npm - agentic-qe - Versions diffs - 3.6.10 → 3.6.11 - Mend

agentic-qe 3.6.10 → 3.6.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

package/v3/dist/mcp/bundle.js CHANGED Viewed

@@ -11461,7 +11461,7 @@ var init_hnsw_index = __esm({
         if (!this.initialized) {
           await this.initialize();
         }
-        this.validateVector(vector);
+        vector = this.validateVector(vector);
         if (this.keyToLabel.has(key)) {
           await this.delete(key);
         }
@@ -11490,7 +11490,7 @@ var init_hnsw_index = __esm({
         if (!this.initialized) {
           await this.initialize();
         }
-        this.validateVector(query);
+        query = this.validateVector(query);
         const startTime = performance.now();
         const results = this.stats.vectorCount > 0 ? this.searchRuvector(query, k68) : [];
         const endTime = performance.now();
@@ -11615,17 +11615,46 @@ var init_hnsw_index = __esm({
       // ============================================================================
       // Private Helper Methods
       // ============================================================================
+      /**
+       * Validate and auto-resize vectors to match HNSW configured dimensions.
+       * Fix #279: Prevents Rust WASM panic when RealEmbeddings (768-dim) are
+       * passed to a 128-dim HNSW index.
+       */
       validateVector(vector) {
         if (vector.length !== this.config.dimensions) {
-          throw new Error(
-            `Vector dimension mismatch: expected ${this.config.dimensions}, got ${vector.length}`
-          );
+          return this.resizeVector(vector, this.config.dimensions);
         }
         for (let i58 = 0; i58 < vector.length; i58++) {
           if (!Number.isFinite(vector[i58])) {
             throw new Error(`Invalid vector value at index ${i58}: ${vector[i58]}`);
           }
         }
+        return vector;
+      }
+      /**
+       * Resize vector to target dimensions using averaging (shrink) or zero-padding (grow).
+       */
+      resizeVector(vector, targetDim) {
+        if (vector.length === targetDim) return vector;
+        if (vector.length > targetDim) {
+          const result2 = new Array(targetDim).fill(0);
+          const ratio = vector.length / targetDim;
+          for (let i58 = 0; i58 < targetDim; i58++) {
+            const start = Math.floor(i58 * ratio);
+            const end = Math.floor((i58 + 1) * ratio);
+            let sum = 0;
+            for (let j52 = start; j52 < end; j52++) {
+              sum += vector[j52];
+            }
+            result2[i58] = sum / (end - start);
+          }
+          return result2;
+        }
+        const result = new Array(targetDim).fill(0);
+        for (let i58 = 0; i58 < vector.length; i58++) {
+          result[i58] = vector[i58];
+        }
+        return result;
       }
       buildKey(key) {
         return `${this.config.namespace}:${key}`;
@@ -17796,7 +17825,13 @@ var init_signal_collector = __esm({
         "test generation",
         "error handling",
         "validation logic",
-        "api integration"
+        "api integration",
+        "code index",
+        "coverage analysis",
+        "quality assessment",
+        "defect prediction",
+        "predict defect",
+        "analyze coverage"
       ],
       // Tier 3 - High complexity
       complex: [
@@ -17807,7 +17842,14 @@ var init_signal_collector = __esm({
         "migration",
         "cross-domain",
         "workflow",
-        "system design"
+        "system design",
+        "analyze security",
+        "security scan",
+        "security analysis",
+        "vulnerability scan",
+        "chaos test",
+        "resilience test",
+        "contract validation"
       ],
       // Tier 4 - Critical/expert
       critical: [
@@ -17818,7 +17860,12 @@ var init_signal_collector = __esm({
         "system-wide",
         "vulnerability",
         "cryptography",
-        "performance critical"
+        "performance critical",
+        "hardcoded secret",
+        "cve",
+        "owasp",
+        "penetration test",
+        "exploit"
       ]
     };
     SCOPE_PATTERNS = {
@@ -18115,11 +18162,15 @@ var init_score_calculator = __esm({
        * Calculate overall complexity score (0-100)
        */
       calculateOverallComplexity(codeComplexity, reasoningComplexity, scopeComplexity, signals) {
-        if (signals.isMechanicalTransform) {
