissionPreference(
+    "recommendedAllowlistDismissedProjects",
+    session.projectPath,
+    false
+  );
+  console.log(chalk.green("  \u2713 All tool permissions reset."));
 }
-
-// src/cli/repl/commands/quality.ts
 var qualityCommand = {
   name: "quality",
   aliases: ["coco"],
@@ -40099,11 +40388,11 @@ Response format (JSON only, no prose):
     }
   }
   if (!options?.skipConfirmation) {
-    const confirm22 = await p26.confirm({
+    const confirm23 = await p26.confirm({
       message: "Start building with this plan?",
       initialValue: true
     });
-    if (p26.isCancel(confirm22) || !confirm22) {
+    if (p26.isCancel(confirm23) || !confirm23) {
       cancel5("Build cancelled.");
     }
   }
@@ -41661,8 +41950,8 @@ Examples:
     recursive: z.boolean().optional().default(false).describe("Delete directories recursively"),
     confirm: z.boolean().optional().describe("Must be true to confirm deletion")
   }),
-  async execute({ path: filePath, recursive, confirm: confirm22 }) {
-    if (confirm22 !== true) {
+  async execute({ path: filePath, recursive, confirm: confirm23 }) {
+    if (confirm23 !== true) {
       throw new ToolError(
         "Deletion requires explicit confirmation. Set confirm: true to proceed.",
         { tool: "delete_file" }
@@ -48645,11 +48934,11 @@ var buildAppCommand = {
       return false;
     }
     if (!isAutonomous && !parsed.skipConfirmation) {
-      const confirm22 = await p26.confirm({
+      const confirm23 = await p26.confirm({
         message: `Build "${spec.projectName}" with ${spec.sprints.length} sprints?`,
         initialValue: true
       });
-      if (p26.isCancel(confirm22) || !confirm22) {
+      if (p26.isCancel(confirm23) || !confirm23) {
         p26.cancel("Build cancelled.");
         return false;
       }
@@ -53610,44 +53899,6 @@ function createIntentRecognizer(config = {}) {
 // src/cli/repl/index.ts
 init_env();
 init_allowed_paths();
-async function getGitContext(projectPath) {
-  const controller = new AbortController();
-  const timer = setTimeout(() => controller.abort(), 3e3);
-  try {
-    const git = simpleGit({ baseDir: projectPath, abort: controller.signal });
-    const status = await git.status();
-    clearTimeout(timer);
-    return {
-      branch: status.current ?? "HEAD",
-      isDirty: !status.isClean(),
-      staged: status.staged.length,
-      modified: status.modified.length,
-      untracked: status.not_added.length,
-      ahead: status.ahead,
-      behind: status.behind
-    };
-  } catch {
-    clearTimeout(timer);
-    return null;
-  }
-}
-function formatGitLine(ctx) {
-  const branchColor = ctx.isDirty ? chalk.yellow : chalk.green;
-  const parts = [chalk.dim("\u{1F33F} ") + branchColor(ctx.branch)];
-  const changes = [];
-  if (ctx.staged > 0) changes.push(chalk.green(`+${ctx.staged}`));
-  if (ctx.modified > 0) changes.push(chalk.yellow(`~${ctx.modified}`));
-  if (ctx.untracked > 0) changes.push(chalk.dim(`?${ctx.untracked}`));
-  if (ctx.ahead > 0) changes.push(chalk.cyan(`\u2191${ctx.ahead}`));
-  if (ctx.behind > 0) changes.push(chalk.red(`\u2193${ctx.behind}`));
-  if (changes.length > 0) parts.push(changes.join(" "));
-  return parts.join(" \u2022 ");
-}
-function formatGitShort(ctx) {
-  const branch = ctx.isDirty ? chalk.yellow(ctx.branch) : chalk.green(ctx.branch);
-  const dirty = ctx.isDirty ? chalk.yellow(" \u25CF") : "";
-  return chalk.dim("\u{1F33F} ") + branch + dirty;
-}
 
 // src/cli/repl/status-bar.ts
 init_env();
@@ -54752,85 +55003,7 @@ ${imagePrompts}`.trim() : imagePrompts;
   process.off("SIGTERM", sigtermHandler);
 }
 async function printWelcome(session, gitCtx, mcpManager) {
-  const trustStore = createTrustStore();
-  await trustStore.init();
-  const trustLevel = trustStore.getLevel(session.projectPath);
-  const boxWidth = 41;
-  const innerWidth = boxWidth - 2;
-  const versionText = `v${VERSION}`;
-  const subtitleText = "open source \u2022 corbat.tech";
-  const boxLine = (content) => {
-    const pad = Math.max(0, innerWidth - stringWidth2(content));
