cto-ai-cli 1.3.0 → 3.0.0

package/dist/api/server.js

@@ -0,0 +1,3401 @@
+#!/usr/bin/env node
+
+// src/api/server.ts
+import { createServer } from "http";
+import { resolve as resolve7 } from "path";
+
+// src/engine/analyzer.ts
+import { readFile as readFile2, readdir, stat as stat2 } from "fs/promises";
+import { join as join2, extname, relative as relative2, resolve as resolve2, basename as basename2 } from "path";
+import { createHash } from "crypto";
+
+// src/types/engine.ts
+var DEFAULT_RISK_WEIGHTS = {
+  hub: 30,
+  typeProvider: 25,
+  complexity: 15,
+  recency: 15,
+  config: 10,
+  churn: 5
+};
+
+// src/types/config.ts
+var DEFAULT_CONFIG = {
+  version: "2.0",
+  analysis: {
+    extensions: {
+      code: ["ts", "tsx", "js", "jsx", "py", "go", "rs", "java", "kt", "rb", "php", "c", "cpp", "h", "hpp", "cs"],
+      config: ["json", "yml", "yaml", "toml"],
+      docs: ["md", "txt", "rst"]
+    },
+    ignore: {
+      dirs: ["node_modules", "dist", "build", ".git", "coverage", "__pycache__", ".next", "vendor", ".cto"],
+      patterns: ["*.min.js", "*.map", "*.lock", "*.generated.*"]
+    },
+    maxDepth: 20
+  },
+  risk: {
+    weights: {
+      hub: 30,
+      typeProvider: 25,
+      complexity: 15,
+      recency: 15,
+      config: 10,
+      churn: 5
+    }
+  },
+  interaction: {
+    defaultBudget: 5e4,
+    defaultModel: "claude-sonnet-4"
+  },
+  tokens: {
+    method: "chars4"
+  },
+  governance: {
+    auditEnabled: true,
+    secretDetection: true,
+    retentionDays: 90
+  }
+};
+
+// src/engine/tokenizer.ts
+import { encodingForModel } from "js-tiktoken";
+import { readFile, stat } from "fs/promises";
+var CHARS_PER_TOKEN = 4;
+var encoder = null;
+function getEncoder() {
+  if (!encoder) {
+    encoder = encodingForModel("claude-3-5-sonnet-20241022");
+  }
+  return encoder;
+}
+function countTokensTiktoken(text) {
+  try {
+    const enc = getEncoder();
+    const tokens = enc.encode(text);
+    return tokens.length;
+  } catch {
+    return Math.ceil(text.length / CHARS_PER_TOKEN);
+  }
+}
+function countTokensChars4(sizeInBytes) {
+  return Math.ceil(sizeInBytes / CHARS_PER_TOKEN);
+}
+function estimateTokens(content, sizeInBytes, method = "chars4") {
+  if (method === "tiktoken") {
+    return countTokensTiktoken(content);
+  }
+  return countTokensChars4(sizeInBytes);
+}
+
+// src/engine/graph.ts
+import { Project, SyntaxKind } from "ts-morph";
+import { resolve, relative, dirname, join } from "path";
+import { existsSync } from "fs";
+var TS_EXTENSIONS = /* @__PURE__ */ new Set(["ts", "tsx", "js", "jsx", "mts", "mjs", "cts", "cjs"]);
+function createProject(projectPath, filePaths) {
+  const tsConfigPath = join(projectPath, "tsconfig.json");
+  const hasTsConfig = existsSync(tsConfigPath);
+  const project = new Project({
+    tsConfigFilePath: hasTsConfig ? tsConfigPath : void 0,
+    skipAddingFilesFromTsConfig: true,
+    compilerOptions: hasTsConfig ? void 0 : {
+      allowJs: true,
+      jsx: 4,
+      // JsxEmit.ReactJSX
+      esModuleInterop: true,
+      moduleResolution: 100
+      // Bundler
+    }
+  });
+  const tsFiles = filePaths.filter((f) => {
+    const ext = f.split(".").pop()?.toLowerCase() ?? "";
+    return TS_EXTENSIONS.has(ext);
+  });
+  for (const filePath of tsFiles) {
+    try {
+      project.addSourceFileAtPath(filePath);
+    } catch {
+    }
+  }
+  return project;
+}
+function buildProjectGraph(projectPath, files) {
+  const absPath = resolve(projectPath);
+  const tsFiles = files.filter((f) => TS_EXTENSIONS.has(f.extension)).map((f) => f.path);
+  if (tsFiles.length === 0) {
+    return emptyGraph(files);
+  }
+  let project;
+  try {
+    project = createProject(projectPath, tsFiles);
+  } catch {
+    return emptyGraph(files);
+  }
+  const edges = [];
+  const nodeSet = /* @__PURE__ */ new Set();
+  for (const sourceFile of project.getSourceFiles()) {
+    const fromRel = relative(absPath, sourceFile.getFilePath());
+    if (fromRel.startsWith("..") || fromRel.includes("node_modules")) continue;
+    nodeSet.add(fromRel);
+    for (const imp of sourceFile.getImportDeclarations()) {
+      const moduleSpecifier = imp.getModuleSpecifierValue();
+      const resolved = resolveImport(sourceFile, moduleSpecifier, absPath);
+      if (resolved) {
+        nodeSet.add(resolved);
+        edges.push({ from: fromRel, to: resolved, type: "import" });
+      }
+    }
+    for (const exp of sourceFile.getExportDeclarations()) {
+      const moduleSpecifier = exp.getModuleSpecifierValue();
+      if (moduleSpecifier) {
+        const resolved = resolveImport(sourceFile, moduleSpecifier, absPath);
+        if (resolved) {
+          nodeSet.add(resolved);
+          edges.push({ from: fromRel, to: resolved, type: "re-export" });
+        }
+      }
+    }
+  }
+  const nodes = Array.from(nodeSet);
+  const importedByCount = /* @__PURE__ */ new Map();
+  const importCount = /* @__PURE__ */ new Map();
+  for (const edge of edges) {
+    importedByCount.set(edge.to, (importedByCount.get(edge.to) ?? 0) + 1);
+    importCount.set(edge.from, (importCount.get(edge.from) ?? 0) + 1);
+  }
+  const N = Math.max(nodes.length, 1);
+  const hubs = nodes.map((node) => {
+    const inDeg = importedByCount.get(node) ?? 0;
+    const outDeg = importCount.get(node) ?? 0;
+    const centrality = N > 1 ? inDeg / (N - 1) * 100 : 0;
+    const score = Math.round(centrality + outDeg * (100 / (2 * N)));
+    return {
+      relativePath: node,
+      dependents: inDeg,
+      dependencies: outDeg,
+      score: Math.min(100, score)
+    };
+  }).filter((h) => h.dependents >= 3 || h.score >= 15).sort((a, b) => b.score - a.score);
+  const leaves = nodes.filter(
+    (node) => (importedByCount.get(node) ?? 0) === 0 && (importCount.get(node) ?? 0) > 0
+  );
+  const connectedNodes = /* @__PURE__ */ new Set();
+  for (const edge of edges) {
+    connectedNodes.add(edge.from);
+    connectedNodes.add(edge.to);
+  }
+  const allFileNodes = new Set(files.map((f) => f.relativePath));
+  const orphans = Array.from(allFileNodes).filter((n) => !connectedNodes.has(n));
+  const clusters = detectClusters(nodes, edges, files);
+  enrichComplexity(project, absPath, files);
+  return { nodes, edges, hubs, leaves, orphans, clusters };
+}
+var UnionFind = class {
+  parent;
+  rank;
+  constructor(nodes) {
+    this.parent = /* @__PURE__ */ new Map();
+    this.rank = /* @__PURE__ */ new Map();
+    for (const n of nodes) {
+      this.parent.set(n, n);
+      this.rank.set(n, 0);
+    }
+  }
+  find(x) {
+    const p = this.parent.get(x);
+    if (p === void 0) return x;
+    if (p !== x) {
+      this.parent.set(x, this.find(p));
+    }
+    return this.parent.get(x);
+  }
+  union(a, b) {
+    const ra = this.find(a);
+    const rb = this.find(b);
+    if (ra === rb) return;
+    const rankA = this.rank.get(ra) ?? 0;
+    const rankB = this.rank.get(rb) ?? 0;
+    if (rankA < rankB) {
+      this.parent.set(ra, rb);
+    } else if (rankA > rankB) {
+      this.parent.set(rb, ra);
+    } else {
+      this.parent.set(rb, ra);
+      this.rank.set(ra, rankA + 1);
+    }
+  }
+};
+function detectClusters(nodes, edges, files) {
+  const uf = new UnionFind(nodes);
+  for (const edge of edges) {
+    uf.union(edge.from, edge.to);
+  }
+  const components = /* @__PURE__ */ new Map();
+  for (const node of nodes) {
+    const root = uf.find(node);
+    if (!components.has(root)) components.set(root, []);
+    components.get(root).push(node);
+  }
+  const tokenMap = new Map(files.map((f) => [f.relativePath, f.tokens]));
+  const clusters = [];
+  for (const [, groupFiles] of components) {
+    if (groupFiles.length < 2) continue;
+    const name = commonPrefix(groupFiles);
+    const fileSet = new Set(groupFiles);
+    let internalEdges = 0;
+    let externalEdges = 0;
+    for (const edge of edges) {
+      const fromIn = fileSet.has(edge.from);
+      const toIn = fileSet.has(edge.to);
+      if (fromIn && toIn) internalEdges++;
+      else if (fromIn || toIn) externalEdges++;
+    }
+    const totalEdges = internalEdges + externalEdges;
+    const cohesion = totalEdges > 0 ? internalEdges / totalEdges : 0;
+    const totalTokens = groupFiles.reduce((s, f) => s + (tokenMap.get(f) ?? 0), 0);
+    clusters.push({
+      id: name.replace(/[^a-zA-Z0-9]/g, "-") || `cluster-${clusters.length}`,
+      name: name || `cluster-${clusters.length}`,
+      files: groupFiles,
+      totalTokens,
+      internalEdges,
+      externalEdges,
+      cohesion: Math.round(cohesion * 100) / 100
+    });
+  }
+  return clusters.sort((a, b) => b.files.length - a.files.length);
+}
+function commonPrefix(paths) {
+  if (paths.length === 0) return "";
+  const parts = paths.map((p) => p.split("/"));
+  const prefix = [];
+  for (let i = 0; i < parts[0].length - 1; i++) {
+    const segment = parts[0][i];
+    if (parts.every((p) => p[i] === segment)) {
+      prefix.push(segment);
+    } else break;
+  }
+  return prefix.join("/") || parts[0][0];
+}
+function enrichComplexity(project, absPath, files) {
