@corbat-tech/coco 2.35.0 → 2.36.0

package/dist/index.js

@@ -1,10 +1,10 @@
 import { Logger } from 'tslog';
 import * as fs4 from 'fs';
-import fs4__default, { readFileSync, constants } from 'fs';
+import fs4__default, { readFileSync, mkdirSync, appendFileSync, writeFileSync, constants } from 'fs';
 import * as path17 from 'path';
 import path17__default, { dirname, join, basename, resolve } from 'path';
 import * as fs16 from 'fs/promises';
-import fs16__default, { access, readFile, readdir, writeFile, mkdir } from 'fs/promises';
+import fs16__default, { access, readFile, readdir, writeFile, mkdir, rm } from 'fs/promises';
 import { randomUUID, randomBytes, createHash } from 'crypto';
 import * as http from 'http';
 import { fileURLToPath, URL as URL$1 } from 'url';
@@ -23,7 +23,7 @@ import Anthropic from '@anthropic-ai/sdk';
 import { jsonrepair } from 'jsonrepair';
 import OpenAI from 'openai';
 import { GoogleGenAI, FunctionCallingConfigMode } from '@google/genai';
-import 'events';
+import { EventEmitter } from 'events';
 import 'minimatch';
 import { simpleGit } from 'simple-git';
 import { diffWords } from 'diff';
@@ -275,6 +275,10 @@ function getCatalogDefaultModel(provider) {
 function getCatalogModel(provider, modelId) {
   return getProviderCatalogEntry(provider).models.find((modelEntry) => modelEntry.id === modelId);
 }
+function getCatalogRecommendedModel(provider) {
+  const entry = getProviderCatalogEntry(provider);
+  return entry.models.find((modelEntry) => modelEntry.recommended) ?? entry.models[0];
+}
 function getCatalogContextWindow(provider, modelId, fallback) {
   if (!modelId) return fallback;
   const exact = getCatalogModel(provider, modelId);
@@ -10603,16 +10607,16 @@ var QualityEvaluator = class {
    * Find source files in project, adapting to the detected language stack.
    */
   async findSourceFiles() {
-    const { access: access13 } = await import('fs/promises');
-    const { join: join19 } = await import('path');
+    const { access: access14 } = await import('fs/promises');
+    const { join: join20 } = await import('path');
     let isJava = false;
     try {
-      await access13(join19(this.projectPath, "pom.xml"));
+      await access14(join20(this.projectPath, "pom.xml"));
       isJava = true;
     } catch {
       for (const f of ["build.gradle", "build.gradle.kts"]) {
         try {
-          await access13(join19(this.projectPath, f));
+          await access14(join20(this.projectPath, f));
           isJava = true;
           break;
         } catch {
@@ -18747,6 +18751,89 @@ function createResilientProvider(provider, config) {
 
 // src/providers/runtime-capabilities.ts
 init_catalog();
+function hasCapability(model2, capability) {
+  return model2?.capabilities.includes(capability) ?? false;
+}
+function selectEndpoint(provider, model2) {
+  if (hasCapability(model2, "anthropic-messages")) return "anthropic-messages";
+  if (hasCapability(model2, "gemini-generate-content")) return "gemini-generate-content";
+  if (provider === "openai" || provider === "codex") {
+    if (hasCapability(model2, "openai-responses")) return "openai-responses";
+  }
+  return "openai-chat";
+}
+function buildRestrictions(provider, model2, endpoint, supportsReasoning, supportsToolUse) {
+  const restrictions = [];
+  if (provider === "copilot" && endpoint === "openai-chat" && supportsToolUse) {
+    restrictions.push(
+      "Copilot uses an OpenAI-compatible Chat Completions route; Coco omits reasoning_effort on tool calls to avoid upstream 400 errors."
+    );
+  }
+  if (provider !== "openai" && provider !== "codex" && endpoint === "openai-chat" && supportsReasoning) {
+    restrictions.push(
+      "OpenAI-compatible providers only receive reasoning fields when the provider is explicitly verified."
+    );
+  }
+  if (!supportsToolUse) {
+    restrictions.push("Function tools are not advertised for this model.");
+  }
+  if (model2.toLowerCase().includes("deprecated")) {
+    restrictions.push(
+      "Model name suggests deprecation; prefer a catalog current/recommended model."
+    );
+  }
+  return restrictions;
+}
+function getProviderRuntimeCapability(provider, modelId) {
+  const providerCatalog = getProviderCatalogEntry(provider);
+  const model2 = modelId ?? providerCatalog.defaultModel;
+  const catalogModel = getCatalogModel(provider, model2);
+  const thinking = getThinkingCapability(provider, model2);
+  const endpoint = selectEndpoint(provider, catalogModel);
+  const supportsToolUse = hasCapability(catalogModel, "tool-use");
+  const supportsReasoning = thinking.supported;
+  return {
+    provider,
+    model: model2,
+    catalogModel,
+    status: catalogModel?.status ?? "unverified",
+    endpoint,
+    supportsStreaming: hasCapability(catalogModel, "streaming"),
+    supportsToolUse,
+    supportsVision: hasCapability(catalogModel, "vision"),
+    supportsReasoning,
+    reasoningKinds: thinking.kinds,
+    defaultReasoning: thinking.defaultMode,
+    contextWindow: catalogModel?.contextWindow ?? 0,
+    maxOutputTokens: catalogModel?.maxOutputTokens,
+    sourceUrl: catalogModel?.source.url,
+    restrictions: buildRestrictions(provider, model2, endpoint, supportsReasoning, supportsToolUse)
+  };
+}
+async function probeProviderRuntimeCapability(provider, modelId, checkAvailability) {
+  const capability = getProviderRuntimeCapability(provider, modelId);
+  if (!checkAvailability) {
+    return {
+      ...capability,
+      available: "not-checked",
+      checkedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  }
+  try {
+    return {
+      ...capability,
+      available: await checkAvailability(),
+      checkedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  } catch (error) {
+    return {
+      ...capability,
+      available: false,
+      checkedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      error: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
 
 // src/providers/index.ts
 init_copilot();
@@ -19346,151 +19433,1366 @@ z.string().regex(
   /^\d+\.\d+\.\d+$/,
   "Version must be in semver format (e.g., 1.0.0)"
 );
-init_errors();
-init_allowed_paths();
-function levenshtein(a, b) {
-  if (a === b) return 0;
-  if (a.length === 0) return b.length;
-  if (b.length === 0) return a.length;
-  const row = Array.from({ length: b.length + 1 }, (_, i) => i);
-  for (let i = 1; i <= a.length; i++) {
-    let prev = i;
-    for (let j = 1; j <= b.length; j++) {
-      const cost = a[i - 1] === b[j - 1] ? 0 : 1;
-      const val = Math.min(
-        row[j] + 1,
-        // deletion
-        prev + 1,
-        // insertion
-        row[j - 1] + cost
-        // substitution
-      );
-      row[j - 1] = prev;
-      prev = val;
-    }
-    row[b.length] = prev;
-  }
-  return row[b.length];
-}
 
-// src/utils/file-suggestions.ts
-var MAX_DIR_ENTRIES = 200;
-var MAX_SUGGESTIONS = 5;
-var DEFAULT_EXCLUDE_DIRS = /* @__PURE__ */ new Set([
-  "node_modules",
-  ".git",
-  "dist",
-  "build",
-  "coverage",
-  ".next",
-  "vendor",
-  "__pycache__",
-  ".venv",
-  "venv",
-  ".tox",
-  ".pytest_cache",
-  ".mypy_cache",
-  ".ruff_cache",
-  ".idea",
-  ".vscode",
-  ".DS_Store"
-]);
-var DEFAULT_FIND_OPTIONS = {
-  maxDepth: 8,
-  timeoutMs: 3e3,
-  includeHidden: true,
-  excludeDirs: DEFAULT_EXCLUDE_DIRS,
-  maxResults: 5,
-  type: "file"
+// src/cli/repl/agents/manager.ts
+init_logger();
+
+// src/cli/repl/agents/prompts.ts
+var EXPLORE_PROMPT = `You are an exploration agent for Corbat-Coco.
+Your purpose is to search the codebase to answer questions and gather information.
+
+Your capabilities:
+- Search for files using glob patterns
+- Read file contents to understand code structure
+- Search for text patterns across the codebase
+- List directory contents to understand project structure
+
+When exploring:
+1. Start broad, then narrow down based on findings
+2. Look for patterns in naming conventions and file organization
+3. Read relevant files to understand implementations
+4. Summarize your findings clearly and concisely
+
+Focus on gathering accurate information. Do not make changes to files.
+Report what you find with specific file paths and code references.`;
+var PLAN_PROMPT = `You are a planning agent for Corbat-Coco.
+Your purpose is to design implementation approaches and create detailed plans.
+
+Your capabilities:
+- Read existing code to understand architecture
+- Search for related implementations and patterns
+- Analyze dependencies and relationships
+- Review documentation and comments
+
+When planning:
+1. Understand the current state of the codebase
+2. Identify affected areas and dependencies
+3. Break down tasks into concrete steps
+4. Consider edge cases and potential issues
+5. Propose a clear implementation strategy
+
+Output a structured plan with:
+- Overview of the approach
+- Step-by-step implementation tasks
+- Potential risks or considerations
+- Estimated complexity
+
+Do not implement changes - only create the plan.`;
+var TEST_PROMPT = `You are a testing agent for Corbat-Coco.
+Your purpose is to write and run tests to ensure code quality.
+
+Your capabilities:
+- Read source files to understand what needs testing
+- Write test files with comprehensive test cases
+- Run tests and analyze results
+- Check code coverage
+- Identify untested code paths
+
+When testing:
+1. Understand the code being tested
+2. Identify test scenarios (happy path, edge cases, errors)
+3. Write clear, maintainable tests
+4. Run tests and verify they pass
+5. Check coverage and add tests for uncovered areas
+
+Follow these testing principles:
+- One assertion per test when possible
+- Clear test names that describe the scenario
+- Proper setup and teardown
+- Mock external dependencies appropriately
+- Test behavior, not implementation details
+
+Report test results clearly with pass/fail status and coverage metrics.`;
+var DEBUG_PROMPT = `You are a debugging agent for Corbat-Coco.
+Your purpose is to analyze errors, identify root causes, and fix issues.
+
+Your capabilities:
+- Read error messages and stack traces
+- Search for related code and error handlers
+- Execute code to reproduce issues
+- Analyze logs and outputs
+- Make targeted fixes to resolve issues
+
+When debugging:
+1. Understand the error symptoms completely
+2. Reproduce the issue if possible
+3. Trace the error to its source
+4. Identify the root cause (not just symptoms)
+5. Propose and implement a fix
+6. Verify the fix resolves the issue
+
+Focus on:
+- Understanding the actual vs expected behavior
+- Checking input validation and edge cases
+- Looking for off-by-one errors, null references, type mismatches
+- Considering race conditions or async issues
+- Reviewing recent changes that might have introduced the bug
+
+Provide a clear explanation of what caused the issue and how you fixed it.`;
+var REVIEW_PROMPT = `You are a code review agent for Corbat-Coco.
+Your purpose is to review code for quality, maintainability, and best practices.
+
+Your capabilities:
+- Read source files and understand implementations
+- Search for coding patterns and conventions
+- Analyze code complexity and structure
+- Check for security issues and anti-patterns
+
+When reviewing:
+1. Read the code thoroughly
+2. Check for correctness and logic errors
+3. Evaluate code style and consistency
+4. Identify potential bugs or edge cases
+5. Assess maintainability and readability
+6. Look for security vulnerabilities
+
+Review criteria:
+- **Correctness**: Does the code do what it's supposed to?