+        if (signals.isMechanicalTransform && !signals.hasSecurityScope && !signals.hasArchitectureScope && !signals.requiresMultiStepReasoning && !signals.requiresCrossDomainCoordination && codeComplexity === 0 && reasoningComplexity === 0 && scopeComplexity === 0) {
           return 5;
         }
         const weighted = codeComplexity * 0.3 + reasoningComplexity * 0.4 + scopeComplexity * 0.3;
-        return Math.min(Math.round(weighted), 100);
+        let minScore = 0;
+        if (signals.hasSecurityScope) minScore = Math.max(minScore, 50);
+        if (signals.hasArchitectureScope) minScore = Math.max(minScore, 55);
+        if (signals.requiresCrossDomainCoordination) minScore = Math.max(minScore, 35);
+        return Math.min(Math.max(Math.round(weighted), minScore), 100);
       }
       /**
        * Calculate confidence in complexity assessment (0-1)
@@ -18922,7 +18973,7 @@ var init_router = __esm({
           agentBoosterStats: {
             eligible: agentBoosterEligible,
             used: agentBoosterUsed,
-            fallbackToLLM: agentBoosterEligible - agentBoosterUsed,
+            fallbackToLLM: Math.max(0, agentBoosterEligible - agentBoosterUsed),
             successRate: agentBoosterUsed > 0 ? agentBoosterSuccess / agentBoosterUsed : 0
           },
           budgetStats: {
@@ -86100,7 +86151,35 @@ import { join as join10, extname as extname3 } from "path";
 // src/domains/code-intelligence/services/metric-collector/interfaces.ts
 var DEFAULT_METRIC_CONFIG = {
   timeout: 6e4,
-  excludeDirs: ["node_modules", "dist", "coverage", "build", ".git", "vendor", "target"],
+  excludeDirs: [
+    // JS/TS ecosystem
+    "node_modules",
+    "dist",
+    "build",
+    "coverage",
+    ".nyc_output",
+    ".next",
+    ".nuxt",
+    ".output",
+    // Python ecosystem
+    "__pycache__",
+    ".venv",
+    "venv",
+    ".tox",
+    ".mypy_cache",
+    ".pytest_cache",
+    ".eggs",
+    "*.egg-info",
+    // Rust / Java / Go
+    "target",
+    ".gradle",
+    "vendor",
+    ".bundle",
+    // General
+    ".git",
+    ".svn",
+    ".hg"
+  ],
   testPatterns: ["**/*.test.ts", "**/*.spec.ts", "**/*.test.js", "**/*.spec.js"],
   enableCache: true,
   cacheTTL: 3e5
@@ -86108,7 +86187,7 @@ var DEFAULT_METRIC_CONFIG = {
 // src/domains/code-intelligence/services/metric-collector/loc-counter.ts
 import { execSync as execSync3, spawnSync as spawnSync2 } from "child_process";
-import { existsSync as existsSync6, readdirSync, readFileSync as readFileSync5 } from "fs";
+import { existsSync as existsSync6, readdirSync, readFileSync as readFileSync5, statSync as statSync2 } from "fs";
 import { join as join8, extname } from "path";
 init_safe_json();
 async function countLOC(projectPath, config = {}) {
@@ -86252,22 +86331,35 @@ function getLanguageForExtension(ext) {
 function manualLOCCount(projectPath, config) {
   const byLanguage = {};
   let total = 0;
-  function walkDirectory2(dirPath) {
-    if (!existsSync6(dirPath)) {
+  const excludeSet = new Set(config.excludeDirs);
+  const MAX_FILE_SIZE = 2 * 1024 * 1024;
+  function walkDirectory2(dirPath, depth) {
+    if (!existsSync6(dirPath) || depth > 20) {
+      return;
+    }
+    let entries;
+    try {
+      entries = readdirSync(dirPath, { withFileTypes: true });
+    } catch {
       return;
     }
-    const entries = readdirSync(dirPath, { withFileTypes: true });
     for (const entry of entries) {
       const fullPath = join8(dirPath, entry.name);
       if (entry.isDirectory()) {
-        if (config.excludeDirs.includes(entry.name)) {
+        if (excludeSet.has(entry.name) || entry.name.startsWith(".")) {
           continue;
         }
-        walkDirectory2(fullPath);
+        walkDirectory2(fullPath, depth + 1);
       } else if (entry.isFile()) {
         const ext = extname(entry.name);
         const language = getLanguageForExtension(ext);
         if (language) {
+          try {
+            const stat6 = statSync2(fullPath);
+            if (stat6.size > MAX_FILE_SIZE) continue;
+          } catch {
+            continue;
+          }
           const lines = countFileLines(fullPath);
           byLanguage[language] = (byLanguage[language] || 0) + lines;
           total += lines;
@@ -86275,11 +86367,11 @@ function manualLOCCount(projectPath, config) {
       }
     }
   }
-  walkDirectory2(projectPath);
+  walkDirectory2(projectPath, 0);
   return {
     total,
     byLanguage,
-    source: "fallback",
+    source: "node-native",