+  const fileMap = new Map(files.map((f) => [f.relativePath, f]));
+  for (const sourceFile of project.getSourceFiles()) {
+    const relPath = relative(absPath, sourceFile.getFilePath());
+    if (relPath.startsWith("..") || relPath.includes("node_modules")) continue;
+    const file = fileMap.get(relPath);
+    if (!file) continue;
+    let totalComplexity = 0;
+    for (const func of sourceFile.getFunctions()) {
+      totalComplexity += calculateCyclomaticComplexity(func);
+    }
+    for (const cls of sourceFile.getClasses()) {
+      for (const method of cls.getMethods()) {
+        totalComplexity += calculateCyclomaticComplexity(method);
+      }
+    }
+    for (const varDecl of sourceFile.getVariableDeclarations()) {
+      const init = varDecl.getInitializer();
+      if (init && (init.getKind() === SyntaxKind.ArrowFunction || init.getKind() === SyntaxKind.FunctionExpression)) {
+        totalComplexity += calculateCyclomaticComplexity(init);
+      }
+    }
+    file.complexity = Math.max(1, totalComplexity);
+  }
+}
+function calculateCyclomaticComplexity(node) {
+  let complexity = 1;
+  node.forEachDescendant((descendant) => {
+    switch (descendant.getKind()) {
+      case SyntaxKind.IfStatement:
+      case SyntaxKind.ConditionalExpression:
+      case SyntaxKind.ForStatement:
+      case SyntaxKind.ForInStatement:
+      case SyntaxKind.ForOfStatement:
+      case SyntaxKind.WhileStatement:
+      case SyntaxKind.DoStatement:
+      case SyntaxKind.CaseClause:
+      case SyntaxKind.CatchClause:
+        complexity++;
+        break;
+      case SyntaxKind.BinaryExpression: {
+        const opToken = descendant.getOperatorToken?.();
+        if (opToken) {
+          const kind = opToken.getKind();
+          if (kind === SyntaxKind.AmpersandAmpersandToken || kind === SyntaxKind.BarBarToken || kind === SyntaxKind.QuestionQuestionToken) {
+            complexity++;
+          }
+        }
+        break;
+      }
+    }
+  });
+  return complexity;
+}
+function resolveImport(sourceFile, moduleSpecifier, projectRoot) {
+  if (!moduleSpecifier.startsWith(".")) return null;
+  const sourceDir = dirname(sourceFile.getFilePath());
+  const basePath = resolve(sourceDir, moduleSpecifier);
+  const extensions = [".ts", ".tsx", ".js", ".jsx", "/index.ts", "/index.tsx", "/index.js", "/index.jsx"];
+  for (const ext of extensions) {
+    const candidate = basePath.endsWith(ext) ? basePath : basePath + ext;
+    if (existsSync(candidate)) {
+      const rel = relative(projectRoot, candidate);
+      if (!rel.startsWith("..")) return rel;
+    }
+  }
+  if (moduleSpecifier.endsWith(".js")) {
+    const tsPath = basePath.replace(/\.js$/, ".ts");
+    if (existsSync(tsPath)) {
+      const rel = relative(projectRoot, tsPath);
+      if (!rel.startsWith("..")) return rel;
+    }
+  }
+  return null;
+}
+function emptyGraph(files) {
+  return {
+    nodes: files.map((f) => f.relativePath),
+    edges: [],
+    hubs: [],
+    leaves: [],
+    orphans: files.map((f) => f.relativePath),
+    clusters: []
+  };
+}
+
+// src/engine/risk.ts
+function scoreAllFiles(files, graph, weights = DEFAULT_RISK_WEIGHTS) {
+  const typeProviderUsage = computeTypeProviderUsage(files, graph);
+  for (const file of files) {
+    const factors = computeRiskFactors(file, graph, typeProviderUsage, weights);
+    file.riskFactors = factors;
+    file.riskScore = computeWeightedScore(factors);
+    file.exclusionImpact = scoreToImpact(file.riskScore);
+  }
+}
+function computeRiskFactors(file, graph, typeProviderUsage, weights) {
+  const factors = [];
+  factors.push(computeHubFactor(file, weights.hub));
+  factors.push(computeTypeProviderFactor(file, typeProviderUsage, weights.typeProvider));
+  factors.push(computeComplexityFactor(file, weights.complexity));
+  factors.push(computeRecencyFactor(file, weights.recency));
+  factors.push(computeConfigFactor(file, weights.config));
+  factors.push(computeChurnFactor(file, weights.churn));
+  return factors;
+}
+function computeHubFactor(file, weight) {
+  const dependents = file.importedBy.length;
+  const K = 12;
+  const score = dependents === 0 ? 0 : Math.min(100, Math.round(100 * Math.log2(1 + dependents) / Math.log2(1 + K)));
+  const detail = dependents === 0 ? "No dependents" : `Hub: ${dependents} file(s) depend on this (score ${score}/100)`;
+  return { type: "hub", score, weight, detail };
+}
+function computeTypeProviderFactor(file, usage, weight) {
+  const isTypeFile = file.kind === "type";
+  const consumers = usage.get(file.relativePath) ?? 0;
+  let score;
+  let detail;
+  if (isTypeFile && consumers >= 4) {
+    score = 100;
+    detail = `Type provider: used by ${consumers} files (critical type source)`;
+  } else if (isTypeFile && consumers >= 1) {
+    score = 50;
+    detail = `Type provider: used by ${consumers} files`;
+  } else if (isTypeFile) {
+    score = 30;
+    detail = "Type file (no detected consumers)";
+  } else {
+    score = 0;
+    detail = "Not a type provider";
+  }
+  return { type: "type-provider", score, weight, detail };
+}
+function computeComplexityFactor(file, weight) {
+  const c = file.complexity;
+  const K = 30;
+  const score = Math.min(100, Math.round(100 * Math.log(1 + c) / Math.log(1 + K)));
+  const detail = c >= 30 ? `Very high complexity: ${c} (AI needs full context)` : c >= 10 ? `High complexity: ${c}` : `Complexity: ${c}`;
+  return { type: "complexity", score, weight, detail };
+}
+function computeRecencyFactor(file, weight) {
+  const now = Date.now();
+  const modified = new Date(file.lastModified).getTime();
+  const daysAgo = (now - modified) / (1e3 * 60 * 60 * 24);
+  const HALF_LIFE = 7;
+  const score = Math.round(100 * Math.pow(2, -daysAgo / HALF_LIFE));
+  const detail = daysAgo <= 1 ? "Modified today" : `Modified ${Math.round(daysAgo)} days ago (decay score ${score})`;
+  return { type: "recency", score, weight, detail };
+}
+function computeConfigFactor(file, weight) {
+  let score;
+  let detail;
+  if (file.kind === "entry") {
+    score = 90;
+    detail = "Entry point \u2014 critical for understanding app structure";
+  } else if (file.kind === "config") {
+    score = 80;
+    detail = "Configuration file \u2014 affects runtime behavior";
+  } else {
+    score = 0;
+    detail = "Regular source file";
+  }
+  return { type: "config", score, weight, detail };
+}
+function computeChurnFactor(file, weight) {
+  const complexitySignal = Math.min(file.complexity / 20, 1);
+  const now = Date.now();
+  const daysAgo = (now - new Date(file.lastModified).getTime()) / (1e3 * 60 * 60 * 24);
+  const recencySignal = Math.pow(2, -daysAgo / 7);
+  const score = Math.round(Math.sqrt(complexitySignal * recencySignal) * 100);
+  const detail = score >= 50 ? "Likely under active development (complex + recent)" : score >= 20 ? "Some recent activity" : "Stable \u2014 low churn (proxy estimate)";
+  return { type: "churn", score, weight, detail };
+}
+function computeWeightedScore(factors) {
+  let totalWeightedScore = 0;
+  let totalWeight = 0;
+  for (const factor of factors) {
+    totalWeightedScore += factor.score * factor.weight;
+    totalWeight += factor.weight;
+  }
+  if (totalWeight === 0) return 0;
+  return Math.round(totalWeightedScore / totalWeight);
+}
+function scoreToImpact(score) {
+  if (score >= 80) return "critical";
+  if (score >= 60) return "high";
+  if (score >= 30) return "medium";
+  if (score > 0) return "low";
+  return "none";
+}
+function computeTypeProviderUsage(files, graph) {
+  const usage = /* @__PURE__ */ new Map();
+  const typeFiles = new Set(
+    files.filter((f) => f.kind === "type").map((f) => f.relativePath)
+  );
+  for (const edge of graph.edges) {
+    if (typeFiles.has(edge.to)) {
+      usage.set(edge.to, (usage.get(edge.to) ?? 0) + 1);
+    }
+  }
+  return usage;
+}
+
+// src/engine/analyzer.ts
+function matchesPattern(filename, patterns) {
+  for (const pattern of patterns) {
+    if (pattern.startsWith("*.")) {
+      const ext = pattern.slice(1);
+      if (filename.endsWith(ext)) return true;
+    } else if (filename === pattern) {
+      return true;
+    }
+  }
+  return false;
+}
+async function walkProject(rootPath, options) {
+  const results = [];
+  const { ignoreDirs, ignorePatterns, extensions, maxDepth = 20 } = options;
+  const ignoreDirSet = new Set(ignoreDirs);
+  async function walk(dir, depth) {
+    if (depth > maxDepth) return;
+    let entries;
+    try {
+      entries = await readdir(dir, { withFileTypes: true });
+    } catch {
+      return;
+    }
+    const promises = [];
+    for (const entry of entries) {
+      const fullPath = join2(dir, entry.name);
+      if (entry.isDirectory()) {
+        if (!ignoreDirSet.has(entry.name) && !entry.name.startsWith(".")) {
+          promises.push(walk(fullPath, depth + 1));
+        }
+      } else if (entry.isFile()) {
+        const ext = extname(entry.name).slice(1).toLowerCase();
+        if (ext && extensions.includes(ext) && !matchesPattern(entry.name, ignorePatterns)) {
+          promises.push(
+            (async () => {