+- **Clarity**: Is the code easy to understand?
+- **Efficiency**: Are there unnecessary computations or memory usage?
+- **Security**: Are there potential vulnerabilities?
+- **Testing**: Is the code testable? Are there tests?
+- **Documentation**: Are complex parts documented?
+
+Provide specific, actionable feedback with code references.
+Prioritize issues by severity: critical > major > minor > suggestion.`;
+var ARCHITECT_PROMPT = `You are an architecture agent for Corbat-Coco.
+Your purpose is to design system architecture and evaluate architectural decisions.
+
+Your capabilities:
+- Read source files to understand current architecture
+- Search for design patterns and structural boundaries
+- Review module dependencies and coupling
+- Analyze layer separation and interface design
+
+When designing architecture:
+1. Understand the existing architecture and constraints
+2. Identify architectural concerns and trade-offs
+3. Propose designs aligned with corbat-coco patterns:
+   - Tool Registry Pattern: register tools centrally, discover by name
+   - Zod Config Pattern: all config validated with Zod schemas
+   - Provider-Agnostic Pattern: abstract LLM providers behind interfaces
+   - REPL Skill Pattern: skills as self-contained SKILL.md + handler
+   - Phase Context Pattern: pass context through COCO phases immutably
+4. Document decisions as Architecture Decision Records (ADRs)
+
+ADR format:
+- Title: short noun phrase
+- Status: proposed | accepted | deprecated | superseded
+- Context: forces at play
+- Decision: the chosen solution
+- Consequences: trade-offs accepted
+
+Constraints for corbat-coco:
+- TypeScript ESM only \u2014 no CommonJS
+- Node.js 22+ runtime
+- Prefer functional patterns over classes
+- Files must stay under 500 LOC
+- All public APIs need JSDoc
+
+Output a structured architectural analysis or ADR. Do not write implementation code.`;
+var SECURITY_PROMPT = `You are a security audit agent for Corbat-Coco.
+Your purpose is to identify security vulnerabilities and recommend fixes.
+
+Your capabilities:
+- Read source files to analyze security posture
+- Search for dangerous patterns across the codebase
+- Run dependency vulnerability checks
+- Audit configuration for secrets exposure
+
+Security checklist (OWASP Top 10 + corbat-coco specifics):
+
+1. **Secrets exposure**: No API keys/tokens hardcoded or logged
+2. **Command injection**: Shell commands must use array args via execa, never template strings
+3. **Path traversal**: File paths must be validated and confined to safe directories
+4. **Injection (SQL/NoSQL)**: Parameterized queries only, never string concatenation
+5. **Input validation**: All external inputs validated with Zod schemas at boundaries
+6. **LLM output safety**: Treat LLM output as untrusted \u2014 sanitize before eval/exec
+7. **Dependency vulnerabilities**: Check for known CVEs with \`pnpm audit\`
+8. **Insecure deserialization**: Safe JSON parsing with error handling, no eval
+9. **Sensitive data logging**: No PII, tokens, or credentials in log output
+10. **Type safety**: No \`any\` that bypasses security-relevant checks
+
+When auditing:
+1. Search for common dangerous patterns (exec, eval, dangerouslySet, etc.)
+2. Check all environment variable usage for proper validation
+3. Verify tool implementations for path/command safety
+4. Review LLM provider integrations for key exposure
+
+Severity levels:
+- CRITICAL: Exploitable with immediate impact (must block release)
+- HIGH: Likely exploitable under realistic conditions
+- MEDIUM: Exploitable in specific scenarios
+- LOW: Defense-in-depth improvement
+
+Output a structured security report. Do not make code changes \u2014 report findings only.`;
+var TDD_PROMPT = `You are a TDD (Test-Driven Development) agent for Corbat-Coco.
+Your purpose is to enforce test-first methodology with RED-GREEN-REFACTOR discipline.
+
+Your capabilities:
+- Read source files to understand interfaces
+- Write failing tests BEFORE implementation
+- Run tests to confirm RED state
+- Write minimal code to make tests GREEN
+- Refactor while keeping tests passing
+- Check coverage with Vitest
+
+TDD workflow:
+1. **Interface first**: Define types and function signatures (no implementation)
+2. **RED**: Write failing tests that describe the desired behavior
+   - Run \`pnpm test\` \u2014 tests must FAIL at this point
+   - If tests pass without implementation, the test is wrong
+3. **GREEN**: Write the minimum code to make tests pass
+   - Run \`pnpm test\` \u2014 all tests must pass
+4. **REFACTOR**: Clean up code while keeping tests green
+   - Run \`pnpm test\` after each refactor step
+
+Testing stack (corbat-coco):
+- Framework: Vitest
+- Assertions: expect() from vitest
+- Mocking: vi.mock(), vi.fn(), vi.spyOn()
+- Run: \`pnpm test\`
+- Coverage: \`pnpm test -- --coverage\` (target: 80%+)
+
+Test structure:
+\`\`\`typescript
+import { describe, it, expect, vi, beforeEach } from "vitest";
+
+describe("ModuleName", () => {
+  describe("functionName", () => {
+    it("should [expected behavior] when [condition]", async () => {
+      // Arrange
+      // Act
+      // Assert
+    });
+  });
+});
+\`\`\`
+
+Rules:
+- NEVER write implementation before tests
+- One assertion per test when possible
+- Test behavior, not implementation details
+- Mock all external dependencies (LLM providers, filesystem, execa)`;
+var REFACTOR_PROMPT = `You are a refactoring agent for Corbat-Coco.
+Your purpose is to improve code structure, readability, and maintainability without changing behavior.
+
+Your capabilities:
+- Read and analyze existing code for improvement opportunities
+- Edit files to improve structure
+- Run tests to verify behavior is preserved
+- Run linting and type checking
+
+Refactoring techniques (apply in order of safety):
+1. **Extract function**: Break large functions into focused helpers (\u226450 lines each)
+2. **Rename for clarity**: Improve variable/function names to reveal intent
+3. **Remove duplication**: Extract shared logic to reusable functions/modules
+4. **Simplify conditionals**: Replace complex boolean logic with named predicates
+5. **Eliminate magic numbers**: Replace literals with named constants
+6. **Flatten nesting**: Reduce arrow anti-pattern via early returns
+7. **Split large files**: Files over 500 LOC should be split by cohesion
+
+Safety rules:
+- Run \`pnpm test\` BEFORE starting \u2014 all tests must be green
+- Make one refactoring at a time
+- Run \`pnpm test\` after EVERY change \u2014 stop if tests break
+- Run \`pnpm typecheck\` to catch type regressions
+- Never change behavior \u2014 refactoring is structural only
+- If tests don't cover the code being refactored, write tests first
+
+corbat-coco specific patterns to introduce:
+- Use Zod schemas for all config/input types
+- Apply Provider-Agnostic Pattern for LLM calls
+- Apply Tool Registry Pattern for tool management
+- Replace class-heavy code with factory functions where simpler
+
+Output: describe each refactoring applied and run test/typecheck results.`;
+var E2E_PROMPT = `You are an end-to-end testing agent for Corbat-Coco.
+Your purpose is to write and run integration tests that cover complete user workflows.
+
+Your capabilities:
+- Read source files to understand end-to-end flows
+- Write integration tests that exercise full workflows
+- Run tests and analyze failures
+- Check coverage across integration paths
+
+E2E testing principles:
+1. Test complete workflows from entry point to output
+2. Use realistic inputs (not just happy paths)
+3. Test COCO phase transitions: Converge \u2192 Orchestrate \u2192 Complete \u2192 Output
+4. Test CLI commands end-to-end with subprocess spawning
+5. Test error propagation across phase boundaries
+6. Test provider fallback behavior
+7. Test tool execution chains
+
+For corbat-coco, focus on:
+- Full COCO run: specification \u2192 backlog \u2192 task execution \u2192 output generation
+- CLI command integration: \`coco run\`, \`coco repl\`, \`coco init\`
+- LLM provider switching and error recovery
+- Tool registry tool execution chains
+- Quality scoring over multiple iterations
+- Checkpoint save/restore across phase boundaries
+
+Test setup:
+\`\`\`typescript
+// Use mock LLM provider to avoid real API calls in tests
+import { createMockProvider } from "../mocks/provider.js";
+
+// Test full COCO orchestration
+it("should complete a full run from spec to output", async () => {
+  const provider = createMockProvider([
+    { content: "specification output" },
+    { content: "backlog output" },
+  ]);
+  // ...
+});
+\`\`\`
+
+Report coverage of integration paths and any workflow gaps found.`;
+var DOCS_PROMPT = `You are a documentation agent for Corbat-Coco.
+Your purpose is to generate and maintain clear, accurate documentation.
+
+Your capabilities:
+- Read source files to understand what needs documenting
+- Write JSDoc for public APIs
+- Create or update README files
+- Generate architecture documentation
+- Update changelogs
+
+Documentation types:
+1. **JSDoc**: All exported functions, types, and classes
+   \`\`\`typescript
+   /**
+    * Brief description.
+    *
+    * @param paramName - What it is and valid values
+    * @returns What is returned and when
+    * @throws What errors can be thrown and why
+    * @example
+    * \`\`\`typescript
+    * const result = myFunction(input);
+    * \`\`\`
+    */
+   \`\`\`
+2. **README**: Project overview, installation, usage, examples, API reference
+3. **ADR**: Architecture Decision Records (see architect agent format)
+4. **CHANGELOG**: Conventional commit-based changelog entries
+5. **CODING_STANDARDS.md**: Language-specific standards for user projects
+
+corbat-coco documentation conventions:
+- Public APIs must have JSDoc with @param, @returns, @example
+- Complex logic must have inline comments explaining WHY, not WHAT
+- COCO phases must be documented with input/output contracts
+- Tool implementations must document their parameters and return format
+- Provider implementations must document their configuration requirements
+
+Output well-structured documentation. Prefer accuracy over completeness.`;
+var DATABASE_PROMPT = `You are a database engineering agent for Corbat-Coco.
+Your purpose is to design database schemas, write migrations, and optimize queries.