     excludedDirs: config.excludeDirs
   };
 }
@@ -86910,12 +87002,19 @@ var MetricCollectorService = class {
     const toolsUsed = [];
     if (loc.source !== "fallback") toolsUsed.push(loc.source);
     if (tests.source !== "fallback") toolsUsed.push(tests.source);
+    const locAccuracy = loc.source === "fallback" ? "approximate" : "accurate";
+    const testAccuracy = tests.source === "fallback" ? "approximate" : "accurate";
     const metrics = {
       loc,
       tests,
       patterns,
       collectedAt: /* @__PURE__ */ new Date(),
-      toolsUsed
+      toolsUsed,
+      accuracy: {
+        loc: locAccuracy,
+        tests: testAccuracy,
+        overall: locAccuracy === "accurate" && testAccuracy === "accurate" ? "accurate" : "approximate"
+      }
     };
     if (this.config.enableCache) {
       this.setInCache(cacheKey, metrics);
@@ -89145,9 +89244,15 @@ var CodeIntelligenceCoordinator = class extends BaseDomainCoordinator {
     try {
       console.log(`[CodeIntelligence] Collecting real metrics for ${projectPath}`);
       const metrics = await this.metricCollector.collectAll(projectPath);
+      const toolsLabel = metrics.toolsUsed.length > 0 ? metrics.toolsUsed.join(", ") : metrics.loc.source === "node-native" ? "node-native" : "fallback";
       console.log(
-        `[CodeIntelligence] Real metrics collected: ${metrics.loc.total} LOC, ${metrics.tests.total} tests, tools: ${metrics.toolsUsed.join(", ") || "fallback"}`
+        `[CodeIntelligence] Real metrics collected: ${metrics.loc.total} LOC, ${metrics.tests.total} tests, tools: ${toolsLabel}`
       );
+      if (metrics.loc.source === "node-native") {
+        console.log(
+          `[CodeIntelligence] Using Node.js-native line counter (no cloc/tokei needed)`
+        );
+      }
       await this.storeProjectMetricsInMemory(projectPath, metrics);
       if (this.config.publishEvents) {
         const event = createEvent(
@@ -132850,13 +132955,58 @@ function parseLcovInfo(content) {
 async function discoverSourceFiles(targetPath, options = {}) {
   const files = [];
   const { includeTests = true, languages } = options;
-  let extensions = [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs"];
+  let extensions = [
+    ".ts",
+    ".tsx",
+    ".js",
+    ".jsx",
+    ".mjs",
+    ".cjs",
+    // JavaScript/TypeScript
+    ".py",
+    ".pyw",
+    // Python
+    ".go",
+    // Go
+    ".rs",
+    // Rust
+    ".java",
+    ".kt",
+    ".kts",
+    // Java/Kotlin
+    ".rb",
+    // Ruby
+    ".cs",
+    // C#
+    ".php",
+    // PHP
+    ".swift",
+    // Swift
+    ".c",
+    ".h",
+    ".cpp",
+    ".hpp",
+    ".cc",
+    // C/C++
+    ".scala"
+    // Scala
+  ];
   if (languages && languages.length > 0) {
     extensions = [];
     for (const lang of languages) {
       if (lang === "typescript") extensions.push(".ts", ".tsx");
       if (lang === "javascript") extensions.push(".js", ".jsx", ".mjs", ".cjs");
-      if (lang === "python") extensions.push(".py");
+      if (lang === "python") extensions.push(".py", ".pyw");
+      if (lang === "go") extensions.push(".go");
+      if (lang === "rust") extensions.push(".rs");
+      if (lang === "java") extensions.push(".java");
+      if (lang === "kotlin") extensions.push(".kt", ".kts");
+      if (lang === "ruby") extensions.push(".rb");
+      if (lang === "csharp" || lang === "c#") extensions.push(".cs");
+      if (lang === "php") extensions.push(".php");
+      if (lang === "swift") extensions.push(".swift");
+      if (lang === "c" || lang === "cpp" || lang === "c++") extensions.push(".c", ".h", ".cpp", ".hpp", ".cc");
+      if (lang === "scala") extensions.push(".scala");
     }
   }
   async function walkDir(dir) {
@@ -132865,7 +133015,23 @@ async function discoverSourceFiles(targetPath, options = {}) {
       for (const entry of entries) {
         const fullPath = path16.join(dir, entry.name);
         if (entry.isDirectory()) {
-          if (["node_modules", ".git", "dist", "build", "coverage", ".nyc_output"].includes(entry.name)) {
+          if ([
+            "node_modules",
+            ".git",
+            "dist",
+            "build",
+            "coverage",
+            ".nyc_output",
+            "__pycache__",
+            ".venv",
+            "venv",
+            ".tox",
+            ".mypy_cache",
+            "target",
+            ".gradle",
+            "vendor",
+            ".bundle"
+          ].includes(entry.name)) {