+              const fileStat = await stat2(fullPath).catch(() => null);
+              if (!fileStat) return;
+              let lines = 0;
+              try {
+                const content = await readFile2(fullPath, "utf-8");
+                lines = content.split("\n").length;
+              } catch {
+                lines = 0;
+              }
+              results.push({
+                path: fullPath,
+                relativePath: relative2(rootPath, fullPath),
+                extension: ext,
+                size: fileStat.size,
+                lastModified: fileStat.mtime,
+                lines
+              });
+            })()
+          );
+        }
+      }
+    }
+    await Promise.all(promises);
+  }
+  await walk(rootPath, 0);
+  return results;
+}
+var TYPE_PATTERNS = [/types?\//i, /\.d\.ts$/, /interfaces?\//i];
+var TEST_PATTERNS = [/\.test\.[jt]sx?$/, /\.spec\.[jt]sx?$/, /\/__tests__\//, /\/tests?\//];
+var CONFIG_PATTERNS = [/\.config\.[jt]s$/, /rc\.[jt]s$/, /\.env/, /tsconfig/, /package\.json$/, /\.yml$/, /\.yaml$/, /\.toml$/];
+var ENTRY_PATTERNS = [/^index\.[jt]sx?$/, /^main\.[jt]sx?$/, /^app\.[jt]sx?$/, /^server\.[jt]sx?$/];
+function classifyFileKind(relativePath) {
+  const filename = basename2(relativePath);
+  if (TYPE_PATTERNS.some((p) => p.test(relativePath))) return "type";
+  if (TEST_PATTERNS.some((p) => p.test(relativePath))) return "test";
+  if (CONFIG_PATTERNS.some((p) => p.test(relativePath) || p.test(filename))) return "config";
+  if (ENTRY_PATTERNS.some((p) => p.test(filename))) return "entry";
+  return "source";
+}
+function detectStack(files) {
+  const stack = [];
+  const extensions = new Set(files.map((f) => f.extension));
+  const paths = files.map((f) => f.relativePath.toLowerCase());
+  if (extensions.has("ts") || extensions.has("tsx")) stack.push("TypeScript");
+  else if (extensions.has("js") || extensions.has("jsx")) stack.push("JavaScript");
+  if (extensions.has("py")) stack.push("Python");
+  if (extensions.has("go")) stack.push("Go");
+  if (extensions.has("rs")) stack.push("Rust");
+  if (extensions.has("java")) stack.push("Java");
+  if (extensions.has("kt")) stack.push("Kotlin");
+  if (extensions.has("rb")) stack.push("Ruby");
+  if (extensions.has("php")) stack.push("PHP");
+  if (extensions.has("cs")) stack.push("C#");
+  if (extensions.has("c") || extensions.has("cpp")) stack.push("C/C++");
+  if (paths.some((p) => p.includes("next.config"))) stack.push("Next.js");
+  if (paths.some((p) => p.includes("nuxt.config"))) stack.push("Nuxt");
+  if (paths.some((p) => p.includes("angular.json"))) stack.push("Angular");
+  return stack;
+}
+async function analyzeProject(projectPath, config) {
+  const absPath = resolve2(projectPath);
+  const projectName = basename2(absPath);
+  const mergedConfig = mergeConfig(DEFAULT_CONFIG, config);
+  const allExtensions = [
+    ...mergedConfig.analysis.extensions.code,
+    ...mergedConfig.analysis.extensions.config,
+    ...mergedConfig.analysis.extensions.docs
+  ];
+  const walkEntries = await walkProject(absPath, {
+    ignoreDirs: mergedConfig.analysis.ignore.dirs,
+    ignorePatterns: mergedConfig.analysis.ignore.patterns,
+    extensions: allExtensions,
+    maxDepth: mergedConfig.analysis.maxDepth
+  });
+  const tokenMethod = mergedConfig.tokens.method;
+  const files = [];
+  for (const entry of walkEntries) {
+    let tokens;
+    if (tokenMethod === "tiktoken") {
+      try {
+        const content = await readFile2(entry.path, "utf-8");
+        tokens = estimateTokens(content, entry.size, "tiktoken");
+      } catch {
+        tokens = countTokensChars4(entry.size);
+      }
+    } else {
+      tokens = countTokensChars4(entry.size);
+    }
+    files.push({
+      path: entry.path,
+      relativePath: entry.relativePath,
+      extension: entry.extension,
+      size: entry.size,
+      tokens,
+      lines: entry.lines,
+      lastModified: entry.lastModified,
+      kind: classifyFileKind(entry.relativePath),
+      // Graph data — populated by graph analysis
+      imports: [],
+      importedBy: [],
+      isHub: false,
+      complexity: 0,
+      // Risk data — populated by risk analysis
+      riskScore: 0,
+      riskFactors: [],
+      exclusionImpact: "none"
+    });
+  }
+  const graph = buildProjectGraph(absPath, files);
+  for (const file of files) {
+    const nodeImports = [];
+    const nodeImportedBy = [];
+    for (const edge of graph.edges) {
+      if (edge.from === file.relativePath) nodeImports.push(edge.to);
+      if (edge.to === file.relativePath) nodeImportedBy.push(edge.from);
+    }
+    file.imports = nodeImports;
+    file.importedBy = nodeImportedBy;
+    file.isHub = graph.hubs.some((h) => h.relativePath === file.relativePath);
+  }
+  const riskWeights = mergedConfig.risk.weights;
+  scoreAllFiles(files, graph, riskWeights);
+  const riskProfile = {
+    distribution: {
+      critical: files.filter((f) => f.riskScore >= 80).length,
+      high: files.filter((f) => f.riskScore >= 60 && f.riskScore < 80).length,
+      medium: files.filter((f) => f.riskScore >= 30 && f.riskScore < 60).length,
+      low: files.filter((f) => f.riskScore < 30).length
+    },
+    topRiskFiles: [...files].sort((a, b) => b.riskScore - a.riskScore).slice(0, 10),
+    overallComplexity: files.length > 0 ? files.reduce((s, f) => s + f.complexity, 0) / files.length : 0
+  };
+  const totalTokens = files.reduce((s, f) => s + f.tokens, 0);
+  const hashInput = files.map((f) => `${f.relativePath}:${f.tokens}:${f.riskScore}`).sort().join("|");
+  const hash = createHash("sha256").update(hashInput).digest("hex").substring(0, 16);
+  const stack = detectStack(walkEntries);
+  return {
+    projectPath: absPath,
+    projectName,
+    analyzedAt: /* @__PURE__ */ new Date(),
+    hash,
+    files,
+    totalFiles: files.length,
+    totalTokens,
+    graph,
+    riskProfile,
+    stack,
+    tokenMethod
+  };
+}
+function mergeConfig(base, overrides) {
+  if (!overrides) return base;
+  return {
+    ...base,
+    ...overrides,
+    analysis: {
+      ...base.analysis,
+      ...overrides.analysis,
+      extensions: {
+        ...base.analysis.extensions,
+        ...overrides.analysis?.extensions
+      },
+      ignore: {
+        ...base.analysis.ignore,
+        ...overrides.analysis?.ignore
+      }
+    },
+    risk: {
+      ...base.risk,
+      ...overrides.risk,
+      weights: {
+        ...base.risk.weights,
+        ...overrides.risk?.weights
+      }
+    },
+    interaction: {
+      ...base.interaction,
+      ...overrides.interaction
+    },
+    tokens: {
+      ...base.tokens,
+      ...overrides.tokens
+    },
+    governance: {
+      ...base.governance,
+      ...overrides.governance
+    }
+  };
+}
+
+// src/engine/cache.ts
+import { createHash as createHash2 } from "crypto";
+import { readdir as readdir2, stat as stat3 } from "fs/promises";
+import { join as join3, extname as extname2, relative as relative3, resolve as resolve3 } from "path";
+var DEFAULT_CACHE_OPTIONS = {
+  maxAgeMs: 5 * 60 * 1e3,
+  // 5 minutes
+  maxEntries: 10,
+  enabled: true
+};
+var cache = /* @__PURE__ */ new Map();
+var cacheOptions = { ...DEFAULT_CACHE_OPTIONS };
+async function computeFingerprint(rootPath, config = DEFAULT_CONFIG) {
+  const entries = [];
+  const allExtensions = /* @__PURE__ */ new Set([
+    ...config.analysis.extensions.code,
+    ...config.analysis.extensions.config,
+    ...config.analysis.extensions.docs
+  ]);
+  const ignoreDirSet = new Set(config.analysis.ignore.dirs);
+  async function walk(dir, depth) {
+    if (depth > config.analysis.maxDepth) return;
+    let dirEntries;
+    try {
+      dirEntries = await readdir2(dir, { withFileTypes: true });
+    } catch {
+      return;
+    }
+    const promises = [];
+    for (const entry of dirEntries) {
+      const fullPath = join3(dir, entry.name);
+      if (entry.isDirectory()) {
+        if (!ignoreDirSet.has(entry.name) && !entry.name.startsWith(".")) {
+          promises.push(walk(fullPath, depth + 1));
+        }
+      } else if (entry.isFile()) {
+        const ext = extname2(entry.name).slice(1).toLowerCase();
+        if (ext && allExtensions.has(ext)) {
+          promises.push(
+            (async () => {
+              try {
+                const s = await stat3(fullPath);
+                const rel = relative3(rootPath, fullPath);
+                entries.push(`${rel}:${s.mtimeMs.toFixed(0)}:${s.size}`);
+              } catch {
+              }
+            })()
+          );
+        }
+      }
+    }
+    await Promise.all(promises);
+  }
+  await walk(rootPath, 0);
+  entries.sort();
+  return createHash2("sha256").update(entries.join("|")).digest("hex").substring(0, 16);
+}
+async function getCachedAnalysis(projectPath, config) {
+  const absPath = resolve3(projectPath);
+  if (!cacheOptions.enabled) {
+    return analyzeProject(absPath, config);
+  }
+  const existing = cache.get(absPath);
+  if (existing) {
+    const age = Date.now() - existing.createdAt;
+    if (age > cacheOptions.maxAgeMs) {