+
+Your capabilities:
+- Read source files to understand data models
+- Write SQL migrations and ORM schema definitions
+- Design schema changes for zero-downtime deployment
+- Review queries for N+1 problems and missing indexes
+
+Migration safety rules:
+1. **Never destructive in one step**: Split DROP/rename into multiple deployments
+2. **Backward compatible first**: New columns must be nullable or have defaults
+3. **Zero-downtime patterns**:
+   - Add column \u2192 deploy app \u2192 backfill \u2192 add constraint \u2192 drop old column
+   - Never rename columns directly \u2014 add new, migrate data, drop old
+4. **Always reversible**: Every migration needs a rollback script
+5. **Test migrations**: Run on a copy of production data before applying
+
+ORM support:
+- **Prisma** (Node.js): \`schema.prisma\` + \`prisma migrate dev\`
+- **TypeORM** (TypeScript): entity classes + \`migration:generate\`
+- **Alembic** (Python): \`alembic revision --autogenerate\`
+- **Flyway** (Java): versioned SQL files in \`db/migration/\`
+- **golang-migrate** (Go): numbered SQL files
+
+Index design:
+- Index all foreign keys
+- Composite indexes: most selective column first
+- Partial indexes for filtered queries
+- Avoid over-indexing (slows writes)
+
+Query patterns:
+- Use pagination (LIMIT/OFFSET or cursor-based)
+- Avoid N+1: use JOIN or batch loading
+- Use query analysis tools (EXPLAIN ANALYZE)
+- Keep transactions short and focused
+
+Output migration files with up/down scripts and a schema change summary.`;
+var AGENT_PROMPTS = {
+  explore: EXPLORE_PROMPT,
+  plan: PLAN_PROMPT,
+  test: TEST_PROMPT,
+  debug: DEBUG_PROMPT,
+  review: REVIEW_PROMPT,
+  architect: ARCHITECT_PROMPT,
+  security: SECURITY_PROMPT,
+  tdd: TDD_PROMPT,
+  refactor: REFACTOR_PROMPT,
+  e2e: E2E_PROMPT,
+  docs: DOCS_PROMPT,
+  database: DATABASE_PROMPT
 };
-async function findFileRecursive(rootDir, target, options = {}) {
-  const opts = { ...DEFAULT_FIND_OPTIONS, ...options };
-  const targetLower = target.toLowerCase();
-  const results = [];
-  const startTime = Date.now();
-  const isTimedOut = () => Date.now() - startTime > opts.timeoutMs;
-  const queue = [[path17__default.resolve(rootDir), 0]];
-  const visited = /* @__PURE__ */ new Set();
-  while (queue.length > 0 && results.length < opts.maxResults) {
-    if (isTimedOut()) break;
-    const [currentDir, depth] = queue.shift();
-    if (visited.has(currentDir)) continue;
-    visited.add(currentDir);
-    if (depth > opts.maxDepth) continue;
+var AGENT_TOOLS = {
+  explore: [
+    "glob",
+    "read_file",
+    "list_dir",
+    "bash_exec",
+    "git_status",
+    "git_diff",
+    "git_log",
+    "git_branch"
+  ],
+  plan: ["glob", "read_file", "list_dir", "git_status", "git_diff", "git_log", "git_branch"],
+  test: [
+    "glob",
+    "read_file",
+    "write_file",
+    "edit_file",
+    "run_tests",
+    "bash_exec",
+    "git_status",
+    "git_diff"
+  ],
+  debug: [
+    "glob",
+    "read_file",
+    "write_file",
+    "edit_file",
+    "bash_exec",
+    "run_tests",
+    "git_status",
+    "git_diff",
+    "git_log"
+  ],
+  review: ["glob", "read_file", "list_dir", "git_status", "git_diff", "git_log", "git_branch"],
+  architect: ["glob", "read_file", "list_dir", "git_log", "git_branch"],
+  security: ["glob", "read_file", "list_dir", "bash_exec", "git_diff", "git_log"],
+  tdd: [
+    "glob",
+    "read_file",
+    "write_file",
+    "edit_file",
+    "run_tests",
+    "bash_exec",
+    "git_status",
+    "git_diff"
+  ],
+  refactor: [
+    "glob",
+    "read_file",
+    "write_file",
+    "edit_file",
+    "run_tests",
+    "bash_exec",
+    "git_status",
+    "git_diff"
+  ],
+  e2e: [
+    "glob",
+    "read_file",
+    "write_file",
+    "edit_file",
+    "run_tests",
+    "bash_exec",
+    "git_status",
+    "git_diff"
+  ],
+  docs: ["glob", "read_file", "write_file", "edit_file", "list_dir", "git_log"],
+  database: [
+    "glob",
+    "read_file",
+    "write_file",
+    "edit_file",
+    "bash_exec",
+    "git_status",
+    "sql_query",
+    "inspect_schema"
+  ]
+};
+var AGENT_MAX_TURNS = {
+  explore: 10,
+  plan: 8,
+  test: 15,
+  debug: 12,
+  review: 6,
+  architect: 12,
+  security: 10,
+  tdd: 20,
+  refactor: 15,
+  e2e: 15,
+  docs: 12,
+  database: 12
+};
+function getAgentConfig(type) {
+  return {
+    type,
+    systemPrompt: AGENT_PROMPTS[type],
+    tools: AGENT_TOOLS[type],
+    maxTurns: AGENT_MAX_TURNS[type]
+  };
+}
+var AGENT_NAMES = {
+  explore: "Explorer",
+  plan: "Planner",
+  test: "Tester",
+  debug: "Debugger",
+  review: "Reviewer",
+  architect: "Architect",
+  security: "Security Auditor",
+  tdd: "TDD Guide",
+  refactor: "Refactorer",
+  e2e: "E2E Tester",
+  docs: "Docs Writer",
+  database: "Database Engineer"
+};
+var AGENT_DESCRIPTIONS = {
+  explore: "Search the codebase to answer questions and gather information",
+  plan: "Design implementation approaches and create detailed plans",
+  test: "Write and run tests to ensure code quality",
+  debug: "Analyze errors and fix issues",
+  review: "Review code for quality and best practices",
+  architect: "Design system architecture and create architectural decision records",
+  security: "Audit code for security vulnerabilities using OWASP Top 10",
+  tdd: "Drive development with test-first methodology and RED-GREEN-REFACTOR cycle",
+  refactor: "Improve code structure and quality without changing behavior",
+  e2e: "Write and run end-to-end tests covering full user workflows",
+  docs: "Generate and maintain documentation for code, APIs, and architecture",
+  database: "Design database schemas, write migrations, and optimize queries"
+};
+
+// src/cli/repl/agents/manager.ts
+var MAX_CONCURRENT_AGENTS = 3;
+var DEFAULT_TIMEOUT_MS = 5 * 60 * 1e3;
+var AgentManager = class extends EventEmitter {
+  activeAgents = /* @__PURE__ */ new Map();
+  completedAgents = /* @__PURE__ */ new Map();
+  abortControllers = /* @__PURE__ */ new Map();
+  provider;
+  toolRegistry;
+  logger = getLogger();
+  /**
+   * Create a new AgentManager
+   * @param provider - LLM provider for agent execution
+   * @param toolRegistry - Tool registry for agent tool access
+   */
+  constructor(provider, toolRegistry) {
+    super();
+    this.provider = provider;
+    this.toolRegistry = toolRegistry;
+  }
+  /**
+   * Spawn a new subagent for a specific task
+   *
+   * @description Creates and executes a specialized subagent for the given task.
+   * The agent will run autonomously, making LLM calls and executing tools until
+   * it completes the task or reaches the maximum turn limit.
+   *
+   * @param type - Type of agent to spawn (explore, plan, test, debug, review, architect, security, tdd, refactor, e2e, docs, database)
+   * @param task - Task description for the agent to execute
+   * @param options - Optional spawn configuration including callbacks, abort signal, and timeout
+   * @returns Promise resolving to the agent result with output and usage stats
+   *
+   * @example
+   * ```typescript
+   * const result = await manager.spawn('test', 'Write tests for UserService', {
+   *   onStatusChange: (agent) => console.log(`Status: ${agent.status}`),
+   *   onOutput: (agent, text) => console.log(text),
+   *   timeout: 60000, // 1 minute timeout
+   * });
+   * ```
+   */
+  async spawn(type, task, options = {}) {
+    if (this.activeAgents.size >= MAX_CONCURRENT_AGENTS) {
+      const error = `Cannot spawn agent: maximum concurrent agents (${MAX_CONCURRENT_AGENTS}) reached`;
+      this.logger.warn(error);
+      const failedAgent = this.createAgent(type, task);
+      failedAgent.status = "failed";
+      failedAgent.error = error;
+      failedAgent.completedAt = /* @__PURE__ */ new Date();
+      return {
+        agent: failedAgent,
+        success: false,
+        output: error
+      };
+    }
+    const agent = this.createAgent(type, task);
+    this.activeAgents.set(agent.id, agent);
+    options.onStatusChange?.(agent);
+    const internalAbortController = new AbortController();
+    this.abortControllers.set(agent.id, internalAbortController);
+    if (options.signal) {
+      if (options.signal.aborted) {
+        internalAbortController.abort();
+      } else {
+        options.signal.addEventListener("abort", () => {
+          internalAbortController.abort();
+        });
+      }
+    }
+    const timeout = options.timeout ?? DEFAULT_TIMEOUT_MS;
+    const timeoutId = setTimeout(() => {
+      if (this.activeAgents.has(agent.id)) {
+        this.logger.warn(`Agent ${agent.id} timed out after ${timeout}ms`);
+        internalAbortController.abort();
+        agent.error = `Agent timed out after ${timeout}ms`;
+        this.emitEvent("timeout", agent);
+      }
+    }, timeout);
+    this.logger.info(`Spawned ${type} agent: ${agent.id}`, { task, timeout });
+    this.emitEvent("spawn", agent);
     try {
-      const entries = await fs16__default.readdir(currentDir, { withFileTypes: true });
-      for (const entry of entries) {
-        if (isTimedOut()) break;
-        const entryName = entry.name;
-        const entryPath = path17__default.join(currentDir, entryName);
-        if (!opts.includeHidden && entryName.startsWith(".")) continue;
-        if (entry.isDirectory() && opts.excludeDirs.has(entryName)) continue;
-        const isMatch = opts.type === "file" && entry.isFile() || opts.type === "directory" && entry.isDirectory() || opts.type === "both";
-        if (isMatch) {
-          const entryNameLower = entryName.toLowerCase();
-          let distance;
-          if (entryNameLower === targetLower) {
-            distance = 0;
-          } else {
-            distance = levenshtein(targetLower, entryNameLower);
-          }
-          const maxDistance = Math.max(target.length * 0.6, 3);
-          if (distance <= maxDistance) {
-            results.push({ path: entryPath, distance });
-          }
-        }
-        if (entry.isDirectory() && !opts.excludeDirs.has(entryName)) {
-          queue.push([entryPath, depth + 1]);
-        }
+      const result = await this.executeAgent(agent, {
+        ...options,
+        signal: internalAbortController.signal
+      });
+      clearTimeout(timeoutId);
+      if (result.success) {
+        this.emitEvent("complete", agent, result);
+      } else if (agent.error?.includes("Aborted")) {
+        this.emitEvent("cancel", agent, result);
+      } else {
+        this.emitEvent("fail", agent, result);
       }
-    } catch {
-      continue;
+      return result;
+    } catch (error) {
+      clearTimeout(timeoutId);
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      agent.status = "failed";
+      agent.error = errorMessage;
+      agent.completedAt = /* @__PURE__ */ new Date();
+      this.moveToCompleted(agent.id);
+      this.abortControllers.delete(agent.id);
+      options.onStatusChange?.(agent);
+      this.logger.error(`Agent ${agent.id} failed unexpectedly`, { error: errorMessage });
+      this.emitEvent("fail", agent);
+      return {
+        agent,
+        success: false,
+        output: errorMessage
+      };
     }
   }
-  return results.sort((a, b) => a.distance - b.distance).slice(0, opts.maxResults);
-}
-async function suggestSimilarFilesDeep(missingPath, rootDir = process.cwd(), options) {
-  const fastResults = await suggestSimilarFiles(missingPath, {
-    maxResults: MAX_SUGGESTIONS
-  });
-  if (fastResults.length > 0) {
-    return fastResults;
-  }
-  const absPath = path17__default.resolve(missingPath);
-  const target = path17__default.basename(absPath);
-  return findFileRecursive(rootDir, target, options);
-}
-async function suggestSimilarDirsDeep(missingPath, rootDir = process.cwd(), options) {
-  const absPath = path17__default.resolve(missingPath);
-  const target = path17__default.basename(absPath);
-  const parentDir = path17__default.dirname(absPath);
-  try {
-    const entries = await fs16__default.readdir(parentDir, { withFileTypes: true });
-    const dirs = entries.filter((e) => e.isDirectory());
-    const scored = dirs.map((d) => ({
-      path: path17__default.join(parentDir, d.name),
-      distance: levenshtein(target.toLowerCase(), d.name.toLowerCase())
-    })).filter((s) => s.distance <= Math.max(target.length * 0.6, 3)).sort((a, b) => a.distance - b.distance).slice(0, options?.maxResults ?? MAX_SUGGESTIONS);
-    if (scored.length > 0) {
-      return scored;
+  /**
+   * Cancel a running agent
+   *
+   * @description Cancels an active agent by triggering its abort signal.