             continue;
           }
           await walkDir(fullPath);
@@ -133031,7 +133197,24 @@ var DomainTaskExecutor = class {
         } else if (payload.filePath) {
           sourceFiles = [payload.filePath];
         } else if (payload.sourceCode) {
-          const tempPath = `/tmp/aqe-temp-${v4_default()}.ts`;
+          const langExtMap = {
+            python: ".py",
+            typescript: ".ts",
+            javascript: ".js",
+            go: ".go",
+            rust: ".rs",
+            java: ".java",
+            ruby: ".rb",
+            kotlin: ".kt",
+            csharp: ".cs",
+            php: ".php",
+            swift: ".swift",
+            cpp: ".cpp",
+            c: ".c",
+            scala: ".scala"
+          };
+          const ext = langExtMap[payload.language?.toLowerCase() || "typescript"] || ".ts";
+          const tempPath = `/tmp/aqe-temp-${v4_default()}${ext}`;
           await fs15.writeFile(tempPath, payload.sourceCode, "utf-8");
           sourceFiles = [tempPath];
         }
@@ -133147,12 +133330,96 @@ var DomainTaskExecutor = class {
               sast: payload.sast !== false,
               dast: payload.dast || false
             },
-            warning: `No TypeScript/JavaScript files found in ${targetPath}`
+            warning: `No source files found in ${targetPath}`
           });
         }
-        const filePathObjects = filesToScan.map((filePath) => FilePath.create(filePath));
+        const jstsFiles = filesToScan.filter((f74) => /\.(ts|tsx|js|jsx|mjs|cjs)$/.test(f74));
+        const otherFiles = filesToScan.filter((f74) => !/\.(ts|tsx|js|jsx|mjs|cjs)$/.test(f74));
+        const crossLangVulns = [];
+        for (const filePath of otherFiles) {
+          try {
+            const content = await fs15.readFile(filePath, "utf-8");
+            const lines = content.split("\n");
+            const relPath = filePath.startsWith(targetPath) ? filePath.slice(targetPath.length).replace(/^\//, "") : filePath;
+            const secretPatterns = [
+              { regex: /(?:secret|password|api_key|apikey|token|jwt_secret|private_key)\s*[=:]\s*['"][^'"]{8,}['"]/gi, title: "Hardcoded secret", severity: "critical" },
+              { regex: /(?:AWS_SECRET|GITHUB_TOKEN|SLACK_TOKEN)\s*[=:]\s*['"][^'"]+['"]/gi, title: "Hardcoded cloud credential", severity: "critical" }
+            ];
+            for (const pattern of secretPatterns) {
+              for (let i58 = 0; i58 < lines.length; i58++) {
+                if (pattern.regex.test(lines[i58])) {
+                  crossLangVulns.push({
+                    title: pattern.title,
+                    severity: pattern.severity,
+                    location: { file: relPath, line: i58 + 1 },
+                    description: `Potential hardcoded secret found at line ${i58 + 1}`,
+                    category: "sensitive-data"
+                  });
+                }
+                pattern.regex.lastIndex = 0;
+              }
+            }
+            const sqlPatterns = /(?:execute|query|cursor\.execute)\s*\(\s*(?:f['"]|['"].*%s|['"].*\+\s*\w)/gi;
+            for (let i58 = 0; i58 < lines.length; i58++) {
+              if (sqlPatterns.test(lines[i58])) {
+                crossLangVulns.push({
+                  title: "Potential SQL injection",
+                  severity: "high",
+                  location: { file: relPath, line: i58 + 1 },
+                  description: "String interpolation in SQL query \u2014 use parameterized queries",
+                  category: "injection"
+                });
+              }
+              sqlPatterns.lastIndex = 0;
+            }
+            if (/allow_origins\s*=\s*\[?\s*['"]?\*['"]?\s*\]?/i.test(content)) {
+              crossLangVulns.push({
+                title: "CORS wildcard origin",
+                severity: "high",
+                location: { file: relPath, line: lines.findIndex((l75) => /allow_origins/i.test(l75)) + 1 },
+                description: "CORS configured with wildcard (*) origin \u2014 restrict to specific domains",
+                category: "security-misconfiguration"
+              });
+            }
+            if (/(?:DEBUG|debug)\s*[=:]\s*(?:True|true|1)/i.test(content)) {
+              crossLangVulns.push({
+                title: "Debug mode enabled",
+                severity: "medium",
+                location: { file: relPath, line: lines.findIndex((l75) => /DEBUG\s*[=:]\s*(?:True|true|1)/i.test(l75)) + 1 },