+      cache.delete(absPath);
+    }
+  }
+  const mergedConfig = config ? { ...DEFAULT_CONFIG, ...config } : DEFAULT_CONFIG;
+  const fingerprint = await computeFingerprint(absPath, mergedConfig);
+  const cached = cache.get(absPath);
+  if (cached && cached.fingerprint === fingerprint) {
+    cached.hits++;
+    return cached.analysis;
+  }
+  const analysis = await analyzeProject(absPath, config);
+  if (cache.size >= cacheOptions.maxEntries) {
+    const oldest = [...cache.entries()].sort(
+      (a, b) => a[1].createdAt - b[1].createdAt
+    )[0];
+    if (oldest) cache.delete(oldest[0]);
+  }
+  cache.set(absPath, {
+    analysis,
+    fingerprint,
+    createdAt: Date.now(),
+    hits: 0
+  });
+  return analysis;
+}
+
+// src/engine/selector.ts
+import { createHash as createHash3 } from "crypto";
+
+// src/govern/secrets.ts
+import { readFile as readFile3 } from "fs/promises";
+import { resolve as resolve4, relative as relative4 } from "path";
+var BUILTIN_PATTERNS = [
+  // API Keys
+  { type: "api-key", source: `(?:api[_-]?key|apikey)\\s*[:=]\\s*['"]?([a-zA-Z0-9_\\-]{20,})['"]?`, flags: "gi", severity: "critical", description: "API Key" },
+  { type: "api-key", source: "sk-[a-zA-Z0-9]{20,}", flags: "g", severity: "critical", description: "OpenAI/Anthropic API Key" },
+  { type: "api-key", source: "sk-ant-[a-zA-Z0-9\\-]{20,}", flags: "g", severity: "critical", description: "Anthropic API Key" },
+  // AWS
+  { type: "aws-key", source: "AKIA[0-9A-Z]{16}", flags: "g", severity: "critical", description: "AWS Access Key ID" },
+  { type: "aws-key", source: `(?:aws_secret_access_key|aws_secret)\\s*[:=]\\s*['"]?([a-zA-Z0-9/+=]{40})['"]?`, flags: "gi", severity: "critical", description: "AWS Secret Key" },
+  // Private Keys
+  { type: "private-key", source: "-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----", flags: "g", severity: "critical", description: "Private Key" },
+  { type: "private-key", source: "-----BEGIN OPENSSH PRIVATE KEY-----", flags: "g", severity: "critical", description: "SSH Private Key" },
+  // Passwords
+  { type: "password", source: `(?:password|passwd|pwd)\\s*[:=]\\s*['"]([^'"]{8,})['"](?!\\s*\\{)`, flags: "gi", severity: "high", description: "Hardcoded Password" },
+  { type: "password", source: `(?:DB_PASSWORD|DATABASE_PASSWORD|MYSQL_PASSWORD|POSTGRES_PASSWORD)\\s*[:=]\\s*['"]?([^'"{}\\s]{4,})['"]?`, flags: "gi", severity: "high", description: "Database Password" },
+  // Tokens
+  { type: "token", source: `(?:bearer|token|auth_token|access_token|refresh_token)\\s*[:=]\\s*['"]([a-zA-Z0-9_\\-.]{20,})['"](?!\\s*\\{)`, flags: "gi", severity: "high", description: "Auth Token" },
+  { type: "token", source: "ghp_[a-zA-Z0-9]{36}", flags: "g", severity: "critical", description: "GitHub Personal Access Token" },
+  { type: "token", source: "gho_[a-zA-Z0-9]{36}", flags: "g", severity: "critical", description: "GitHub OAuth Token" },
+  { type: "token", source: "glpat-[a-zA-Z0-9\\-]{20,}", flags: "g", severity: "critical", description: "GitLab Personal Access Token" },
+  { type: "token", source: "npm_[a-zA-Z0-9]{36}", flags: "g", severity: "high", description: "npm Token" },
+  // Connection strings
+  { type: "connection-string", source: `(?:mongodb(?:\\+srv)?|postgres(?:ql)?|mysql|redis|amqp):\\/\\/[^\\s'"]+:[^\\s'"]+@[^\\s'"]+`, flags: "gi", severity: "critical", description: "Database Connection String" },
+  { type: "connection-string", source: `(?:DATABASE_URL|REDIS_URL|MONGODB_URI)\\s*[:=]\\s*['"]?([^\\s'"]{10,})['"]?`, flags: "gi", severity: "high", description: "Database URL" },
+  // Environment variables with secrets
+  { type: "env-variable", source: `(?:SECRET|PRIVATE|ENCRYPTION)[_-]?(?:KEY|TOKEN|PASS)\\s*[:=]\\s*['"]?([^\\s'"]{8,})['"]?`, flags: "gi", severity: "high", description: "Secret Environment Variable" }
+];
+function buildPatterns(customPatterns = []) {
+  const patterns = BUILTIN_PATTERNS.map((def) => ({
+    type: def.type,
+    pattern: new RegExp(def.source, def.flags),
+    severity: def.severity,
+    description: def.description
+  }));
+  for (const custom of customPatterns) {
+    try {
+      patterns.push({
+        type: "custom",
+        pattern: new RegExp(custom, "gi"),
+        severity: "medium",
+        description: `Custom pattern: ${custom}`
+      });
+    } catch {
+    }
+  }
+  return patterns;
+}
+function scanContentForSecrets(content, filePath, customPatterns = []) {
+  const findings = [];
+  const lines = content.split("\n");
+  const allPatterns = buildPatterns(customPatterns);
+  for (const secretPattern of allPatterns) {
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      secretPattern.pattern.lastIndex = 0;
+      let match;
+      while ((match = secretPattern.pattern.exec(line)) !== null) {
+        const matchText = match[0];
+        if (isTemplateOrPlaceholder(matchText)) continue;
+        findings.push({
+          type: secretPattern.type,
+          file: filePath,
+          line: i + 1,
+          match: matchText,
+          redacted: redactSecret(matchText),
+          severity: secretPattern.severity
+        });
+      }
+    }
+  }
+  return deduplicateFindings(findings);
+}
+async function scanFileForSecrets(filePath, projectPath, customPatterns = []) {
+  try {
+    const content = await readFile3(filePath, "utf-8");
+    const relPath = relative4(resolve4(projectPath), resolve4(filePath));
+    return scanContentForSecrets(content, relPath, customPatterns);
+  } catch {
+    return [];
+  }
+}
+function redactSecret(value) {
+  if (value.length <= 8) return "***REDACTED***";
+  const prefix = value.substring(0, 4);
+  const suffix = value.substring(value.length - 2);
+  return `${prefix}${"*".repeat(Math.min(value.length - 6, 20))}${suffix}`;
+}
+function isTemplateOrPlaceholder(value) {
+  const placeholders = [
+    /\$\{.*\}/,
+    /\{\{.*\}\}/,
+    /%[sd]/,
+    /<[A-Z_]+>/,
+    /YOUR_.*_HERE/i,
+    /\bCHANGE_ME\b/i,
+    /\bPLACEHOLDER\b/i,
+    /\bexample\b/i,
+    /\bTODO\b/i,
+    /xxx+/i,
+    /\breplace.?me\b/i,
+    /\bdummy\b/i,
+    /\btest_?key\b/i,
+    /\bsample\b/i
+  ];
+  return placeholders.some((p) => p.test(value));
+}
+function deduplicateFindings(findings) {
+  const seen = /* @__PURE__ */ new Set();
+  return findings.filter((f) => {
+    const key = `${f.file}:${f.line}:${f.type}:${f.match}`;
+    if (seen.has(key)) return false;
+    seen.add(key);
+    return true;
+  });
+}
+
+// src/engine/pruner.ts
+import { Project as Project2, SyntaxKind as SyntaxKind2 } from "ts-morph";
+import { readFile as readFile4 } from "fs/promises";
+import { existsSync as existsSync2 } from "fs";
+import { join as join4 } from "path";
+var TS_EXTENSIONS2 = /* @__PURE__ */ new Set(["ts", "tsx", "js", "jsx", "mts", "mjs"]);
+async function pruneFile(file, level) {
+  if (level === "excluded") {
+    return emptyResult(file, "excluded");
+  }
+  if (level === "full") {
+    return fullContent(file);
+  }
+  const ext = file.extension.toLowerCase();
+  const isTS = TS_EXTENSIONS2.has(ext);
+  if (isTS) {
+    return pruneTypeScript(file, level);
+  }
+  return pruneGeneric(file, level);
+}
+async function pruneTypeScript(file, level) {
+  let content;
+  try {
+    content = await readFile4(file.path, "utf-8");
+  } catch {
+    return emptyResult(file, level);
+  }
+  let project;
+  try {
+    const tsConfigPath = findTsConfig(file.path);
+    project = new Project2({
+      tsConfigFilePath: tsConfigPath,
+      skipAddingFilesFromTsConfig: true,
+      compilerOptions: tsConfigPath ? void 0 : { allowJs: true, esModuleInterop: true }
+    });
+    project.createSourceFile(file.path, content, { overwrite: true });
+  } catch {
+    return pruneGenericFromContent(file, content, level);
+  }
+  const sourceFile = project.getSourceFiles()[0];
+  if (!sourceFile) {
+    return pruneGenericFromContent(file, content, level);
+  }
+  const prunedContent = level === "signatures" ? extractSignaturesAST(sourceFile) : extractSkeletonAST(sourceFile);
+  const prunedTokens = countTokensChars4(Buffer.byteLength(prunedContent, "utf-8"));
+  const savingsPercent = file.tokens > 0 ? (file.tokens - prunedTokens) / file.tokens * 100 : 0;
+  return {
+    relativePath: file.relativePath,
+    originalTokens: file.tokens,
+    prunedTokens,
+    pruneLevel: level,
+    content: prunedContent,
+    savingsPercent: Math.max(0, savingsPercent)
+  };
+}
+function extractSignaturesAST(sf) {
+  const parts = [];
+  for (const imp of sf.getImportDeclarations()) {
+    parts.push(imp.getText());
+  }
+  if (parts.length > 0) parts.push("");
+  for (const ta of sf.getTypeAliases()) {
+    addJSDoc(ta, parts);
+    parts.push(ta.getText());
+  }
+  for (const iface of sf.getInterfaces()) {
+    addJSDoc(iface, parts);
+    parts.push(iface.getText());
+  }
+  for (const en of sf.getEnums()) {
+    addJSDoc(en, parts);
+    parts.push(en.getText());
+  }
+  for (const fn of sf.getFunctions()) {
+    addJSDoc(fn, parts);
+    const isExported = fn.isExported();
+    const isAsync = fn.isAsync();
+    const name = fn.getName() ?? "<anonymous>";