+   * The agent will stop at the next safe point (beginning of next iteration).
+   *
+   * @param agentId - ID of the agent to cancel
+   * @returns True if the agent was cancelled, false if not found or already completed
+   */
+  cancel(agentId) {
+    const controller = this.abortControllers.get(agentId);
+    if (!controller) {
+      this.logger.warn(`Cannot cancel agent ${agentId}: not found or already completed`);
+      return false;
     }
-  } catch {
+    this.logger.info(`Cancelling agent ${agentId}`);
+    controller.abort();
+    return true;
   }
-  return findFileRecursive(rootDir, target, { ...options, type: "directory" });
-}
-async function suggestSimilarFiles(missingPath, options) {
-  const absPath = path17__default.resolve(missingPath);
-  const dir = path17__default.dirname(absPath);
-  const target = path17__default.basename(absPath);
-  const maxResults = options?.maxResults;
-  try {
-    const entries = await fs16__default.readdir(dir);
-    const limited = entries.slice(0, MAX_DIR_ENTRIES);
-    const scored = limited.map((name) => ({
-      path: path17__default.join(dir, name),
-      distance: levenshtein(target.toLowerCase(), name.toLowerCase())
-    })).filter((s) => s.distance <= Math.max(target.length * 0.6, 3)).sort((a, b) => a.distance - b.distance);
-    return scored.slice(0, maxResults);
+  /**
+   * Get the status of a specific agent
+   *
+   * @description Returns the current status of an agent.
+   *
+   * @param agentId - ID of the agent
+   * @returns The agent's status or undefined if not found
+   */
+  getStatus(agentId) {
+    return this.getAgent(agentId)?.status;
+  }
+  /**
+   * Get the current status of an agent
+   *
+   * @description Retrieves an agent by ID from either active or completed agents.
+   *
+   * @param agentId - Unique agent identifier (UUID)
+   * @returns The agent if found, undefined otherwise
+   */
+  getAgent(agentId) {
+    return this.activeAgents.get(agentId) ?? this.completedAgents.get(agentId);
+  }
+  /**
+   * Get all active agents
+   * @returns Array of currently running agents
+   */
+  getActiveAgents() {
+    return Array.from(this.activeAgents.values());
+  }
+  /**
+   * Get all completed agents
+   * @returns Array of completed agents (succeeded or failed)
+   */
+  getCompletedAgents() {
+    return Array.from(this.completedAgents.values());
+  }
+  /**
+   * Get the number of active agents
+   * @returns Count of running agents
+   */
+  getActiveCount() {
+    return this.activeAgents.size;
+  }
+  /**
+   * Check if more agents can be spawned
+   * @returns True if under the concurrent limit
+   */
+  canSpawn() {
+    return this.activeAgents.size < MAX_CONCURRENT_AGENTS;
+  }
+  /**
+   * Clear completed agents from history
+   */
+  clearCompleted() {
+    this.completedAgents.clear();
+    this.logger.debug("Cleared completed agents history");
+  }
+  /**
+   * Get available agent types with their descriptions
+   *
+   * @description Returns all supported agent types with their names, descriptions,
+   * and configurations. Useful for building UI or help text.
+   *
+   * @returns Array of agent registry entries with type, name, description, and config
+   */
+  getAvailableAgentTypes() {
+    return Object.keys(AGENT_NAMES).map((type) => ({
+      type,
+      name: AGENT_NAMES[type],
+      description: AGENT_DESCRIPTIONS[type],
+      config: getAgentConfig(type)
+    }));
+  }
+  /**
+   * Create a new agent instance
+   */
+  createAgent(type, task) {
+    return {
+      id: randomUUID(),
+      type,
+      status: "idle",
+      task,
+      createdAt: /* @__PURE__ */ new Date()
+    };
+  }
+  /**
+   * Execute an agent's task
+   */
+  async executeAgent(agent, options) {
+    const config = getAgentConfig(agent.type);
+    agent.status = "running";
+    options.onStatusChange?.(agent);
+    const tools = this.getToolsForAgent(config);
+    const messages = [{ role: "user", content: agent.task }];
+    let totalInputTokens = 0;
+    let totalOutputTokens = 0;
+    let finalOutput = "";
+    let iteration = 0;
+    const maxTurns = config.maxTurns ?? 10;
+    while (iteration < maxTurns) {
+      iteration++;
+      if (options.signal?.aborted) {
+        agent.status = "failed";
+        agent.error = "Aborted by user";
+        agent.completedAt = /* @__PURE__ */ new Date();
+        this.moveToCompleted(agent.id);
+        options.onStatusChange?.(agent);
+        return {
+          agent,
+          success: false,
+          output: "Agent execution was aborted",
+          usage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens }
+        };
+      }
+      const response = await this.provider.chatWithTools(messages, {
+        system: config.systemPrompt,
+        tools,
+        maxTokens: 4096
+      });
+      totalInputTokens += response.usage.inputTokens;
+      totalOutputTokens += response.usage.outputTokens;
+      if (response.content) {
+        finalOutput += response.content;
+        options.onOutput?.(agent, response.content);
+      }
+      if (!response.toolCalls || response.toolCalls.length === 0) {
+        messages.push({ role: "assistant", content: response.content });
+        break;
+      }
+      const toolResults = await this.executeToolCalls(response.toolCalls, config);
+      const toolUses = response.toolCalls.map((tc) => ({
+        type: "tool_use",
+        id: tc.id,
+        name: tc.name,
+        input: tc.input,
+        geminiThoughtSignature: tc.geminiThoughtSignature
+      }));
+      const assistantContent = response.content ? [{ type: "text", text: response.content }, ...toolUses] : toolUses;
+      messages.push({ role: "assistant", content: assistantContent });
+      messages.push({ role: "user", content: toolResults });
+      this.logger.debug(`Agent ${agent.id} completed iteration ${iteration}`, {
+        toolCalls: response.toolCalls.length
+      });
+    }
+    agent.status = "completed";
+    agent.result = finalOutput;
+    agent.completedAt = /* @__PURE__ */ new Date();
+    this.moveToCompleted(agent.id);
+    options.onStatusChange?.(agent);
+    this.logger.info(`Agent ${agent.id} completed`, {
+      iterations: iteration,
+      outputLength: finalOutput.length
+    });
+    return {
+      agent,
+      success: true,
+      output: finalOutput,
+      usage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens }
+    };
+  }
+  /**
+   * Get tool definitions filtered for the agent's allowed tools
+   */
+  getToolsForAgent(config) {
+    const allTools = this.toolRegistry.getToolDefinitionsForLLM();
+    const allowedSet = new Set(config.tools);
+    return allTools.filter((tool) => allowedSet.has(tool.name));
+  }
+  /**
+   * Execute tool calls and return results
+   */
+  async executeToolCalls(toolCalls, config) {
+    const results = [];
+    const allowedTools = new Set(config.tools);
+    for (const toolCall of toolCalls) {
+      if (!allowedTools.has(toolCall.name)) {
+        results.push({
+          type: "tool_result",
+          tool_use_id: toolCall.id,
+          content: `Tool '${toolCall.name}' is not available to this agent type`,
+          is_error: true
+        });
+        continue;
+      }
+      try {
+        const result = await this.toolRegistry.execute(toolCall.name, toolCall.input);
+        results.push({
+          type: "tool_result",
+          tool_use_id: toolCall.id,
+          content: result.success ? String(result.data ?? "Success") : `Error: ${result.error}`,
+          is_error: !result.success
+        });
+      } catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        results.push({
+          type: "tool_result",
+          tool_use_id: toolCall.id,
+          content: `Tool execution failed: ${errorMessage}`,
+          is_error: true
+        });
+      }
+    }
+    return results;
+  }
+  /**
+   * Move an agent from active to completed
+   */
+  moveToCompleted(agentId) {
+    const agent = this.activeAgents.get(agentId);
+    if (agent) {
+      this.activeAgents.delete(agentId);
+      this.completedAgents.set(agentId, agent);
+      this.abortControllers.delete(agentId);
+    }
+  }
+  /**
+   * Emit an agent event
+   */
+  emitEvent(type, agent, result) {
+    const event = { type, agent, result };
+    this.emit(type, event);
+    this.emit("agent", event);
+  }
+};
+
+// src/agents/provider-bridge.ts
+var agentProvider = null;
+var agentToolRegistry = null;
+var agentManagerInstance = null;
+function setAgentProvider(provider) {
+  agentProvider = provider;
+  agentManagerInstance = null;
+}
+function getAgentProvider() {
+  return agentProvider;
+}
+function setAgentToolRegistry(registry) {
+  agentToolRegistry = registry;
+  agentManagerInstance = null;
+}
+function getAgentToolRegistry() {
+  return agentToolRegistry;
+}
+function getAgentManager() {
+  if (!agentProvider || !agentToolRegistry) {
+    return null;
+  }
+  if (!agentManagerInstance) {
+    agentManagerInstance = new AgentManager(agentProvider, agentToolRegistry);
+  }
+  return agentManagerInstance;
+}
+
+// src/cli/repl/modes.ts
+var AGENT_MODES = {
+  ask: {
+    id: "ask",
+    label: "Ask",
+    description: "Answer questions and explain code without modifying files.",
+    readOnly: true,
+    preferredTools: ["read_file", "grep", "glob", "codebase_map", "lsp_definition"],
+    requiresVerification: false
+  },
+  plan: {
+    id: "plan",
+    label: "Plan",
+    description: "Explore and produce an implementation plan with read-only tools.",
+    readOnly: true,
+    preferredTools: ["read_file", "grep", "glob", "codebase_map", "lsp_workspace_symbols"],
+    requiresVerification: false
+  },
+  build: {
+    id: "build",
+    label: "Build",
+    description: "Implement code changes and verify them.",
+    readOnly: false,
+    preferredTools: ["read_file", "edit_file", "write_file", "bash_exec", "run_tests"],
+    requiresVerification: true
+  },
+  debug: {
+    id: "debug",
+    label: "Debug",
+    description: "Reproduce failures, trace root cause, patch, and verify.",
+    readOnly: false,
+    preferredTools: ["bash_exec", "read_file", "grep", "lsp_references", "edit_file"],
+    requiresVerification: true
+  },
+  review: {
+    id: "review",
+    label: "Review",
+    description: "Inspect code quality, security, behavior changes, and test gaps.",
+    readOnly: true,
+    preferredTools: ["git_diff", "read_file", "grep", "review_code", "calculate_quality"],
+    requiresVerification: false
+  },
+  architect: {
+    id: "architect",
+    label: "Architect",
+    description: "Design architecture and split work for architect/editor execution.",
+    readOnly: true,
+    preferredTools: ["codebase_map", "lsp_workspace_symbols", "grep", "create_agent_plan"],
+    requiresVerification: false
+  }
+};
+function getAgentMode(mode) {
+  return AGENT_MODES[mode];
+}
+function listAgentModes() {
+  return Object.values(AGENT_MODES);
+}
+
+// src/cli/repl/sessions/storage.ts
+init_paths();
+var DEFAULT_CONFIG2 = {
+  storageDir: CONFIG_PATHS.sessions,
+  autoSaveInterval: 3e4,
+  maxSessionsPerProject: 20,
+  compressOldSessions: false
+};
+var SessionStore = class {
+  config;
+  initialized = false;
+  constructor(config = {}) {
+    this.config = { ...DEFAULT_CONFIG2, ...config };
+  }
+  async ensureInitialized() {
+    if (this.initialized) return;
+    await mkdir(this.config.storageDir, { recursive: true });
+    this.initialized = true;
+  }
+  getSessionFiles(sessionId) {
+    const sessionDir = this.getSessionDir(sessionId);
+    return {
+      metadata: join(sessionDir, "metadata.json"),
+      conversation: join(sessionDir, "conversation.jsonl"),
+      context: join(sessionDir, "context.json")
+    };
+  }
+  getSessionDir(sessionId) {