+                description: "Debug mode should be disabled in production",
+                category: "security-misconfiguration"
+              });
+            }
+            if (/\b(?:eval|exec)\s*\(/i.test(content)) {
+              crossLangVulns.push({
+                title: "Dangerous eval/exec usage",
+                severity: "high",
+                location: { file: relPath, line: lines.findIndex((l75) => /\b(?:eval|exec)\s*\(/.test(l75)) + 1 },
+                description: "eval/exec can lead to code injection \u2014 avoid using with user input",
+                category: "injection"
+              });
+            }
+          } catch {
+          }
+        }
+        const depManifests = ["requirements.txt", "pyproject.toml", "Gemfile", "go.mod", "Cargo.toml"];
+        for (const manifest of depManifests) {
+          const manifestPath = path16.join(targetPath, manifest);
+          try {
+            await fs15.access(manifestPath);
+            crossLangVulns.push({
+              title: "Dependency audit recommended",
+              severity: "informational",
+              location: { file: manifest, line: 1 },
+              description: `Found ${manifest} \u2014 run language-specific dependency audit (e.g., pip-audit, npm audit, cargo audit)`,
+              category: "dependencies"
+            });
+          } catch {
+          }
+        }
+        const filePathObjects = jstsFiles.map((filePath) => FilePath.create(filePath));
         let sastResult = null;
-        if (payload.sast !== false) {
+        if (payload.sast !== false && filePathObjects.length > 0) {
           const result = await scanner.scanFiles(filePathObjects);
           if (result.success) {
             sastResult = result.value;
@@ -133169,16 +133436,24 @@ var DomainTaskExecutor = class {
             dastResult = result.value;
           }
         }
+        const crossLangSeverityCounts = {
+          critical: crossLangVulns.filter((v62) => v62.severity === "critical").length,
+          high: crossLangVulns.filter((v62) => v62.severity === "high").length,
+          medium: crossLangVulns.filter((v62) => v62.severity === "medium").length,
+          low: crossLangVulns.filter((v62) => v62.severity === "low").length,
+          informational: crossLangVulns.filter((v62) => v62.severity === "informational").length
+        };
         const summary = {
-          critical: (sastResult?.summary?.critical || 0) + (dastResult?.summary?.critical || 0),
-          high: (sastResult?.summary?.high || 0) + (dastResult?.summary?.high || 0),
-          medium: (sastResult?.summary?.medium || 0) + (dastResult?.summary?.medium || 0),
-          low: (sastResult?.summary?.low || 0) + (dastResult?.summary?.low || 0),
-          informational: (sastResult?.summary?.informational || 0) + (dastResult?.summary?.informational || 0)
+          critical: (sastResult?.summary?.critical || 0) + (dastResult?.summary?.critical || 0) + crossLangSeverityCounts.critical,
+          high: (sastResult?.summary?.high || 0) + (dastResult?.summary?.high || 0) + crossLangSeverityCounts.high,
+          medium: (sastResult?.summary?.medium || 0) + (dastResult?.summary?.medium || 0) + crossLangSeverityCounts.medium,
+          low: (sastResult?.summary?.low || 0) + (dastResult?.summary?.low || 0) + crossLangSeverityCounts.low,
+          informational: (sastResult?.summary?.informational || 0) + (dastResult?.summary?.informational || 0) + crossLangSeverityCounts.informational
         };
         const allVulns = [
           ...sastResult?.vulnerabilities || [],
-          ...dastResult?.vulnerabilities || []
+          ...dastResult?.vulnerabilities || [],
+          ...crossLangVulns
         ];
         const topVulnerabilities = allVulns.sort((a37, b68) => {
           const severityOrder = { critical: 0, high: 1, medium: 2, low: 3, informational: 4 };
@@ -133205,7 +133480,12 @@ var DomainTaskExecutor = class {
             dast: payload.dast || false
           },
           filesScanned: filesToScan.length,
-          coverage: sastResult?.coverage
+          jstsFilesScanned: jstsFiles.length,
+          otherFilesScanned: otherFiles.length,
+          coverage: sastResult?.coverage,
+          ...otherFiles.length > 0 && jstsFiles.length === 0 ? {
+            note: "Non-JS/TS files were scanned with cross-language pattern matching. For deeper analysis, use language-specific security tools."