+    const params = fn.getParameters().map((p) => p.getText()).join(", ");
+    const returnType = fn.getReturnTypeNode()?.getText();
+    const returnStr = returnType ? `: ${returnType}` : "";
+    const prefix = isExported ? "export " : "";
+    const asyncStr = isAsync ? "async " : "";
+    parts.push(`${prefix}${asyncStr}function ${name}(${params})${returnStr} { /* ... */ }`);
+  }
+  for (const stmt of sf.getVariableStatements()) {
+    for (const decl of stmt.getDeclarations()) {
+      const init = decl.getInitializer();
+      if (init && (init.getKind() === SyntaxKind2.ArrowFunction || init.getKind() === SyntaxKind2.FunctionExpression)) {
+        addJSDoc(stmt, parts);
+        const isExported = stmt.isExported();
+        const prefix = isExported ? "export " : "";
+        const kind = stmt.getDeclarationKind();
+        const name = decl.getName();
+        const typeNode = decl.getTypeNode()?.getText();
+        const typeStr = typeNode ? `: ${typeNode}` : "";
+        parts.push(`${prefix}${kind} ${name}${typeStr} = /* ... */;`);
+      } else {
+        addJSDoc(stmt, parts);
+        parts.push(stmt.getText());
+      }
+    }
+  }
+  for (const cls of sf.getClasses()) {
+    addJSDoc(cls, parts);
+    const isExported = cls.isExported();
+    const prefix = isExported ? "export " : "";
+    const name = cls.getName() ?? "<anonymous>";
+    const ext = cls.getExtends()?.getText();
+    const impl = cls.getImplements().map((i) => i.getText()).join(", ");
+    let header = `${prefix}class ${name}`;
+    if (ext) header += ` extends ${ext}`;
+    if (impl) header += ` implements ${impl}`;
+    header += " {";
+    parts.push(header);
+    for (const prop of cls.getProperties()) {
+      parts.push(`  ${prop.getText()}`);
+    }
+    const ctor = cls.getConstructors()[0];
+    if (ctor) {
+      const ctorParams = ctor.getParameters().map((p) => p.getText()).join(", ");
+      parts.push(`  constructor(${ctorParams}) { /* ... */ }`);
+    }
+    for (const method of cls.getMethods()) {
+      const isStatic = method.isStatic();
+      const isAsync = method.isAsync();
+      const methodName = method.getName();
+      const methodParams = method.getParameters().map((p) => p.getText()).join(", ");
+      const returnType = method.getReturnTypeNode()?.getText();
+      const returnStr = returnType ? `: ${returnType}` : "";
+      const staticStr = isStatic ? "static " : "";
+      const asyncStr = isAsync ? "async " : "";
+      parts.push(`  ${staticStr}${asyncStr}${methodName}(${methodParams})${returnStr} { /* ... */ }`);
+    }
+    parts.push("}");
+  }
+  for (const exp of sf.getExportDeclarations()) {
+    parts.push(exp.getText());
+  }
+  for (const exp of sf.getExportAssignments()) {
+    parts.push(exp.getText());
+  }
+  return parts.join("\n");
+}
+function extractSkeletonAST(sf) {
+  const parts = [];
+  for (const imp of sf.getImportDeclarations()) {
+    parts.push(imp.getText());
+  }
+  if (parts.length > 0) parts.push("");
+  for (const ta of sf.getTypeAliases()) {
+    if (ta.isExported()) parts.push(ta.getText());
+  }
+  for (const iface of sf.getInterfaces()) {
+    if (!iface.isExported()) continue;
+    const ext = iface.getExtends().map((e) => e.getText());
+    const extStr = ext.length > 0 ? ` extends ${ext.join(", ")}` : "";
+    parts.push(`export interface ${iface.getName()}${extStr} { /* ${iface.getProperties().length} props */ }`);
+  }
+  for (const en of sf.getEnums()) {
+    if (!en.isExported()) continue;
+    const members = en.getMembers().map((m) => m.getName());
+    parts.push(`export enum ${en.getName()} { ${members.join(", ")} }`);
+  }
+  for (const fn of sf.getFunctions()) {
+    if (!fn.isExported()) continue;
+    const name = fn.getName() ?? "<anonymous>";
+    const params = fn.getParameters().map((p) => p.getText()).join(", ");
+    parts.push(`export function ${name}(${params});`);
+  }
+  for (const cls of sf.getClasses()) {
+    if (!cls.isExported()) continue;
+    const methods = cls.getMethods().map((m) => m.getName());
+    parts.push(`export class ${cls.getName()} { /* methods: ${methods.join(", ")} */ }`);
+  }
+  for (const exp of sf.getExportDeclarations()) {
+    parts.push(exp.getText());
+  }
+  return parts.join("\n");
+}
+async function pruneGeneric(file, level) {
+  let content;
+  try {
+    content = await readFile4(file.path, "utf-8");
+  } catch {
+    return emptyResult(file, level);
+  }
+  return pruneGenericFromContent(file, content, level);
+}
+function pruneGenericFromContent(file, content, level) {
+  const lines = content.split("\n");
+  let result;
+  if (level === "signatures") {
+    result = lines.filter((line) => {
+      const t = line.trim();
+      return t === "" || t.startsWith("#") || t.startsWith("//") || t.startsWith("import ") || t.startsWith("from ") || t.startsWith("export ") || t.startsWith("def ") || t.startsWith("async def ") || t.startsWith("class ") || t.startsWith("function ") || t.startsWith("const ") || t.startsWith("let ") || t.startsWith("var ") || /^(pub |fn |struct |enum |impl |mod |use )/.test(t);
+    });
+  } else {
+    result = lines.filter((line) => {
+      const t = line.trim();
+      return t.startsWith("import ") || t.startsWith("from ") || t.startsWith("export ") || t.startsWith("def ") || t.startsWith("class ") || t.startsWith("function ") || /^(pub |fn |struct |enum |mod |use )/.test(t);
+    });
+  }
+  const prunedContent = result.join("\n");
+  const prunedTokens = countTokensChars4(Buffer.byteLength(prunedContent, "utf-8"));
+  const savingsPercent = file.tokens > 0 ? (file.tokens - prunedTokens) / file.tokens * 100 : 0;
+  return {
+    relativePath: file.relativePath,
+    originalTokens: file.tokens,
+    prunedTokens,
+    pruneLevel: level,
+    content: prunedContent,
+    savingsPercent: Math.max(0, savingsPercent)
+  };
+}
+async function fullContent(file) {
+  let content = "";
+  try {
+    content = await readFile4(file.path, "utf-8");
+  } catch {
+  }
+  return {
+    relativePath: file.relativePath,
+    originalTokens: file.tokens,
+    prunedTokens: file.tokens,
+    pruneLevel: "full",
+    content,
+    savingsPercent: 0
+  };
+}
+function emptyResult(file, level) {
+  return {
+    relativePath: file.relativePath,
+    originalTokens: file.tokens,
+    prunedTokens: 0,
+    pruneLevel: level,
+    content: "",
+    savingsPercent: 100
+  };
+}
+function addJSDoc(node, parts) {
+  if (!node.getJsDocs) return;
+  const docs = node.getJsDocs();
+  if (docs.length > 0) {
+    parts.push(docs[0].getText());
+  }
+}
+function findTsConfig(filePath) {
+  let dir = filePath;
+  for (let i = 0; i < 10; i++) {
+    dir = join4(dir, "..");
+    const candidate = join4(dir, "tsconfig.json");
+    if (existsSync2(candidate)) return candidate;
+  }
+  return void 0;
+}
+
+// src/engine/graph-utils.ts
+function buildAdjacencyList(edges) {
+  const forward = /* @__PURE__ */ new Map();
+  const reverse = /* @__PURE__ */ new Map();
+  for (const edge of edges) {
+    if (!forward.has(edge.from)) forward.set(edge.from, []);
+    forward.get(edge.from).push(edge.to);
+    if (!reverse.has(edge.to)) reverse.set(edge.to, []);
+    reverse.get(edge.to).push(edge.from);
+  }
+  return { forward, reverse };
+}
+function bfsBidirectional(seeds, adj, depth) {
+  const result = new Set(seeds);
+  let frontier = [...seeds];
+  const visited = /* @__PURE__ */ new Set();
+  for (let d = 0; d < depth; d++) {
+    const nextFrontier = [];
+    for (const node of frontier) {
+      if (visited.has(node)) continue;
+      visited.add(node);
+      const fwd = adj.forward.get(node);
+      if (fwd) {
+        for (const neighbor of fwd) {
+          if (!visited.has(neighbor)) {
+            result.add(neighbor);
+            nextFrontier.push(neighbor);
+          }
+        }
+      }
+      const rev = adj.reverse.get(node);
+      if (rev) {
+        for (const neighbor of rev) {
+          if (!visited.has(neighbor)) {
+            result.add(neighbor);
+            nextFrontier.push(neighbor);
+          }
+        }
+      }
+    }
+    frontier = nextFrontier;
+  }
+  return result;
+}
+function matchGlob(path, pattern) {
+  const regexStr = pattern.replace(/\./g, "\\.").replace(/\*\*/g, "\xA7\xA7").replace(/\*/g, "[^/]*").replace(/§§/g, ".*").replace(/\?/g, ".");
+  try {
+    return new RegExp(`^${regexStr}$`).test(path);
+  } catch {
+    return false;
+  }
+}
+
+// src/engine/coverage.ts
+function calculateCoverage(targetPaths, includedPaths, allFiles, graph, depth = 2) {
+  const adj = buildAdjacencyList(graph.edges);
+  const relevantSet = targetPaths.length > 0 ? bfsBidirectional(targetPaths, adj, depth) : /* @__PURE__ */ new Set();
+  const includedSet = new Set(includedPaths);
+  const tempFileMap = new Map(allFiles.map((f) => [f.relativePath, f]));
+  for (const path of includedPaths) {
+    const file = tempFileMap.get(path);
+    if (!file) continue;
+    for (const imp of file.imports) {
+      const impFile = tempFileMap.get(imp);
+      if (impFile && impFile.kind === "type") {