-    return chalk.magenta("\u2502") + content + " ".repeat(pad) + chalk.magenta("\u2502");
-  };
-  const titleLeftRaw = " COCO";
-  const titleRightRaw = versionText + " ";
-  const titleLeftStyled = " " + chalk.bold.white("COCO");
-  const titleGap = Math.max(1, innerWidth - stringWidth2(titleLeftRaw) - stringWidth2(titleRightRaw));
-  const titleContent = titleLeftStyled + " ".repeat(titleGap) + chalk.dim(titleRightRaw);
-  const taglineText = "code that converges to quality";
-  const taglineContent = " " + chalk.magenta(taglineText) + " ";
-  const subtitleContent = " " + chalk.dim(subtitleText) + " ";
-  console.log();
-  console.log(chalk.magenta("  \u256D" + "\u2500".repeat(boxWidth - 2) + "\u256E"));
-  console.log("  " + boxLine(titleContent));
-  console.log("  " + boxLine(taglineContent));
-  console.log("  " + boxLine(subtitleContent));
-  console.log(chalk.magenta("  \u2570" + "\u2500".repeat(boxWidth - 2) + "\u256F"));
-  const maxPathLen = 50;
-  let displayPath = session.projectPath;
-  if (displayPath.length > maxPathLen) {
-    displayPath = "..." + displayPath.slice(-maxPathLen + 3);
-  }
-  const lastSep = displayPath.lastIndexOf("/");
-  const parentPath = lastSep > 0 ? displayPath.slice(0, lastSep + 1) : "";
-  const projectName = lastSep > 0 ? displayPath.slice(lastSep + 1) : displayPath;
-  const providerName = session.config.provider.type;
-  const configuredModel = session.config.provider.model?.trim();
-  const modelName = configuredModel && !["default", "none", "null", "undefined"].includes(configuredModel.toLowerCase()) ? configuredModel : getDefaultModel(session.config.provider.type);
-  const trustText = trustLevel === "full" ? "full" : trustLevel === "write" ? "write" : trustLevel === "read" ? "read" : "";
-  console.log();
-  console.log(chalk.dim(`  \u{1F4C1} ${parentPath}`) + chalk.magenta.bold(projectName));
-  console.log(
-    chalk.dim(`  \u{1F916} ${providerName}/`) + chalk.magenta(modelName) + (trustText ? chalk.dim(` \u2022 \u{1F510} ${trustText}`) : "")
-  );
-  if (gitCtx) {
-    console.log(`  ${formatGitLine(gitCtx)}`);
-  }
-  const cocoStatus = isQualityLoop() ? chalk.magenta("  \u{1F504} quality mode: ") + chalk.green.bold("on") + chalk.dim(" \u2014 iterates until quality \u2265 85. /quality to disable") : chalk.dim("  \u{1F4A1} /quality on \u2014 enable auto-test & quality iteration");
-  console.log(cocoStatus);
-  const skillTotal = session.skillRegistry?.size ?? 0;
-  const mcpServers = mcpManager?.getConnectedServers() ?? [];
-  const hasSomething = skillTotal > 0 || mcpServers.length > 0;
-  if (hasSomething) {
-    if (skillTotal > 0) {
-      const allMeta = session.skillRegistry.getAllMetadata();
-      const builtinCount = allMeta.filter((s) => s.scope === "builtin").length;
-      const projectCount = skillTotal - builtinCount;
-      const parts = [];
-      if (builtinCount > 0) parts.push(`${builtinCount} builtin`);
-      if (projectCount > 0) parts.push(`${projectCount} project`);
-      const detail = parts.length > 0 ? ` (${parts.join(" \xB7 ")})` : "";
-      console.log(chalk.green("  \u2713") + chalk.dim(` Skills: ${skillTotal} loaded${detail}`));
-    } else {
-      console.log(chalk.dim("  \xB7 Skills: none loaded"));
-    }
-    if (mcpServers.length > 0) {
-      const names = mcpServers.join(", ");
-      console.log(
-        chalk.green("  \u2713") + chalk.dim(
-          ` MCP: ${names} (${mcpServers.length} server${mcpServers.length === 1 ? "" : "s"} active)`
-        )
-      );
-    }
-  }
-  console.log();
-  console.log(
-    chalk.dim("  Type your request or ") + chalk.magenta("/help") + chalk.dim(" for commands")
-  );
-  const pasteHint = process.platform === "darwin" ? chalk.dim("  \u{1F4CB} \u2318V paste text \u2022 \u2303V paste image") : chalk.dim("  \u{1F4CB} Ctrl+V paste image from clipboard");
-  console.log(pasteHint);
-  console.log();
+  await renderStartupPanel(session, gitCtx, mcpManager?.getConnectedServers() ?? []);
 }
 async function checkProjectTrust(projectPath) {
   const trustStore = createTrustStore();