+          } : {}
         });
       } catch (error) {
         return err(toError(error));
@@ -133228,9 +133508,9 @@ var DomainTaskExecutor = class {
             edgesCreated: 0,
             target: targetPath,
             incremental: payload.incremental || false,
-            languages: payload.languages || ["typescript", "javascript"],
+            languages: payload.languages || [],
             duration: Date.now() - startTime,
-            warning: `No source files found in ${targetPath}`
+            warning: `No source files found in ${targetPath}. Searched for: TypeScript, JavaScript, Python, Go, Rust, Java, Ruby, C/C++, and more.`
           });
         }
         const result = await kg.index({
@@ -133244,11 +133524,35 @@ var DomainTaskExecutor = class {
         }
         const indexResult = result.value;
         const detectedLanguages = /* @__PURE__ */ new Set();
+        const extToLang = {
+          ts: "typescript",
+          tsx: "typescript",
+          js: "javascript",
+          jsx: "javascript",
+          mjs: "javascript",
+          cjs: "javascript",
+          py: "python",
+          pyw: "python",
+          go: "go",
+          rs: "rust",
+          java: "java",
+          kt: "kotlin",
+          kts: "kotlin",
+          rb: "ruby",
+          cs: "csharp",
+          php: "php",
+          swift: "swift",
+          c: "c",
+          h: "c",
+          cpp: "cpp",
+          hpp: "cpp",
+          cc: "cpp",
+          scala: "scala"
+        };
         for (const file of filesToIndex) {
           const ext = path16.extname(file).slice(1);
-          if (["ts", "tsx"].includes(ext)) detectedLanguages.add("typescript");
-          if (["js", "jsx", "mjs", "cjs"].includes(ext)) detectedLanguages.add("javascript");
-          if (ext === "py") detectedLanguages.add("python");
+          const lang = extToLang[ext];
+          if (lang) detectedLanguages.add(lang);
         }
         return ok({
           filesIndexed: indexResult.filesIndexed,
@@ -133346,25 +133650,103 @@ var DomainTaskExecutor = class {
     });
     this.taskHandlers.set("predict-defects", async (task) => {
       const payload = task.payload;
-      return ok({
-        predictedDefects: [
-          {
-            file: `${payload.target}/complex-module.ts`,
-            probability: 0.78,
-            reason: "High cyclomatic complexity combined with low test coverage"
-          },
-          {
-            file: `${payload.target}/legacy-handler.ts`,
-            probability: 0.65,
-            reason: "Frequent changes in recent commits with error-prone patterns"
+      try {
+        const targetPath = payload.target || process.cwd();
+        const minConfidence = payload.minConfidence || 0.5;
+        const sourceFiles = await discoverSourceFiles(targetPath, { includeTests: false });
+        if (sourceFiles.length === 0) {
+          return ok({
+            predictedDefects: [],
+            riskScore: 0,
+            recommendations: [
+              `No source files found in ${targetPath}. Ensure the path contains source code files.`
+            ],
+            warning: `No source files found in ${targetPath}`,
+            filesAnalyzed: 0
+          });
+        }
+        const predictedDefects = [];
+        for (const filePath of sourceFiles) {
+          try {
+            const content = await fs15.readFile(filePath, "utf-8");
+            const lines = content.split("\n");
+            const lineCount = lines.length;
+            let probability = 0;
+            const reasons = [];
+            if (lineCount > 500) {
+              probability += 0.25;
+              reasons.push(`Large file (${lineCount} lines)`);
+            } else if (lineCount > 300) {
+              probability += 0.15;
+              reasons.push(`Medium-large file (${lineCount} lines)`);
+            }
+            const branchKeywords = content.match(/\b(if|else|switch|case|for|while|catch|&&|\|\|)\b/g) || [];
+            const branchDensity = branchKeywords.length / Math.max(lineCount, 1);
+            if (branchDensity > 0.15) {
+              probability += 0.25;
+              reasons.push(`High branch density (${branchKeywords.length} branches in ${lineCount} lines)`);
+            } else if (branchDensity > 0.08) {
+              probability += 0.1;
+              reasons.push("Moderate branch complexity");
+            }
+            const maxIndent = Math.max(...lines.map((l75) => {
+              const match = l75.match(/^(\s*)/);
+              return match ? match[1].length : 0;
+            }));
+            if (maxIndent > 20) {
+              probability += 0.15;
+              reasons.push("Deep nesting detected");
+            }
+            const debtComments = (content.match(/\b(TODO|FIXME|HACK|XXX|WORKAROUND)\b/gi) || []).length;
+            if (debtComments > 3) {
+              probability += 0.15;
+              reasons.push(`${debtComments} technical debt markers`);
+            }
+            const functionStarts = (content.match(/\b(function|def|func|async)\b/g) || []).length;
+            if (functionStarts > 0 && lineCount / functionStarts > 80) {
+              probability += 0.1;
+              reasons.push("Potentially long functions");
+            }
+            probability = Math.min(probability, 0.95);