+        relevantSet.add(imp);
+      }
+    }
+  }
+  const relevantFiles = Array.from(relevantSet);
+  const includedRelevant = relevantFiles.filter((f) => includedSet.has(f));
+  const missingRelevant = relevantFiles.filter((f) => !includedSet.has(f));
+  const missingCritical = missingRelevant.filter((f) => {
+    const file = tempFileMap.get(f);
+    return file && (file.exclusionImpact === "critical" || file.exclusionImpact === "high");
+  });
+  const fileMap = new Map(allFiles.map((f) => [f.relativePath, f]));
+  let totalRelevantRisk = 0;
+  let includedRelevantRisk = 0;
+  for (const f of relevantFiles) {
+    const risk = fileMap.get(f)?.riskScore ?? 1;
+    totalRelevantRisk += risk;
+    if (includedSet.has(f)) {
+      includedRelevantRisk += risk;
+    }
+  }
+  const score = totalRelevantRisk > 0 ? Math.round(includedRelevantRisk / totalRelevantRisk * 100) : relevantFiles.length > 0 ? Math.round(includedRelevant.length / relevantFiles.length * 100) : 100;
+  let explanation;
+  if (score >= 90) {
+    explanation = `Excellent coverage (${score}%): AI has nearly all relevant context.`;
+  } else if (score >= 70) {
+    explanation = `Good coverage (${score}%): Most relevant files included.`;
+    if (missingCritical.length > 0) {
+      explanation += ` Warning: ${missingCritical.length} critical file(s) missing.`;
+    }
+  } else if (score >= 50) {
+    explanation = `Partial coverage (${score}%): Significant context is missing.`;
+    if (missingCritical.length > 0) {
+      explanation += ` ${missingCritical.length} critical file(s) not included \u2014 AI quality will degrade.`;
+    }
+  } else {
+    explanation = `Low coverage (${score}%): Most relevant files are excluded. AI response quality will be poor.`;
+  }
+  return {
+    score,
+    relevantFiles,
+    includedRelevant,
+    missingRelevant,
+    missingCritical,
+    explanation
+  };
+}
+
+// src/engine/budget.ts
+function getPruneLevelForRisk(riskScore) {
+  if (riskScore >= 80) return "full";
+  if (riskScore >= 60) return "full";
+  if (riskScore >= 30) return "signatures";
+  return "skeleton";
+}
+
+// src/engine/selector.ts
+async function selectContext(input) {
+  const { task, analysis, budget, policies, depth = 2 } = input;
+  const decisions = [];
+  const targetPaths = identifyTargetFiles(task, analysis.files);
+  if (targetPaths.length > 0) {
+    decisions.push({
+      file: targetPaths.join(", "),
+      action: "include-full",
+      reason: `Target file(s) identified from task description`
+    });
+  }
+  const adj = buildAdjacencyList(analysis.graph.edges);
+  const expandedPaths = targetPaths.length > 0 ? Array.from(bfsBidirectional(targetPaths, adj, depth)) : [];
+  const expansionCount = expandedPaths.length - targetPaths.length;
+  if (expansionCount > 0) {
+    decisions.push({
+      file: `${expansionCount} dependencies`,
+      action: "include-full",
+      reason: `Expanded ${targetPaths.length} target(s) to ${expandedPaths.length} files via dependency graph (depth ${depth})`
+    });
+  }
+  const allFileMap = new Map(analysis.files.map((f) => [f.relativePath, f]));
+  if (targetPaths.length > 0) {
+    for (const path of expandedPaths) {
+      const file = allFileMap.get(path);
+      if (!file) continue;
+      for (const imp of file.imports) {
+        const impFile = allFileMap.get(imp);
+        if (impFile && impFile.kind === "type") {
+          expandedPaths.push(imp);
+        }
+      }
+    }
+  }
+  const { mustInclude, mustExclude } = applyPolicies(analysis.files, policies);
+  const candidateSet = /* @__PURE__ */ new Set([...expandedPaths, ...mustInclude]);
+  if (targetPaths.length === 0) {
+    for (const f of analysis.files) {
+      candidateSet.add(f.relativePath);
+    }
+  }
+  for (const ex of mustExclude) {
+    candidateSet.delete(ex);
+    decisions.push({
+      file: ex,
+      action: "exclude",
+      reason: "Excluded by policy"
+    });
+  }
+  const hasSecretBlock = policies?.rules.some(
+    (r) => r.type === "secret-block" && r.enabled
+  );
+  if (hasSecretBlock) {
+    for (const path of Array.from(candidateSet)) {
+      const file = allFileMap.get(path);
+      if (!file) continue;
+      const findings = await scanFileForSecrets(
+        file.path,
+        analysis.projectPath
+      );
+      if (findings.length > 0) {
+        candidateSet.delete(path);
+        decisions.push({
+          file: path,
+          action: "exclude",
+          reason: `Blocked: ${findings.length} secret(s) detected (${findings.map((f) => f.type).join(", ")})`
+        });
+      }
+    }
+  }
+  const candidates = Array.from(candidateSet).map((p) => allFileMap.get(p)).filter((f) => f !== void 0).sort((a, b) => {
+    const aIsTarget = targetPaths.includes(a.relativePath) ? 0 : 1;
+    const bIsTarget = targetPaths.includes(b.relativePath) ? 0 : 1;
+    if (aIsTarget !== bIsTarget) return aIsTarget - bIsTarget;
+    const aIsMust = mustInclude.has(a.relativePath) ? 0 : 1;
+    const bIsMust = mustInclude.has(b.relativePath) ? 0 : 1;
+    if (aIsMust !== bIsMust) return aIsMust - bIsMust;
+    return b.riskScore - a.riskScore;
+  });
+  const selectedFiles = [];
+  let usedTokens = 0;
+  for (const file of candidates) {
+    const isTarget = targetPaths.includes(file.relativePath);
+    const isMustInclude = mustInclude.has(file.relativePath);
+    const defaultLevel = isTarget ? "full" : getPruneLevelForRisk(file.riskScore);
+    const levels = getCascadeLevels(defaultLevel);
+    let included = false;
+    for (const level of levels) {
+      if (level === "excluded") break;
+      let tokens;
+      if (level === "full") {
+        tokens = file.tokens;
+      } else {
+        const pruned = await pruneFile(file, level);
+        tokens = pruned.prunedTokens;
+      }
+      if (usedTokens + tokens <= budget) {
+        usedTokens += tokens;
+        selectedFiles.push({
+          relativePath: file.relativePath,
+          tokens,
+          originalTokens: file.tokens,
+          pruneLevel: level,
+          riskScore: file.riskScore,
+          reason: buildReason(file, level, isTarget, isMustInclude)
+        });
+        if (level !== defaultLevel) {
+          decisions.push({
+            file: file.relativePath,
+            action: `include-${level}`,
+            reason: `Downgraded from ${defaultLevel} to ${level} due to budget constraint`,
+            alternatives: `Would need ${file.tokens - tokens} more tokens for ${defaultLevel}`
+          });
+        }
+        included = true;
+        break;
+      }
+    }
+    if (!included) {
+      decisions.push({
+        file: file.relativePath,
+        action: "exclude",
+        reason: `Budget exhausted (risk: ${file.riskScore}, needs ${file.tokens} tokens)`
+      });
+    }
+  }
+  const includedPaths = selectedFiles.map((f) => f.relativePath);
+  const coverage = calculateCoverage(
+    targetPaths,
+    includedPaths,
+    analysis.files,
+    analysis.graph,
+    depth
+  );
+  const includedSet = new Set(includedPaths);
+  const excludedFiles = analysis.files.filter(
+    (f) => !includedSet.has(f.relativePath)
+  );
+  const excludedRisk = excludedFiles.length > 0 ? Math.round(excludedFiles.reduce((s, f) => s + f.riskScore, 0) / excludedFiles.length) : 0;
+  const hashInput = selectedFiles.map((f) => `${f.relativePath}:${f.pruneLevel}`).sort().join("|") + `|budget:${budget}`;
+  const hash = createHash3("sha256").update(hashInput).digest("hex").substring(0, 16);
+  return {
+    files: selectedFiles,
+    totalTokens: usedTokens,
+    budget,
+    usedPercent: budget > 0 ? Math.round(usedTokens / budget * 100 * 10) / 10 : 0,
+    coverage,
+    riskScore: excludedRisk,
+    deterministic: true,
+    hash,
+    decisions
+  };
+}
+function identifyTargetFiles(task, files) {
+  const targets = [];
+  const pathPattern = /(?:^|\s|["'`])([.\w/-]+\.[a-zA-Z]{1,4})(?:\s|$|["'`]|,|:)/g;
+  let match;
+  while ((match = pathPattern.exec(task)) !== null) {
+    const candidate = match[1];
+    const found = files.find(
+      (f) => f.relativePath === candidate || f.relativePath.endsWith(candidate)
+    );
+    if (found && !targets.includes(found.relativePath)) {
+      targets.push(found.relativePath);
+    }
+  }
+  return targets;
+}
+function applyPolicies(files, policies) {
+  const mustInclude = /* @__PURE__ */ new Set();
+  const mustExclude = /* @__PURE__ */ new Set();
+  if (!policies) return { mustInclude, mustExclude };
+  for (const rule of policies.rules) {
+    if (!rule.enabled) continue;
+    if (rule.type === "include-always" && rule.pattern) {
+      for (const file of files) {
+        if (matchGlob(file.relativePath, rule.pattern)) {
+          mustInclude.add(file.relativePath);
+        }
+      }
+    }
+    if (rule.type === "exclude-always" && rule.pattern) {
+      for (const file of files) {
+        if (matchGlob(file.relativePath, rule.pattern)) {
+          mustExclude.add(file.relativePath);
+        }
+      }
+    }
+  }
+  return { mustInclude, mustExclude };
+}