+    return join(this.config.storageDir, sessionId);
+  }
+  async exists(sessionId) {
+    try {
+      const files = this.getSessionFiles(sessionId);
+      await access(files.metadata);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async save(session) {
+    await this.ensureInitialized();
+    const files = this.getSessionFiles(session.id);
+    const sessionDir = this.getSessionDir(session.id);
+    await mkdir(sessionDir, { recursive: true });
+    const metadata = {
+      id: session.id,
+      projectPath: session.projectPath,
+      startedAt: session.startedAt,
+      lastSavedAt: /* @__PURE__ */ new Date(),
+      config: session.config,
+      messageCount: session.messages.length,
+      totalTokens: this.calculateTokens(session),
+      title: this.generateTitle(session),
+      status: "active"
+    };
+    await writeFile(files.metadata, JSON.stringify(metadata, null, 2), "utf-8");
+    const conversationLines = session.messages.map((msg) => {
+      const serialized = {
+        role: msg.role,
+        content: msg.content,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      return JSON.stringify(serialized);
+    });
+    await writeFile(files.conversation, conversationLines.join("\n"), "utf-8");
+    const context = {
+      tokenUsage: this.calculateTokens(session)
+    };
+    await writeFile(files.context, JSON.stringify(context, null, 2), "utf-8");
+  }
+  async load(sessionId) {
+    await this.ensureInitialized();
+    const files = this.getSessionFiles(sessionId);
+    try {
+      const metadataContent = await readFile(files.metadata, "utf-8");
+      const metadata = JSON.parse(metadataContent);
+      const conversationContent = await readFile(files.conversation, "utf-8");
+      const messages = conversationContent.split("\n").filter((line) => line.trim()).map((line) => {
+        const parsed = JSON.parse(line);
+        return {
+          role: parsed.role,
+          content: parsed.content
+        };
+      });
+      const session = {
+        id: metadata.id,
+        startedAt: new Date(metadata.startedAt),
+        messages,
+        projectPath: metadata.projectPath,
+        config: metadata.config,
+        trustedTools: /* @__PURE__ */ new Set()
+      };
+      return session;
+    } catch {
+      return null;
+    }
+  }
+  async listSessions(projectPath) {
+    await this.ensureInitialized();
+    const sessions = [];
+    try {
+      const entries = await readdir(this.config.storageDir, {
+        withFileTypes: true
+      });
+      for (const entry of entries) {
+        if (!entry.isDirectory()) continue;
+        const metadataPath = join(this.config.storageDir, entry.name, "metadata.json");
+        try {
+          const content = await readFile(metadataPath, "utf-8");
+          const metadata = JSON.parse(content);
+          metadata.startedAt = new Date(metadata.startedAt);
+          metadata.lastSavedAt = new Date(metadata.lastSavedAt);
+          if (!projectPath || metadata.projectPath === projectPath) {
+            sessions.push(metadata);
+          }
+        } catch {
+          continue;
+        }
+      }
+    } catch {
+      return [];
+    }
+    sessions.sort((a, b) => new Date(b.lastSavedAt).getTime() - new Date(a.lastSavedAt).getTime());
+    return sessions;
+  }
+  async delete(sessionId) {
+    await this.ensureInitialized();
+    const sessionDir = this.getSessionDir(sessionId);
+    try {
+      await rm(sessionDir, { recursive: true, force: true });
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async getMostRecent(projectPath) {
+    const sessions = await this.listSessions(projectPath);
+    return sessions[0] ?? null;
+  }
+  /**
+   * Append messages to an existing session's conversation file
+   * Creates the file if it doesn't exist
+   * @param sessionId - The session ID
+   * @param messages - Messages to append
+   */
+  async appendMessages(sessionId, messages) {
+    await this.ensureInitialized();
+    const files = this.getSessionFiles(sessionId);
+    const sessionDir = this.getSessionDir(sessionId);
+    await mkdir(sessionDir, { recursive: true });
+    const newLines = messages.map((msg) => {
+      const serialized = {
+        role: msg.role,
+        content: msg.content,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      return JSON.stringify(serialized);
+    });
+    let existingContent = "";
+    try {
+      existingContent = await readFile(files.conversation, "utf-8");
+      if (existingContent && !existingContent.endsWith("\n")) {
+        existingContent += "\n";
+      }
+    } catch {
+    }
+    await writeFile(files.conversation, existingContent + newLines.join("\n"), "utf-8");
+  }
+  /**
+   * Prune old sessions to keep storage manageable
+   * Keeps the most recent maxSessionsPerProject sessions per project
+   * @param projectPath - Optional project path to prune (prunes all if not specified)
+   * @returns Number of sessions deleted
+   */
+  async pruneOldSessions(projectPath) {
+    await this.ensureInitialized();
+    const allSessions = await this.listSessions();
+    const sessionsByProject = /* @__PURE__ */ new Map();
+    for (const session of allSessions) {
+      if (projectPath && session.projectPath !== projectPath) {
+        continue;
+      }
+      const existing = sessionsByProject.get(session.projectPath) ?? [];
+      existing.push(session);
+      sessionsByProject.set(session.projectPath, existing);
+    }
+    let deletedCount = 0;
+    for (const [, sessions] of sessionsByProject) {
+      const sessionsToDelete = sessions.slice(this.config.maxSessionsPerProject);
+      for (const session of sessionsToDelete) {
+        const deleted = await this.delete(session.id);
+        if (deleted) {
+          deletedCount++;
+        }
+      }
+    }
+    return deletedCount;
+  }
+  calculateTokens(session) {
+    if (session.contextManager) {
+      const stats = session.contextManager.getUsageStats();
+      return {
+        input: stats.used,
+        output: 0
+      };
+    }
+    let input = 0;
+    let output = 0;
+    for (const msg of session.messages) {
+      const content = typeof msg.content === "string" ? msg.content : JSON.stringify(msg.content);
+      const tokens = Math.ceil(content.length / 4);
+      if (msg.role === "user") {
+        input += tokens;
+      } else {
+        output += tokens;
+      }
+    }
+    return { input, output };
+  }
+  generateTitle(session) {
+    for (const msg of session.messages) {
+      if (msg.role === "user" && typeof msg.content === "string") {
+        const content = msg.content.trim();
+        if (content.length > 10) {
+          const firstLine = content.split("\n")[0] ?? content;
+          return firstLine.length > 50 ? firstLine.slice(0, 47) + "..." : firstLine;
+        }
+      }
+    }
+    return "Untitled session";
+  }
+};
+function createSessionStore(config) {
+  return new SessionStore(config);
+}
+
+// src/runtime/agent-runtime.ts
+init_env();
+init_errors();
+init_allowed_paths();
+function levenshtein(a, b) {
+  if (a === b) return 0;
+  if (a.length === 0) return b.length;
+  if (b.length === 0) return a.length;
+  const row = Array.from({ length: b.length + 1 }, (_, i) => i);
+  for (let i = 1; i <= a.length; i++) {
+    let prev = i;
+    for (let j = 1; j <= b.length; j++) {
+      const cost = a[i - 1] === b[j - 1] ? 0 : 1;
+      const val = Math.min(
+        row[j] + 1,
+        // deletion
+        prev + 1,
+        // insertion
+        row[j - 1] + cost
+        // substitution
+      );
+      row[j - 1] = prev;
+      prev = val;
+    }
+    row[b.length] = prev;
+  }
+  return row[b.length];
+}
+
+// src/utils/file-suggestions.ts
+var MAX_DIR_ENTRIES = 200;
+var MAX_SUGGESTIONS = 5;
+var DEFAULT_EXCLUDE_DIRS = /* @__PURE__ */ new Set([
+  "node_modules",
+  ".git",
+  "dist",
+  "build",
+  "coverage",
+  ".next",
+  "vendor",
+  "__pycache__",
+  ".venv",
+  "venv",
+  ".tox",
+  ".pytest_cache",
+  ".mypy_cache",
+  ".ruff_cache",
+  ".idea",
+  ".vscode",
+  ".DS_Store"
+]);
+var DEFAULT_FIND_OPTIONS = {
+  maxDepth: 8,
+  timeoutMs: 3e3,
+  includeHidden: true,
+  excludeDirs: DEFAULT_EXCLUDE_DIRS,
+  maxResults: 5,
+  type: "file"
+};
+async function findFileRecursive(rootDir, target, options = {}) {
+  const opts = { ...DEFAULT_FIND_OPTIONS, ...options };
+  const targetLower = target.toLowerCase();
+  const results = [];
+  const startTime = Date.now();
+  const isTimedOut = () => Date.now() - startTime > opts.timeoutMs;
+  const queue = [[path17__default.resolve(rootDir), 0]];
+  const visited = /* @__PURE__ */ new Set();
+  while (queue.length > 0 && results.length < opts.maxResults) {
+    if (isTimedOut()) break;
+    const [currentDir, depth] = queue.shift();
+    if (visited.has(currentDir)) continue;
+    visited.add(currentDir);
+    if (depth > opts.maxDepth) continue;
+    try {
+      const entries = await fs16__default.readdir(currentDir, { withFileTypes: true });
+      for (const entry of entries) {
+        if (isTimedOut()) break;
+        const entryName = entry.name;
+        const entryPath = path17__default.join(currentDir, entryName);
+        if (!opts.includeHidden && entryName.startsWith(".")) continue;
+        if (entry.isDirectory() && opts.excludeDirs.has(entryName)) continue;
+        const isMatch = opts.type === "file" && entry.isFile() || opts.type === "directory" && entry.isDirectory() || opts.type === "both";
+        if (isMatch) {
+          const entryNameLower = entryName.toLowerCase();
+          let distance;
+          if (entryNameLower === targetLower) {
+            distance = 0;
+          } else {
+            distance = levenshtein(targetLower, entryNameLower);
+          }
+          const maxDistance = Math.max(target.length * 0.6, 3);
+          if (distance <= maxDistance) {
+            results.push({ path: entryPath, distance });
+          }
+        }
+        if (entry.isDirectory() && !opts.excludeDirs.has(entryName)) {
+          queue.push([entryPath, depth + 1]);
+        }
+      }
+    } catch {
+      continue;
+    }
+  }
+  return results.sort((a, b) => a.distance - b.distance).slice(0, opts.maxResults);
+}
+async function suggestSimilarFilesDeep(missingPath, rootDir = process.cwd(), options) {
+  const fastResults = await suggestSimilarFiles(missingPath, {
+    maxResults: MAX_SUGGESTIONS
+  });
+  if (fastResults.length > 0) {
+    return fastResults;
+  }
+  const absPath = path17__default.resolve(missingPath);
+  const target = path17__default.basename(absPath);
+  return findFileRecursive(rootDir, target, options);
+}
+async function suggestSimilarDirsDeep(missingPath, rootDir = process.cwd(), options) {
+  const absPath = path17__default.resolve(missingPath);
+  const target = path17__default.basename(absPath);
+  const parentDir = path17__default.dirname(absPath);
+  try {
+    const entries = await fs16__default.readdir(parentDir, { withFileTypes: true });
+    const dirs = entries.filter((e) => e.isDirectory());
+    const scored = dirs.map((d) => ({
+      path: path17__default.join(parentDir, d.name),
+      distance: levenshtein(target.toLowerCase(), d.name.toLowerCase())
+    })).filter((s) => s.distance <= Math.max(target.length * 0.6, 3)).sort((a, b) => a.distance - b.distance).slice(0, options?.maxResults ?? MAX_SUGGESTIONS);
+    if (scored.length > 0) {
+      return scored;
+    }
+  } catch {
+  }
+  return findFileRecursive(rootDir, target, { ...options, type: "directory" });
+}
+async function suggestSimilarFiles(missingPath, options) {
+  const absPath = path17__default.resolve(missingPath);
+  const dir = path17__default.dirname(absPath);
+  const target = path17__default.basename(absPath);
+  const maxResults = options?.maxResults;