+            if (probability >= minConfidence) {
+              const relativePath = filePath.startsWith(targetPath) ? filePath.slice(targetPath.length).replace(/^\//, "") : filePath;
+              predictedDefects.push({
+                file: relativePath,
+                probability: Math.round(probability * 100) / 100,
+                reason: reasons.join("; ")
+              });
+            }
+          } catch {
           }
-        ],
-        riskScore: 42,
-        recommendations: [
-          "Add integration tests for complex-module.ts",
-          "Refactor legacy-handler.ts to reduce complexity"
-        ]
-      });
+        }
+        predictedDefects.sort((a37, b68) => b68.probability - a37.probability);
+        const avgProb = predictedDefects.length > 0 ? predictedDefects.reduce((sum, d74) => sum + d74.probability, 0) / predictedDefects.length : 0;
+        const riskScore = Math.round(avgProb * 100);
+        const recommendations = [];
+        if (predictedDefects.length > 0) {
+          recommendations.push(`${predictedDefects.length} files flagged for potential defects out of ${sourceFiles.length} analyzed`);
+          const topFile = predictedDefects[0];
+          recommendations.push(`Highest risk: ${topFile.file} (${Math.round(topFile.probability * 100)}%) \u2014 ${topFile.reason}`);
+        }
+        if (predictedDefects.some((d74) => d74.reason.includes("Large file"))) {
+          recommendations.push("Consider splitting large files to reduce complexity");
+        }
+        if (predictedDefects.some((d74) => d74.reason.includes("technical debt"))) {
+          recommendations.push("Address TODO/FIXME comments to reduce technical debt");
+        }
+        if (predictedDefects.length === 0) {
+          recommendations.push("No files exceeded the defect probability threshold \u2014 code looks healthy");
+        }
+        return ok({
+          predictedDefects: predictedDefects.slice(0, 20),
+          // Top 20
+          riskScore,
+          recommendations,
+          filesAnalyzed: sourceFiles.length
+        });
+      } catch (error) {
+        return err(toError(error));
+      }
     });
     this.taskHandlers.set("validate-requirements", async (task) => {
       const payload = task.payload;
@@ -137584,50 +137966,54 @@ var coverageAnalyzeConfig = {
     const learning = generateV2LearningFeedback("coverage-analyzer");
     const detailedGaps = gaps.map((gap, i58) => {
       const g67 = gap;
+      if (!g67?.file) return null;
       return {
         id: `gap-${Date.now()}-${i58}`,
-        file: g67?.file || `src/module${i58}.ts`,
-        line: g67?.lines?.[0] || 10 + i58 * 5,
-        uncoveredLines: g67?.lines || [10 + i58 * 5, 20 + i58 * 5],
-        type: g67?.type || "uncovered-line",
-        severity: g67?.severity || (i58 < 2 ? "high" : "medium"),
-        reason: g67?.reason || "Missing test case",
-        priority: g67?.priority || (i58 < 2 ? "high" : "medium"),
-        suggestion: g67?.suggestedTest || `Add test for line ${10 + i58 * 5}`,
-        suggestedTest: g67?.suggestedTest || `Add test for line ${10 + i58 * 5}`,
-        riskScore: g67?.riskScore || 0.8 - i58 * 0.1,
-        confidence: g67?.confidence || 0.85
+        file: g67.file,
+        line: g67.lines?.[0] || 0,
+        uncoveredLines: g67.lines || [],
+        type: g67.type || "uncovered-line",
+        severity: g67.severity || "medium",
+        reason: g67.reason || "Missing test case",
+        priority: g67.priority || "medium",
+        suggestion: g67.suggestedTest || "Add test coverage",
+        suggestedTest: g67.suggestedTest || "Add test coverage",
+        riskScore: g67.riskScore || 0.5,
+        confidence: g67.confidence || 0.7
       };
-    });
-    return {
-      // V2-compatible fields
-      coverageByFile: Array.from({ length: totalFiles }, (_56, i58) => {
-        const variation = (i58 % 3 - 1) * 5;
-        return {
-          file: `src/module${i58}.ts`,
-          lineCoverage: Math.max(0, Math.min(100, lineCoverage + variation)),
-          branchCoverage: Math.max(0, Math.min(100, branchCoverage + variation - 2)),
-          functionCoverage: Math.max(0, Math.min(100, functionCoverage + variation + 2))
-        };
-      }),
+    }).filter((g67) => g67 !== null);
+    const coverageByFileData = data.coverageByFile;
+    const realCoverageByFile = coverageByFileData ? coverageByFileData.map((f74) => ({
+      file: f74.file,
+      lineCoverage: f74.lineCoverage || 0,
+      branchCoverage: f74.branchCoverage || 0,
+      functionCoverage: f74.functionCoverage || 0
+    })) : [];
+    return {
+      // V2-compatible fields — only real data, no synthetic file paths
+      coverageByFile: realCoverageByFile,
       gapAnalysis: {
         totalGaps: detailedGaps.length,
         highPriority: detailedGaps.filter((g67) => g67.priority === "high").length,
         gaps: detailedGaps
       },
       trends: {
-        lineCoverageTrend: "stable",
-        branchCoverageTrend: "improving",
-        weeklyChange: 2.5
+        lineCoverageTrend: totalFiles > 0 ? "stable" : "no-data",
+        branchCoverageTrend: totalFiles > 0 ? "stable" : "no-data",
+        weeklyChange: 0
       },
-      aiInsights: {
-        recommendations: [
-          "Focus on uncovered branches in authentication module",