+function getCascadeLevels(startLevel) {
+  const all = ["full", "signatures", "skeleton", "excluded"];
+  const startIdx = all.indexOf(startLevel);
+  return all.slice(startIdx);
+}
+function buildReason(file, level, isTarget, isMustInclude) {
+  if (isTarget) return "Target file";
+  if (isMustInclude) return "Required by policy";
+  const impact = file.exclusionImpact;
+  const levelStr = level === "full" ? "full content" : level;
+  if (impact === "critical") return `Critical dependency (risk ${file.riskScore}) \u2014 ${levelStr}`;
+  if (impact === "high") return `High-risk dependency (risk ${file.riskScore}) \u2014 ${levelStr}`;
+  if (impact === "medium") return `Medium relevance (risk ${file.riskScore}) \u2014 ${levelStr}`;
+  return `Low relevance (risk ${file.riskScore}) \u2014 ${levelStr}`;
+}
+
+// src/engine/score.ts
+async function computeContextScore(analysis, task = "general code review and refactoring", budget = 5e4) {
+  const selection = await selectContext({ task, analysis, budget });
+  const insights = [];
+  const efficiency = scoreEfficiency(analysis, selection, insights);
+  const coverage = scoreCoverage(analysis, selection, insights);
+  const riskControl = scoreRiskControl(analysis, selection, insights);
+  const structure = scoreStructure(analysis, insights);
+  const governance = scoreGovernance(analysis, insights);
+  const overall = Math.round(
+    efficiency.weighted + coverage.weighted + riskControl.weighted + structure.weighted + governance.weighted
+  );
+  const grade = scoreToGrade(overall);
+  const naiveTokens = analysis.totalTokens;
+  const optimizedTokens = selection.totalTokens;
+  const savedTokens = naiveTokens - optimizedTokens;
+  const savedPercent = naiveTokens > 0 ? Math.round(savedTokens / naiveTokens * 100) : 0;
+  const interactionsPerMonth = 40 * 20;
+  const costPerMToken = 3;
+  const naiveMonthlyCost = naiveTokens / 1e6 * costPerMToken * interactionsPerMonth;
+  const optimizedMonthlyCost = optimizedTokens / 1e6 * costPerMToken * interactionsPerMonth;
+  const monthlySavingsUSD = Math.round((naiveMonthlyCost - optimizedMonthlyCost) * 100) / 100;
+  return {
+    overall,
+    grade,
+    dimensions: {
+      efficiency,
+      coverage,
+      riskControl,
+      structure,
+      governance
+    },
+    insights: insights.sort((a, b) => {
+      const order = { high: 0, medium: 1, low: 2 };
+      return order[a.impact] - order[b.impact];
+    }),
+    comparison: {
+      naiveTokens,
+      optimizedTokens,
+      savedTokens,
+      savedPercent,
+      monthlySavingsUSD
+    },
+    meta: {
+      projectName: analysis.projectName,
+      totalFiles: analysis.totalFiles,
+      totalTokens: analysis.totalTokens,
+      analyzedAt: analysis.analyzedAt
+    }
+  };
+}
+function scoreEfficiency(analysis, selection, insights) {
+  const weight = 30;
+  const ratio = analysis.totalTokens > 0 ? 1 - selection.totalTokens / analysis.totalTokens : 0;
+  const selectivity = analysis.totalFiles > 0 ? 1 - selection.files.length / analysis.totalFiles : 0;
+  const prunedFiles = selection.files.filter(
+    (f) => f.pruneLevel === "signatures" || f.pruneLevel === "skeleton"
+  ).length;
+  const pruneRatio = selection.files.length > 0 ? prunedFiles / selection.files.length : 0;
+  const raw = (ratio * 0.5 + selectivity * 0.3 + pruneRatio * 0.2) * 100;
+  const score = Math.min(100, Math.max(0, Math.round(raw)));
+  const weighted = score / 100 * weight;
+  if (ratio > 0.7) {
+    insights.push({
+      type: "strength",
+      title: "Excellent compression",
+      detail: `${Math.round(ratio * 100)}% token reduction while maintaining context quality`,
+      impact: "high"
+    });
+  }
+  if (ratio < 0.3 && analysis.totalTokens > 2e4) {
+    insights.push({
+      type: "weakness",
+      title: "Low compression opportunity",
+      detail: "Most files are needed. Consider splitting the project into smaller modules.",
+      impact: "medium"
+    });
+  }
+  return {
+    score,
+    weight,
+    weighted,
+    detail: `${Math.round(ratio * 100)}% compression, ${prunedFiles}/${selection.files.length} files pruned`
+  };
+}
+function scoreCoverage(analysis, selection, insights) {
+  const weight = 25;
+  const coverageScore = selection.coverage.score;
+  const missingCritical = selection.coverage.missingCritical.length;
+  let penalty = 0;
+  if (missingCritical > 0) {
+    penalty = Math.min(30, missingCritical * 10);
+    insights.push({
+      type: "weakness",
+      title: `${missingCritical} critical file(s) missing from context`,
+      detail: `Missing: ${selection.coverage.missingCritical.slice(0, 3).join(", ")}${missingCritical > 3 ? ` +${missingCritical - 3} more` : ""}`,
+      impact: "high"
+    });
+  }
+  const score = Math.min(100, Math.max(0, Math.round(coverageScore - penalty)));
+  const weighted = score / 100 * weight;
+  if (coverageScore >= 90 && missingCritical === 0) {
+    insights.push({
+      type: "strength",
+      title: "Excellent context coverage",
+      detail: `${coverageScore}% of the relevant universe captured with zero critical gaps`,
+      impact: "high"
+    });
+  }
+  return {
+    score,
+    weight,
+    weighted,
+    detail: `${coverageScore}% coverage, ${missingCritical} critical gaps`
+  };
+}
+function scoreRiskControl(analysis, selection, insights) {
+  const weight = 20;
+  const dist = analysis.riskProfile.distribution;
+  const totalFiles = analysis.totalFiles;
+  const criticalFiles = analysis.files.filter((f) => f.riskScore >= 80);
+  const highFiles = analysis.files.filter((f) => f.riskScore >= 60 && f.riskScore < 80);
+  const selectedPaths = new Set(selection.files.map((f) => f.relativePath));
+  const criticalIncluded = criticalFiles.filter((f) => selectedPaths.has(f.relativePath)).length;
+  const highIncluded = highFiles.filter((f) => selectedPaths.has(f.relativePath)).length;
+  const criticalCoverage = criticalFiles.length > 0 ? criticalIncluded / criticalFiles.length : 1;
+  const highCoverage = highFiles.length > 0 ? highIncluded / highFiles.length : 1;
+  const criticalRatio = totalFiles > 0 ? dist.critical / totalFiles : 0;
+  const healthScore = Math.max(0, 1 - criticalRatio * 5);
+  const raw = (criticalCoverage * 0.5 + highCoverage * 0.3 + healthScore * 0.2) * 100;
+  const score = Math.min(100, Math.max(0, Math.round(raw)));
+  const weighted = score / 100 * weight;
+  if (criticalCoverage === 1 && criticalFiles.length > 0) {
+    insights.push({
+      type: "strength",
+      title: "All critical files included",
+      detail: `${criticalFiles.length} critical-risk files are captured in context`,
+      impact: "high"
+    });
+  }
+  if (criticalRatio > 0.2) {
+    insights.push({
+      type: "opportunity",
+      title: "High concentration of critical files",
+      detail: `${dist.critical} files (${Math.round(criticalRatio * 100)}%) are critical risk. Consider refactoring complex modules.`,
+      impact: "medium"
+    });
+  }
+  return {
+    score,
+    weight,
+    weighted,
+    detail: `${criticalIncluded}/${criticalFiles.length} critical + ${highIncluded}/${highFiles.length} high-risk files included`
+  };
+}
+function scoreStructure(analysis, insights) {
+  const weight = 15;
+  const graph = analysis.graph;
+  const totalFiles = analysis.totalFiles;
+  const avgCohesion = graph.clusters.length > 0 ? graph.clusters.reduce((s, c) => s + c.cohesion, 0) / graph.clusters.length : 0;
+  const orphanRatio = totalFiles > 0 ? graph.orphans.length / totalFiles : 0;
+  const hubRatio = totalFiles > 0 ? graph.hubs.length / totalFiles : 0;
+  const hubHealth = hubRatio > 0.02 && hubRatio < 0.15 ? 1 : Math.max(0, 1 - Math.abs(hubRatio - 0.08) * 10);
+  const typeFiles = analysis.files.filter((f) => f.kind === "type").length;
+  const typeRatio = totalFiles > 0 ? typeFiles / totalFiles : 0;
+  const typeScore = Math.min(1, typeRatio * 10);
+  const raw = (avgCohesion * 0.3 + (1 - orphanRatio) * 0.3 + hubHealth * 0.2 + typeScore * 0.2) * 100;
+  const score = Math.min(100, Math.max(0, Math.round(raw)));
+  const weighted = score / 100 * weight;
+  if (orphanRatio > 0.5) {
+    insights.push({
+      type: "weakness",
+      title: "Many orphan files",
+      detail: `${graph.orphans.length} files (${Math.round(orphanRatio * 100)}%) have no imports/exports. AI gets less context from the dependency graph.`,
+      impact: "medium"
+    });
+  }
+  if (graph.clusters.length > 0 && avgCohesion > 0.7) {
+    insights.push({
+      type: "strength",
+      title: "Well-organized module structure",
+      detail: `${graph.clusters.length} cohesive clusters (avg cohesion: ${(avgCohesion * 100).toFixed(0)}%). CTO can efficiently select relevant modules.`,
+      impact: "medium"
+    });
+  }
+  return {
+    score,
+    weight,
+    weighted,
+    detail: `${graph.clusters.length} clusters, ${graph.orphans.length} orphans, ${graph.hubs.length} hubs`
+  };
+}
+function scoreGovernance(analysis, insights) {
+  const weight = 10;
+  const hasTypes = analysis.files.some((f) => f.kind === "type");