+  try {
+    const entries = await fs16__default.readdir(dir);
+    const limited = entries.slice(0, MAX_DIR_ENTRIES);
+    const scored = limited.map((name) => ({
+      path: path17__default.join(dir, name),
+      distance: levenshtein(target.toLowerCase(), name.toLowerCase())
+    })).filter((s) => s.distance <= Math.max(target.length * 0.6, 3)).sort((a, b) => a.distance - b.distance);
+    return scored.slice(0, maxResults);
   } catch {
     return [];
   }
@@ -20290,7 +21592,7 @@ function escapeRegex(str) {
   return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
 }
 init_errors();
-var DEFAULT_TIMEOUT_MS = 12e4;
+var DEFAULT_TIMEOUT_MS2 = 12e4;
 var MAX_OUTPUT_SIZE = 1024 * 1024;
 var DANGEROUS_PATTERNS_FULL = [
   { pattern: /\brm\s+-rf\s+\/(?!\w)/, rule: "rm -rf on root filesystem" },
@@ -20412,7 +21714,7 @@ Examples:
       }
     }
     const startTime = performance.now();
-    const timeoutMs = timeout ?? DEFAULT_TIMEOUT_MS;
+    const timeoutMs = timeout ?? DEFAULT_TIMEOUT_MS2;
     const { CommandHeartbeat: CommandHeartbeat2 } = await Promise.resolve().then(() => (init_heartbeat(), heartbeat_exports));
     const heartbeat = new CommandHeartbeat2({
       onUpdate: (stats) => {
@@ -21071,93 +22373,45 @@ var SimpleAutoCommitSchema = z.object({
   message: z.string().optional()
 });
 var simpleAutoCommitTool = defineTool({
-  name: "simpleAutoCommit",
-  description: "Auto-commit staged changes with generated message",
-  category: "git",
-  parameters: SimpleAutoCommitSchema,
-  async execute(input) {
-    try {
-      try {
-        execSync("git diff --cached --quiet", { cwd: process.cwd(), stdio: "ignore" });
-        return {
-          stdout: "",
-          stderr: "No staged changes to commit",
-          exitCode: 1,
-          duration: 0
-        };
-      } catch {
-      }
-      const message = input.message || generateSimpleCommitMessage();
-      execSync(`git commit -m "${message}"`, {
-        encoding: "utf-8",
-        cwd: process.cwd(),
-        stdio: "pipe"
-      });
-      return {
-        stdout: `\u2713 Committed: ${message}`,
-        stderr: "",
-        exitCode: 0,
-        duration: 0
-      };
-    } catch (error) {
-      return {
-        stdout: "",
-        stderr: error instanceof Error ? error.message : "Commit failed",
-        exitCode: 1,
-        duration: 0
-      };
-    }
-  }
-});
-var gitSimpleTools = [checkProtectedBranchTool, simpleAutoCommitTool];
-
-// src/cli/repl/agents/manager.ts
-init_logger();
-var AGENT_NAMES = {
-  explore: "Explorer",
-  plan: "Planner",
-  test: "Tester",
-  debug: "Debugger",
-  review: "Reviewer",
-  architect: "Architect",
-  security: "Security Auditor",
-  tdd: "TDD Guide",
-  refactor: "Refactorer",
-  e2e: "E2E Tester",
-  docs: "Docs Writer",
-  database: "Database Engineer"
-};
-var AGENT_DESCRIPTIONS = {
-  explore: "Search the codebase to answer questions and gather information",
-  plan: "Design implementation approaches and create detailed plans",
-  test: "Write and run tests to ensure code quality",
-  debug: "Analyze errors and fix issues",
-  review: "Review code for quality and best practices",
-  architect: "Design system architecture and create architectural decision records",
-  security: "Audit code for security vulnerabilities using OWASP Top 10",
-  tdd: "Drive development with test-first methodology and RED-GREEN-REFACTOR cycle",
-  refactor: "Improve code structure and quality without changing behavior",
-  e2e: "Write and run end-to-end tests covering full user workflows",
-  docs: "Generate and maintain documentation for code, APIs, and architecture",
-  database: "Design database schemas, write migrations, and optimize queries"
-};
-
-// src/agents/provider-bridge.ts
-var agentProvider = null;
-var agentToolRegistry = null;
-function getAgentProvider() {
-  return agentProvider;
-}
-function getAgentToolRegistry() {
-  return agentToolRegistry;
-}
-function getAgentManager() {
-  {
-    return null;
+  name: "simpleAutoCommit",
+  description: "Auto-commit staged changes with generated message",
+  category: "git",
+  parameters: SimpleAutoCommitSchema,
+  async execute(input) {
+    try {
+      try {
+        execSync("git diff --cached --quiet", { cwd: process.cwd(), stdio: "ignore" });
+        return {
+          stdout: "",
+          stderr: "No staged changes to commit",
+          exitCode: 1,
+          duration: 0
+        };
+      } catch {
+      }
+      const message = input.message || generateSimpleCommitMessage();
+      execSync(`git commit -m "${message}"`, {
+        encoding: "utf-8",
+        cwd: process.cwd(),
+        stdio: "pipe"
+      });
+      return {
+        stdout: `\u2713 Committed: ${message}`,
+        stderr: "",
+        exitCode: 0,
+        duration: 0
+      };
+    } catch (error) {
+      return {
+        stdout: "",
+        stderr: error instanceof Error ? error.message : "Commit failed",
+        exitCode: 1,
+        duration: 0
+      };
+    }
   }
-}
-
-// src/tools/simple-agent.ts
+});
+var gitSimpleTools = [checkProtectedBranchTool, simpleAutoCommitTool];
 var AGENT_TYPES = [
   "explore",
   "plan",
@@ -21270,7 +22524,7 @@ var checkAgentCapabilityTool = defineTool({
   async execute() {
     const provider = getAgentProvider();
     const toolRegistry = getAgentToolRegistry();
-    const isReady = provider !== null;
+    const isReady = provider !== null && toolRegistry !== null;
     const agentTypes = Object.entries(AGENT_DESCRIPTIONS).map(([type, description]) => ({
       type,
       name: AGENT_NAMES[type],
@@ -21284,12 +22538,12 @@ var checkAgentCapabilityTool = defineTool({
         ready: isReady,
         availableTypes: agentTypes,
         features: {
-          taskDelegation: "requires provider initialization",
-          parallelSpawn: "requires provider initialization",
-          multiTurnToolUse: "requires provider initialization",
-          specializedAgents: "requires provider initialization"
+          taskDelegation: isReady ? "ready" : "requires provider initialization",
+          parallelSpawn: isReady ? "ready" : "requires provider initialization",
+          multiTurnToolUse: isReady ? "ready" : "requires provider initialization",
+          specializedAgents: isReady ? "ready" : "requires provider initialization"
         },
-        status: "Provider not initialized. Call setAgentProvider() during startup."
+        status: isReady ? "Multi-agent system is ready with 12 specialized agent types." : "Provider not initialized. Call setAgentProvider() during startup."
       }),
       stderr: "",
       exitCode: 0,
@@ -30161,7 +31415,7 @@ var HTTPTransport = class {
 
 // src/mcp/transport/sse.ts
 init_errors2();
-var DEFAULT_CONFIG2 = {
+var DEFAULT_CONFIG3 = {
   initialReconnectDelay: 1e3,
   maxReconnectDelay: 3e4,
   maxReconnectAttempts: 10
@@ -30177,7 +31431,7 @@ var SSETransport = class {
   errorHandler = null;
   closeHandler = null;
   constructor(config) {
-    this.config = { ...DEFAULT_CONFIG2, ...config };
+    this.config = { ...DEFAULT_CONFIG3, ...config };
   }
   /**
    * Connect to the SSE endpoint
@@ -30646,6 +31900,235 @@ function getMCPServerManager() {
 
 // src/mcp/tools.ts
 init_errors2();
+var DEFAULT_OPTIONS = {
+  namePrefix: "mcp",
+  category: "deploy",
+  requestTimeout: 6e4
+};
+function buildMcpToolDescription(serverName, tool) {
+  const base = tool.description || `Tool '${tool.name}' exposed by MCP server '${serverName}'`;
+  const lowerServer = serverName.toLowerCase();
+  if (lowerServer.includes("atlassian") || lowerServer.includes("jira") || lowerServer.includes("confluence")) {
+    return `${base}. Use this MCP tool for Atlassian/Jira/Confluence data. Prefer it over direct web_fetch or http_fetch for Atlassian content.`;
+  }
+  return `${base}. Exposed by MCP server '${serverName}'. Prefer this MCP tool over generic web/http fetch when accessing data from that connected service.`;
+}
+function jsonSchemaToZod(schema) {
+  if (schema.enum && Array.isArray(schema.enum)) {
+    const values = schema.enum;
+    if (values.length > 0 && values.every((v) => typeof v === "string")) {
+      return z.enum(values);
+    }
+    const literals = values.map((v) => z.literal(v));
+    if (literals.length < 2) {
+      return literals[0] ?? z.any();
+    }
+    return z.union(literals);
+  }
+  if (schema.const !== void 0) {
+    return z.literal(schema.const);
+  }
+  if (schema.oneOf && Array.isArray(schema.oneOf)) {
+    const schemas = schema.oneOf.map(jsonSchemaToZod);
+    if (schemas.length >= 2) {
+      return z.union(schemas);
+    }
+    return schemas[0] ?? z.unknown();
+  }
+  if (schema.anyOf && Array.isArray(schema.anyOf)) {
+    const schemas = schema.anyOf.map(jsonSchemaToZod);
+    if (schemas.length >= 2) {
+      return z.union(schemas);
+    }
+    return schemas[0] ?? z.unknown();
+  }
+  if (schema.allOf && Array.isArray(schema.allOf)) {
+    const schemas = schema.allOf.map(jsonSchemaToZod);
+    return schemas.reduce((acc, s) => z.intersection(acc, s));
+  }
+  const type = schema.type;
+  const makeNullable = (s) => {
+    if (schema.nullable === true) return s.nullable();
+    return s;
+  };
+  switch (type) {
+    case "string": {
+      let s = z.string();
+      if (schema.format) {
+        switch (schema.format) {
+          case "uri":
+          case "url":
+            s = z.string().url();
+            break;
+          case "email":
+            s = z.string().email();
+            break;
+          case "date-time":
+          case "datetime":
+            s = z.string().datetime();
+            break;
+        }
+      }
+      if (typeof schema.minLength === "number") s = s.min(schema.minLength);
+      if (typeof schema.maxLength === "number") s = s.max(schema.maxLength);
+      return makeNullable(s);
+    }
+    case "number": {
+      let n = z.number();
+      if (typeof schema.minimum === "number") n = n.min(schema.minimum);
+      if (typeof schema.maximum === "number") n = n.max(schema.maximum);
+      if (typeof schema.exclusiveMinimum === "number") n = n.gt(schema.exclusiveMinimum);
+      if (typeof schema.exclusiveMaximum === "number") n = n.lt(schema.exclusiveMaximum);
+      return makeNullable(n);
+    }
+    case "integer": {
+      let n = z.number().int();
+      if (typeof schema.minimum === "number") n = n.min(schema.minimum);
+      if (typeof schema.maximum === "number") n = n.max(schema.maximum);
+      return makeNullable(n);
+    }
+    case "boolean":
+      return makeNullable(z.boolean());
+    case "null":
+      return z.null();
+    case "array":
+      if (schema.items) {
+        const itemSchema = jsonSchemaToZod(schema.items);
+        let arr = z.array(itemSchema);
+        if (typeof schema.minItems === "number") arr = arr.min(schema.minItems);
+        if (typeof schema.maxItems === "number") arr = arr.max(schema.maxItems);
+        return makeNullable(arr);
+      }
+      return makeNullable(z.array(z.unknown()));
+    case "object": {
+      const properties = schema.properties;
+      const required = schema.required;
+      if (!properties) {
+        return makeNullable(z.record(z.string(), z.unknown()));
+      }
+      const shape = {};
+      for (const [key, propSchema] of Object.entries(properties)) {
+        let fieldSchema = jsonSchemaToZod(propSchema);
+        if (!required?.includes(key)) {
+          fieldSchema = fieldSchema.optional();
+        }
+        if (propSchema.description && typeof propSchema.description === "string") {
+          fieldSchema = fieldSchema.describe(propSchema.description);
+        }
+        shape[key] = fieldSchema;
+      }
+      return makeNullable(z.object(shape));
+    }
+    default:
+      if (Array.isArray(schema.type)) {
+        const types = schema.type;
+        if (types.includes("null")) {
+          const nonNullType = types.find((t) => t !== "null");
+          if (nonNullType) {
+            return jsonSchemaToZod({ ...schema, type: nonNullType }).nullable();
+          }
+        }
+      }
+      return z.unknown();
+  }
+}
+function createToolParametersSchema(tool) {
+  const schema = tool.inputSchema;
+  if (!schema || schema.type !== "object") {
+    return z.object({});
+  }
+  return jsonSchemaToZod(schema);
+}
+function formatToolResult(result) {
+  if (result.isError) {
+    throw new Error(result.content.map((c) => c.text || "").join("\n"));
+  }
+  return result.content.map((item) => {
+    switch (item.type) {
+      case "text":
+        return item.text || "";
+      case "image":
+        return `[Image: ${item.mimeType || "unknown"}]`;
+      case "resource":
+        return `[Resource: ${item.resource?.uri || "unknown"}]`;
+      default:
+        return "";
+    }
+  }).filter(Boolean).join("\n");
+}
+function createToolName(serverName, toolName, prefix) {
+  return `${prefix}_${serverName}_${toolName}`.replace(/[^a-zA-Z0-9_]/g, "_");
+}
+function wrapMCPTool(tool, serverName, client, options = {}) {
+  const opts = { ...DEFAULT_OPTIONS, ...options };
+  const wrappedName = createToolName(serverName, tool.name, opts.namePrefix);
+  const parametersSchema = createToolParametersSchema(tool);
+  const cocoTool = {
+    name: wrappedName,
+    description: buildMcpToolDescription(serverName, tool),
+    category: opts.category,
+    parameters: parametersSchema,
+    execute: async (params) => {
+      const timeout = opts.requestTimeout;
+      try {
+        const result = await Promise.race([
+          client.callTool({
+            name: tool.name,
+            arguments: params
+          }),
+          new Promise((_, reject) => {
+            setTimeout(() => {
+              reject(new MCPTimeoutError(`Tool '${tool.name}' timed out after ${timeout}ms`));
+            }, timeout);
+          })
+        ]);
+        return formatToolResult(result);
+      } catch (error) {
+        if (error instanceof MCPError) {
+          throw error;
+        }
+        throw new MCPError(
+          -32603,
+          `Tool execution failed: ${error instanceof Error ? error.message : "Unknown error"}`
+        );
+      }
+    }
+  };
+  const wrapped = {
+    originalTool: tool,
+    serverName,
+    wrappedName
+  };
+  return { tool: cocoTool, wrapped };
+}
+function wrapMCPTools(tools, serverName, client, options = {}) {
+  const cocoTools = [];
+  const wrappedTools = [];
+  for (const tool of tools) {
+    const { tool: cocoTool, wrapped } = wrapMCPTool(tool, serverName, client, options);
+    cocoTools.push(cocoTool);
+    wrappedTools.push(wrapped);
+  }
+  return { tools: cocoTools, wrapped: wrappedTools };
+}
+async function createToolsFromMCPServer(serverName, client, options = {}) {
+  if (!client.isConnected()) {
+    await client.initialize({
+      protocolVersion: "2024-11-05",
+      capabilities: {},
+      clientInfo: { name: "coco-mcp-client", version: "0.2.0" }
+    });
+  }
+  const { tools } = await client.listTools();
+  return wrapMCPTools(tools, serverName, client, options);
+}
+async function registerMCPTools(registry, serverName, client, options = {}) {
+  const { tools, wrapped } = await createToolsFromMCPServer(serverName, client, options);
+  for (const tool of tools) {
+    registry.register(tool);
+  }
+  return wrapped;
+}
 
 // src/tools/mcp.ts
 async function loadConfiguredServers(projectPath) {
@@ -30742,6 +32225,10 @@ built-in MCP OAuth browser login flow. Do not ask the user for raw tokens when t
       await manager.stopServer(target.name);
     }
     const connection = await manager.startServer(target);
+    const toolRegistry = getAgentToolRegistry();
+    if (toolRegistry) {
+      await registerMCPTools(toolRegistry, connection.name, connection.client);
+    }
     let tools;
     if (includeTools) {
       try {
@@ -30910,12 +32397,497 @@ function createFullToolRegistry() {
   registerAllTools(registry);
   return registry;
 }
+var InMemoryEventLog = class {
+  events = [];
+  record(type, data = {}) {
+    const event = {
+      id: randomUUID(),
+      type,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      data
+    };
+    this.events.push(event);
+    return event;
+  }
+  list() {
+    return [...this.events];
+  }
+  count() {
+    return this.events.length;
+  }
+  clear() {
+    this.events = [];
+  }
+};
+var FileEventLog = class {
+  constructor(filePath) {
+    this.filePath = filePath;
+    try {
+      mkdirSync(dirname(filePath), { recursive: true });
+    } catch {
+      this.writable = false;
+    }
+  }
+  filePath;
+  memory = new InMemoryEventLog();
+  writable = true;
+  record(type, data = {}) {
+    const event = this.memory.record(type, data);
+    if (this.writable) {
+      try {
+        appendFileSync(this.filePath, JSON.stringify(event) + "\n", "utf-8");
+      } catch {
+        this.writable = false;
+      }
+    }
+    return event;
+  }
+  list() {
+    if (!this.writable) return this.memory.list();
+    try {
+      const raw = readFileSync(this.filePath, "utf-8");
+      return raw.split("\n").filter(Boolean).flatMap((line) => {
+        try {
+          return [JSON.parse(line)];
+        } catch {
+          return [];
+        }
+      });
+    } catch {
+      return this.memory.list();
+    }
+  }
+  count() {
+    return this.list().length;
+  }
+  clear() {
+    this.memory.clear();
+    if (this.writable) {
+      try {
+        writeFileSync(this.filePath, "", "utf-8");
+      } catch {
+        this.writable = false;
+      }
+    }
+  }
+};
+function createEventLog() {
+  return new InMemoryEventLog();
+}
+function createFileEventLog(filePath) {
+  return new FileEventLog(filePath);
+}
+
+// src/runtime/permission-policy.ts
+var READ_ONLY_CATEGORIES = /* @__PURE__ */ new Set(["search", "web", "document"]);
+var WRITE_CATEGORIES = /* @__PURE__ */ new Set(["file", "git", "test", "build", "memory"]);
+var READ_ONLY_TOOL_NAMES = /* @__PURE__ */ new Set([
+  "glob",
+  "read_file",
+  "list_dir",
+  "tree",
+  "grep",
+  "find_in_file",
+  "semantic_search",
+  "codebase_map",
+  "repo_context",
+  "lsp_status",
+  "lsp_document_symbols",
+  "lsp_workspace_symbols",
+  "lsp_definition",
+  "lsp_references",
+  "git_status",
+  "git_log",
+  "git_diff",
+  "git_show",
+  "git_branch",
+  "recall_memory",
+  "list_memories",
+  "list_checkpoints",
+  "spawnSimpleAgent",
+  "checkAgentCapability"
+]);
+var WRITE_CAPABLE_TOOL_NAMES = /* @__PURE__ */ new Set(["run_linter"]);
+var DESTRUCTIVE_TOOL_NAMES = /* @__PURE__ */ new Set([
+  "bash_exec",
+  "write_file",
+  "edit_file",
+  "delete_file",
+  "restore_checkpoint",
+  "git_commit",
+  "git_push"
+]);
+function riskForTool(tool) {
+  if (READ_ONLY_TOOL_NAMES.has(tool.name)) return "read-only";
+  if (DESTRUCTIVE_TOOL_NAMES.has(tool.name)) return "destructive";
+  if (WRITE_CAPABLE_TOOL_NAMES.has(tool.name)) return "write";
+  if (tool.category === "web") return "network";
+  if (WRITE_CATEGORIES.has(tool.category)) return "write";
+  if (tool.category === "quality") return "write";
+  return "read-only";
+}
+var DefaultPermissionPolicy = class {
+  canExecuteTool(mode, tool) {
+    const definition = getAgentMode(mode);
+    const risk = riskForTool(tool);
+    const readOnlyTool = READ_ONLY_TOOL_NAMES.has(tool.name) || READ_ONLY_CATEGORIES.has(tool.category);
+    if (definition.readOnly && !readOnlyTool) {
+      return {
+        allowed: false,
+        reason: `${definition.label} mode is read-only; ${tool.name} is a ${tool.category} tool.`,
+        risk
+      };
+    }
+    if (risk === "destructive") {
+      return {
+        allowed: true,
+        requiresConfirmation: true,
+        reason: `${tool.name} can change repository state and should be confirmed.`,
+        risk
+      };
+    }
+    return { allowed: true, risk };
+  }
+};
+function createPermissionPolicy() {
+  return new DefaultPermissionPolicy();
+}
+
+// src/runtime/provider-registry.ts
+init_catalog();
+var ProviderRegistry = class {
+  listProviders() {
+    return Object.values(PROVIDER_CATALOG);
+  }
+  getProvider(provider) {
+    return getProviderCatalogEntry(provider);
+  }
+  listModels(provider) {
+    return this.getProvider(provider).models;
+  }
+  getModel(provider, model2) {
+    return getCatalogModel(provider, model2);
+  }
+  getDefaultModel(provider) {
+    return getCatalogDefaultModel(provider);
+  }
+  getRecommendedModel(provider) {
+    return getCatalogRecommendedModel(provider);
+  }
+  getCapability(provider, model2) {
+    return getProviderRuntimeCapability(provider, model2);
+  }
+  async createProvider(provider, config = {}) {
+    return createProvider(provider, config);
+  }
+  async probe(provider, model2, checkAvailability) {
+    return probeProviderRuntimeCapability(provider, model2, checkAvailability);
+  }
+};
+function createProviderRegistry() {
+  return new ProviderRegistry();
+}
+
+// src/runtime/agent-runtime.ts
+var AgentRuntime = class {
+  constructor(options) {
+    this.options = options;
+    this.providerRegistry = createProviderRegistry();
+    this.toolRegistry = options.toolRegistry ?? createFullToolRegistry();
+    this.sessionStore = options.sessionStore ?? createSessionStore({});
+    this.permissionPolicy = options.permissionPolicy ?? createPermissionPolicy();
+    this.eventLog = options.eventLog ?? (options.eventLogPath ? createFileEventLog(options.eventLogPath) : createEventLog());
+    this.providerType = options.providerType;
+    this.model = options.model ?? options.providerConfig?.model ?? getDefaultModel(options.providerType);
+  }
+  options;
+  providerRegistry;
+  toolRegistry;
+  sessionStore;
+  permissionPolicy;
+  eventLog;
+  providerType;
+  model;
+  async initialize() {
+    const providerInjected = Boolean(this.options.provider);
+    const provider = this.options.provider ?? await this.providerRegistry.createProvider(this.providerType, {
+      ...this.options.providerConfig,
+      model: this.getModel()
+    });
+    this.publishToGlobalBridge(provider);
+    this.eventLog.record(providerInjected ? "provider.attached" : "provider.created", {
+      provider: this.providerType,
+      model: this.getModel(),
+      createdByRuntime: !providerInjected
+    });
+    this.eventLog.record("runtime.initialized", { snapshot: this.snapshot() });
+  }
+  getModel() {
+    return this.model;
+  }
+  updateProvider(providerType, model2, provider) {
+    this.providerType = providerType;
+    this.model = model2 ?? getDefaultModel(providerType);
+    this.publishToGlobalBridge(provider);
+    this.eventLog.record("provider.updated", {
+      provider: this.providerType,
+      model: this.model
+    });
+  }
+  publishToGlobalBridge(provider) {
+    if (this.options.publishToGlobalBridge !== true) return;
+    setAgentProvider(provider);
+    setAgentToolRegistry(this.toolRegistry);
+  }
+  snapshot() {
+    const capability = this.providerRegistry.getCapability(this.providerType, this.getModel());
+    const toolNames = this.toolRegistry.getAll().map((tool) => tool.name).sort();
+    return {
+      provider: {
+        type: this.providerType,
+        model: this.getModel(),
+        capability
+      },
+      tools: {
+        count: toolNames.length,
+        names: toolNames
+      },
+      modes: listAgentModes()
+    };
+  }
+  assertToolAllowed(mode, toolName) {
+    const tool = this.toolRegistry.get(toolName);
+    if (!tool) {
+      this.eventLog.record("tool.blocked", {
+        mode,
+        tool: toolName,
+        reason: "Tool not registered."