-          "Add edge case tests for error handling paths",
-          "Consider property-based testing for utility functions"
+      aiInsights: totalFiles > 0 ? {
+        recommendations: data.recommendations || [
+          "Run tests with coverage enabled to get accurate metrics"
         ],
         riskAssessment: lineCoverage < 70 ? "high" : lineCoverage < 85 ? "medium" : "low",
         confidence: 0.88
+      } : {
+        recommendations: [
+          "No coverage data found. Run tests with coverage first (e.g., npm test -- --coverage, or pytest --cov)"
+        ],
+        riskAssessment: "unknown",
+        confidence: 0
       },
       learning,
       // V3 fields
@@ -153347,14 +153733,22 @@ async function handleTaskOrchestrate(params) {
   }
   const { queen, workflowOrchestrator } = getFleetState();
   try {
+    const inferredDomain = params.context?.project || inferDomainFromDescription(params.task);
+    const inferredIsCritical = params.priority === "critical" || /\b(security|vulnerability|cve|owasp|critical|production|exploit)\b/i.test(params.task);
     const router = await getTaskRouter();
     const routingResult = await router.routeTask({
       task: params.task,
       codeContext: params.codeContext,
       filePaths: params.filePaths,
       manualTier: params.manualTier,
-      isCritical: params.priority === "critical",
-      domain: params.context?.project
+      isCritical: inferredIsCritical,
+      agentType: `qe-${inferredDomain}`,
+      domain: inferredDomain,
+      metadata: {
+        inferredDomain,
+        hasCodeContext: !!params.codeContext,
+        fileCount: params.filePaths?.length
+      }
     });
     const reasoningBankService = await getReasoningBankService();
     const experienceGuidance = await reasoningBankService.getExperienceGuidance(
@@ -153492,14 +153886,22 @@ async function handleTaskOrchestrate(params) {
 async function handleModelRoute(params) {
   try {
     const router = await getTaskRouter();
+    const inferredDomain = params.domain || inferDomainFromDescription(params.task);
+    const inferredIsCritical = params.isCritical ?? /\b(security|vulnerability|cve|owasp|critical|production|exploit)\b/i.test(params.task);
     const result = await router.routeTask({
       task: params.task,
       codeContext: params.codeContext,
       filePaths: params.filePaths,
       manualTier: params.manualTier,
-      isCritical: params.isCritical,
-      agentType: params.agentType,
-      domain: params.domain
+      isCritical: inferredIsCritical,
+      agentType: params.agentType || `qe-${inferredDomain}`,
+      domain: inferredDomain,
+      // Pass metadata to help the complexity analyzer
+      metadata: {
+        inferredDomain,
+        hasCodeContext: !!params.codeContext,
+        fileCount: params.filePaths?.length
+      }
     });
     return {
       success: true,
@@ -153562,6 +153964,43 @@ async function handleRoutingMetrics(params) {
     };
   }
 }
+function inferDomainFromDescription(description) {
+  const lower = description.toLowerCase();
+  if (/\b(security|vulnerabilit|cve|owasp|secret|credential|injection|xss|csrf)\b/.test(lower)) {
+    return "security-compliance";
+  }
+  if (/\b(chaos|resilience|fault.?inject|disaster|failover)\b/.test(lower)) {
+    return "chaos-resilience";
+  }
+  if (/\b(defect|bug.?predict|risk.?assess|mutation)\b/.test(lower)) {
+    return "defect-intelligence";
+  }
+  if (/\b(coverage|uncovered|gap.?analy)\b/.test(lower)) {
+    return "coverage-analysis";
+  }
+  if (/\b(quality|code.?review|maintain|tech.?debt)\b/.test(lower)) {
+    return "quality-assessment";
+  }
+  if (/\b(contract|api.?compat|breaking.?change|pact)\b/.test(lower)) {
+    return "contract-testing";
+  }
+  if (/\b(index|knowledge.?graph|semantic|code.?intel)\b/.test(lower)) {
+    return "code-intelligence";
+  }
+  if (/\b(accessib|a11y|wcag|screen.?read)\b/.test(lower)) {
+    return "visual-accessibility";
+  }
+  if (/\b(requirement|bdd|acceptance|user.?stor)\b/.test(lower)) {
+    return "requirements-validation";
+  }
+  if (/\b(generat.*test|test.*generat|write.*test|create.*test)\b/.test(lower)) {
+    return "test-generation";
+  }
+  if (/\b(run.*test|execut.*test)\b/.test(lower)) {
+    return "test-execution";
+  }
+  return "test-generation";
+}
 function inferTaskType(description) {
   const lower = description.toLowerCase();
   if (/run\s+(?:\w+\s+)*tests?/.test(lower) || /execute\s+(?:\w+\s+)*tests?/.test(lower) || lower.includes("run tests") || lower.includes("execute tests")) {
@@ -155321,7 +155760,18 @@ var MCPProtocolServer = class {
   async start() {
     await initializeConnectionPool();
     this.transport.onRequest(async (request) => {
-      return this.handleRequest(request);
+      try {
+        return await this.handleRequest(request);
+      } catch (err4) {
+        const message = err4 instanceof Error ? err4.message : String(err4);
+        console.error(`[MCP] Unhandled error in request handler: ${message}`);
+        return {
+          content: [{
+            type: "text",
+            text: JSON.stringify({ success: false, error: `Internal error: ${message}` })
+          }]
+        };
+      }
     });
     this.transport.onNotification(async (notification) => {
       await this.handleNotification(notification);