+      });
+      return false;
+    }
+    const decision = this.permissionPolicy.canExecuteTool(mode, tool);
+    this.eventLog.record(decision.allowed ? "tool.allowed" : "tool.blocked", {
+      mode,
+      tool: toolName,
+      ...decision
+    });
+    return decision.allowed;
+  }
+};
+async function createAgentRuntime(options) {
+  const runtime = new AgentRuntime(options);
+  await runtime.initialize();
+  return runtime;
+}
+
+// src/runtime/extension-manifests.ts
+function createMcpToolPolicy(server, tool, risk, allowedModes = ["ask", "plan", "build", "debug", "review", "architect"]) {
+  return {
+    server,
+    tool,
+    risk,
+    requiresConfirmation: risk === "destructive" || risk === "secrets-sensitive",
+    allowedModes
+  };
+}
+
+// src/runtime/workflow-registry.ts
+function cloneWorkflow(workflow) {
+  return {
+    ...workflow,
+    checks: [...workflow.checks],
+    steps: workflow.steps.map((step) => ({
+      ...step,
+      requiredTools: [...step.requiredTools]
+    }))
+  };
+}
+var WorkflowCatalog = class {
+  workflows = /* @__PURE__ */ new Map();
+  constructor(workflows = DEFAULT_WORKFLOWS) {
+    for (const workflow of workflows) {
+      this.register(workflow);
+    }
+  }
+  register(workflow) {
+    this.workflows.set(workflow.id, cloneWorkflow(workflow));
+  }
+  get(id) {
+    const workflow = this.workflows.get(id);
+    return workflow ? cloneWorkflow(workflow) : void 0;
+  }
+  list() {
+    return [...this.workflows.values()].map(cloneWorkflow).sort((a, b) => a.id.localeCompare(b.id));
+  }
+  createPlan(workflowId, input, eventLog) {
+    const workflow = this.get(workflowId);
+    if (!workflow) {
+      throw new Error(`Unknown workflow: ${workflowId}`);
+    }
+    const plan = {
+      id: `${workflowId}-${Date.now().toString(36)}`,
+      workflowId,
+      input,
+      status: "planned",
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    eventLog?.record("workflow.planned", {
+      workflowId,
+      planId: plan.id,
+      replayable: workflow.replayable,
+      checks: workflow.checks
+    });
+    return plan;
+  }
+};
+var DEFAULT_WORKFLOWS = [
+  {
+    id: "architect-editor-verifier",
+    name: "Architect / Editor / Verifier",
+    description: "Plan read-only, apply approved changes, then verify and summarize risks.",
+    inputSchema: "task: string; approvedPlan?: string",
+    outputKind: "patch",
+    replayable: true,
+    checks: ["pnpm check", "diff summary", "review risks"],
+    steps: [
+      {
+        id: "architect",
+        description: "Inspect context and produce a read-only implementation plan.",
+        requiredTools: ["repo_context", "read_file", "git_diff"],
+        risk: "read-only"
+      },
+      {
+        id: "editor",
+        description: "Apply the approved plan without reinterpreting the objective.",
+        requiredTools: ["read_file", "edit_file", "write_file"],
+        risk: "write"
+      },
+      {
+        id: "verifier",
+        description: "Run checks, review diff, and report residual risk.",
+        requiredTools: ["bash_exec", "git_diff", "review_code"],
+        risk: "destructive"
+      }
+    ]
+  },
+  {
+    id: "provider-diagnosis",
+    name: "Provider Diagnosis",
+    description: "Probe provider/model capabilities, endpoint strategy, credentials, and fallbacks.",
+    inputSchema: "provider?: string; model?: string; live?: boolean",
+    outputKind: "json",
+    replayable: true,
+    checks: ["provider capability matrix", "optional live probe"],
+    steps: [
+      {
+        id: "capability",
+        description: "Resolve catalog metadata and runtime endpoint strategy.",
+        requiredTools: [],
+        risk: "read-only"
+      },
+      {
+        id: "fallbacks",
+        description: "Suggest fallback provider/model choices when unsupported.",
+        requiredTools: [],
+        risk: "read-only"
+      }
+    ]
+  },
+  {
+    id: "review-pr",
+    name: "Review PR",
+    description: "Review a branch or PR read-only and emit severity-ranked findings.",
+    inputSchema: "target: string",
+    outputKind: "markdown",
+    replayable: true,
+    checks: ["git diff", "tests gap review", "security review"],
+    steps: [
+      {
+        id: "collect-diff",
+        description: "Collect PR diff and related context.",
+        requiredTools: ["git_diff", "repo_context"],
+        risk: "read-only"
+      },
+      {
+        id: "findings",
+        description: "Produce prioritized findings with file and line references.",
+        requiredTools: ["read_file", "review_code"],
+        risk: "read-only"
+      }
+    ]
+  },
+  {
+    id: "best-of-n",
+    name: "Best Of N",
+    description: "Run multiple isolated attempts, score them, and select a winning patch.",
+    inputSchema: "task: string; attempts: number",
+    outputKind: "patch",
+    replayable: true,
+    checks: ["worktree isolation", "checks pass", "diff risk score"],
+    steps: [
+      {
+        id: "fanout",
+        description: "Create isolated attempts in temporary worktrees.",
+        requiredTools: ["git_status", "bash_exec"],
+        risk: "destructive"
+      },
+      {
+        id: "score",
+        description: "Run checks and compare quality, cost, latency, and diff risk.",
+        requiredTools: ["bash_exec", "git_diff"],
+        risk: "destructive"
+      },
+      {
+        id: "apply-winner",
+        description: "Apply the winning patch only if conservative checks pass.",
+        requiredTools: ["git_diff", "edit_file"],
+        risk: "write"
+      }
+    ]
+  },
+  {
+    id: "release",
+    name: "Release",
+    description: "Follow the project release skill: changelog, version bump, PR, merge, tag, publish verify.",
+    inputSchema: "bump?: patch|minor|major",
+    outputKind: "release",
+    replayable: true,
+    checks: ["pnpm check", "PR checks", "release.yml", "npm view"],
+    steps: [
+      {
+        id: "preflight",
+        description: "Verify branch, clean tree, GitHub auth, and remote state.",
+        requiredTools: ["git_status", "bash_exec"],
+        risk: "destructive"
+      },
+      {
+        id: "version",
+        description: "Update changelog and package versions using the release skill.",
+        requiredTools: ["read_file", "edit_file", "bash_exec"],
+        risk: "destructive"
+      },
+      {
+        id: "publish",
+        description: "Merge release PR, tag main, and verify release workflow outputs.",
+        requiredTools: ["bash_exec"],
+        risk: "destructive"
+      }
+    ]
+  }
+];
+var WorkflowRegistry = WorkflowCatalog;
+function createWorkflowCatalog(workflows) {
+  return new WorkflowCatalog(workflows);
+}
+function createWorkflowRegistry(workflows) {
+  return createWorkflowCatalog(workflows);
+}
 
 // src/index.ts
 init_errors();
 init_logger();
 init_proxy();
 
-export { ADRGenerator, AnthropicProvider, ArchitectureGenerator, BacklogGenerator, CICDGenerator, CocoError, CodeGenerator, CodeReviewer, CompleteExecutor, ConfigError, ConvergeExecutor, DiscoveryEngine, DockerGenerator, DocsGenerator, OrchestrateExecutor, OutputExecutor, PhaseError, SessionManager, SpecificationGenerator, TaskError, TaskIterator, ToolRegistry, VERSION, configExists, createADRGenerator, createAnthropicProvider, createArchitectureGenerator, createBacklogGenerator, createCICDGenerator, createCodeGenerator, createCodeReviewer, createCompleteExecutor, createConvergeExecutor, createDefaultConfig, createDiscoveryEngine, createDockerGenerator, createDocsGenerator, createFullToolRegistry, createLogger, createOrchestrateExecutor, createOrchestrator, createOutputExecutor, createProvider, createSessionManager, createSpecificationGenerator, createTaskIterator, createToolRegistry, installProxyDispatcher, loadConfig, registerAllTools, saveConfig };
+export { ADRGenerator, AgentRuntime, AnthropicProvider, ArchitectureGenerator, BacklogGenerator, CICDGenerator, CocoError, CodeGenerator, CodeReviewer, CompleteExecutor, ConfigError, ConvergeExecutor, DEFAULT_WORKFLOWS, DefaultPermissionPolicy, DiscoveryEngine, DockerGenerator, DocsGenerator, FileEventLog, InMemoryEventLog, OrchestrateExecutor, OutputExecutor, PhaseError, ProviderRegistry, SessionManager, SpecificationGenerator, TaskError, TaskIterator, ToolRegistry, VERSION, WorkflowCatalog, WorkflowRegistry, configExists, createADRGenerator, createAgentRuntime, createAnthropicProvider, createArchitectureGenerator, createBacklogGenerator, createCICDGenerator, createCodeGenerator, createCodeReviewer, createCompleteExecutor, createConvergeExecutor, createDefaultConfig, createDiscoveryEngine, createDockerGenerator, createDocsGenerator, createEventLog, createFileEventLog, createFullToolRegistry, createLogger, createMcpToolPolicy, createOrchestrateExecutor, createOrchestrator, createOutputExecutor, createPermissionPolicy, createProvider, createProviderRegistry, createSessionManager, createSpecificationGenerator, createTaskIterator, createToolRegistry, createWorkflowCatalog, createWorkflowRegistry, installProxyDispatcher, loadConfig, registerAllTools, saveConfig };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map