+  const hasConfig = analysis.files.some((f) => f.kind === "config");
+  const hasTests = analysis.files.some((f) => f.kind === "test");
+  let score = 50;
+  if (hasTypes) {
+    score += 15;
+  }
+  if (hasConfig) {
+    score += 10;
+  }
+  if (hasTests) {
+    score += 15;
+  }
+  if (analysis.stack.length > 0) {
+    score += 10;
+  }
+  score = Math.min(100, score);
+  const weighted = score / 100 * weight;
+  if (!hasTests) {
+    insights.push({
+      type: "opportunity",
+      title: "No test files detected",
+      detail: "Adding tests helps CTO understand code intent and provides better context boundaries.",
+      impact: "low"
+    });
+  }
+  if (!hasTypes) {
+    insights.push({
+      type: "opportunity",
+      title: "No type definition files",
+      detail: "Type files dramatically improve AI code generation accuracy. Consider adding interfaces/types.",
+      impact: "medium"
+    });
+  }
+  return {
+    score,
+    weight,
+    weighted,
+    detail: `types:${hasTypes ? "\u2713" : "\u2717"} tests:${hasTests ? "\u2713" : "\u2717"} config:${hasConfig ? "\u2713" : "\u2717"} stack:${analysis.stack.join(",") || "unknown"}`
+  };
+}
+function scoreToGrade(score) {
+  if (score >= 95) return "A+";
+  if (score >= 90) return "A";
+  if (score >= 85) return "A-";
+  if (score >= 80) return "B+";
+  if (score >= 75) return "B";
+  if (score >= 70) return "B-";
+  if (score >= 65) return "C+";
+  if (score >= 60) return "C";
+  if (score >= 55) return "C-";
+  if (score >= 40) return "D";
+  return "F";
+}
+
+// src/engine/benchmark.ts
+async function runBenchmark(analysis, task = "general code review and refactoring", budget = 5e4) {
+  const criticalFiles = analysis.files.filter((f) => f.riskScore >= 80);
+  const highRiskFiles = analysis.files.filter((f) => f.riskScore >= 60 && f.riskScore < 80);
+  const ctoStart = performance.now();
+  const ctoSelection = await selectContext({ task, analysis, budget });
+  const ctoTime = performance.now() - ctoStart;
+  const ctoSelectedPaths = new Set(ctoSelection.files.map((f) => f.relativePath));
+  const ctoCritical = criticalFiles.filter((f) => ctoSelectedPaths.has(f.relativePath)).length;
+  const ctoHigh = highRiskFiles.filter((f) => ctoSelectedPaths.has(f.relativePath)).length;
+  const cto = {
+    filesSelected: ctoSelection.files.length,
+    tokensUsed: ctoSelection.totalTokens,
+    coverageScore: ctoSelection.coverage.score,
+    criticalFilesCovered: ctoCritical,
+    criticalFilesTotal: criticalFiles.length,
+    highRiskCovered: ctoHigh,
+    highRiskTotal: highRiskFiles.length,
+    costPerInteractionUSD: ctoSelection.totalTokens / 1e6 * 3,
+    // Sonnet pricing
+    timeMs: Math.round(ctoTime)
+  };
+  const naiveStart = performance.now();
+  const naiveFiles = [...analysis.files].sort((a, b) => a.relativePath.localeCompare(b.relativePath));
+  let naiveTokens = 0;
+  let naiveCount = 0;
+  const naiveSelectedPaths = /* @__PURE__ */ new Set();
+  for (const f of naiveFiles) {
+    if (naiveTokens + f.tokens <= budget) {
+      naiveTokens += f.tokens;
+      naiveCount++;
+      naiveSelectedPaths.add(f.relativePath);
+    }
+  }
+  if (naiveTokens === 0 && analysis.totalTokens <= budget) {
+    naiveTokens = analysis.totalTokens;
+    naiveCount = analysis.totalFiles;
+    for (const f of analysis.files) naiveSelectedPaths.add(f.relativePath);
+  }
+  const naiveTime = performance.now() - naiveStart;
+  const naiveCritical = criticalFiles.filter((f) => naiveSelectedPaths.has(f.relativePath)).length;
+  const naiveHigh = highRiskFiles.filter((f) => naiveSelectedPaths.has(f.relativePath)).length;
+  const naiveCoverage = analysis.totalFiles > 0 ? Math.round(naiveCount / analysis.totalFiles * 100) : 0;
+  const naive = {
+    filesSelected: naiveCount,
+    tokensUsed: naiveTokens > 0 ? naiveTokens : analysis.totalTokens,
+    coverageScore: naiveTokens > 0 ? naiveCoverage : 100,
+    criticalFilesCovered: naiveCritical,
+    criticalFilesTotal: criticalFiles.length,
+    highRiskCovered: naiveHigh,
+    highRiskTotal: highRiskFiles.length,
+    costPerInteractionUSD: (naiveTokens > 0 ? naiveTokens : analysis.totalTokens) / 1e6 * 3,
+    timeMs: Math.round(naiveTime)
+  };
+  const randomStart = performance.now();
+  const shuffled = [...analysis.files].sort(() => Math.random() - 0.5);
+  let randomTokens = 0;
+  let randomCount = 0;
+  const randomSelectedPaths = /* @__PURE__ */ new Set();
+  for (const f of shuffled) {
+    if (randomTokens + f.tokens <= budget) {
+      randomTokens += f.tokens;
+      randomCount++;
+      randomSelectedPaths.add(f.relativePath);
+    }
+  }
+  const randomTime = performance.now() - randomStart;
+  const randomCritical = criticalFiles.filter((f) => randomSelectedPaths.has(f.relativePath)).length;
+  const randomHigh = highRiskFiles.filter((f) => randomSelectedPaths.has(f.relativePath)).length;
+  const randomCoverage = analysis.totalFiles > 0 ? Math.round(randomCount / analysis.totalFiles * 100) : 0;
+  const random = {
+    filesSelected: randomCount,
+    tokensUsed: randomTokens,
+    coverageScore: randomCoverage,
+    criticalFilesCovered: randomCritical,
+    criticalFilesTotal: criticalFiles.length,
+    highRiskCovered: randomHigh,
+    highRiskTotal: highRiskFiles.length,
+    costPerInteractionUSD: randomTokens / 1e6 * 3,
+    timeMs: Math.round(randomTime)
+  };
+  const ctoScore = computeStrategyScore(cto, budget);
+  const naiveScore = computeStrategyScore(naive, budget);
+  const randomScore = computeStrategyScore(random, budget);
+  const winner = ctoScore >= naiveScore && ctoScore >= randomScore ? "cto" : naiveScore >= randomScore ? "naive" : "random";
+  const interactionsPerMonth = 800;
+  const vsNaiveCostSaved = (naive.costPerInteractionUSD - cto.costPerInteractionUSD) * interactionsPerMonth;
+  return {
+    project: analysis.projectName,
+    totalFiles: analysis.totalFiles,
+    totalTokens: analysis.totalTokens,
+    budget,
+    task,
+    strategies: { cto, naive, random },
+    winner,
+    ctoAdvantage: {
+      vsNaiveTokensSaved: naive.tokensUsed - cto.tokensUsed,
+      vsNaiveTokensSavedPercent: naive.tokensUsed > 0 ? Math.round((naive.tokensUsed - cto.tokensUsed) / naive.tokensUsed * 100) : 0,
+      vsRandomCoverageGain: cto.coverageScore - random.coverageScore,
+      vsNaiveCostSavedMonthlyUSD: Math.round(vsNaiveCostSaved * 100) / 100
+    }
+  };
+}
+function computeStrategyScore(strategy, budget) {
+  const coverageWeight = strategy.coverageScore / 100;
+  const criticalWeight = strategy.criticalFilesTotal > 0 ? strategy.criticalFilesCovered / strategy.criticalFilesTotal : 1;
+  const efficiency = budget > 0 ? 1 - strategy.tokensUsed / budget : 0;
+  return coverageWeight * 0.5 + criticalWeight * 0.3 + Math.max(0, efficiency) * 0.2;
+}
+
+// src/engine/quality-benchmark.ts
+import "path";
+import "fs/promises";
+
+// src/interact/router.ts
+var MODEL_REGISTRY = [
+  {
+    id: "claude-haiku-3.5",
+    name: "Claude 3.5 Haiku",
+    tier: "fast",
+    pricing: { inputPerMillion: 0.8, outputPerMillion: 4, cacheReadPerMillion: 0.08 },
+    contextWindow: 2e5,
+    strengths: ["speed", "simple-tasks", "low-cost"]
+  },
+  {
+    id: "claude-sonnet-4",
+    name: "Claude Sonnet 4",
+    tier: "balanced",
+    pricing: { inputPerMillion: 3, outputPerMillion: 15, cacheReadPerMillion: 0.3 },
+    contextWindow: 2e5,
+    strengths: ["code-generation", "refactoring", "balanced-reasoning"]
+  },
+  {
+    id: "claude-opus-4",
+    name: "Claude Opus 4",
+    tier: "reasoning",
+    pricing: { inputPerMillion: 15, outputPerMillion: 75, cacheReadPerMillion: 1.5 },
+    contextWindow: 2e5,
+    strengths: ["deep-reasoning", "architecture", "complex-debugging"]
+  }
+];
+var ROUTING_RULES = [
+  {
+    task: "simple-edit",
+    defaultModel: "claude-haiku-3.5",
+    upgradeIf: () => false,
+    upgradeTo: "claude-haiku-3.5",
+    reason: "Simple edits are best handled by fast models",
+    upgradeReason: ""
+  },
+  {
+    task: "docs",
+    defaultModel: "claude-haiku-3.5",
+    upgradeIf: (a) => a.totalTokens > 1e5,
+    upgradeTo: "claude-sonnet-4",
+    reason: "Documentation tasks are straightforward",
+    upgradeReason: "Large codebase \u2014 Sonnet provides better understanding"
+  },
+  {
+    task: "test",
+    defaultModel: "claude-sonnet-4",
+    upgradeIf: (a) => a.riskProfile.overallComplexity > 15,
+    upgradeTo: "claude-opus-4",
+    reason: "Test generation requires good code understanding",
+    upgradeReason: "High complexity codebase \u2014 Opus for better test coverage"
+  },
+  {
+    task: "debug",
+    defaultModel: "claude-sonnet-4",
+    upgradeIf: (a) => a.riskProfile.distribution.critical > 5,
+    upgradeTo: "claude-opus-4",
+    reason: "Debugging requires solid reasoning about code flow",
+    upgradeReason: "Many critical files involved \u2014 Opus for deeper analysis"
+  },
+  {
+    task: "refactor",
+    defaultModel: "claude-sonnet-4",
+    upgradeIf: (a) => a.totalFiles > 50 && a.riskProfile.overallComplexity > 10,
+    upgradeTo: "claude-opus-4",
+    reason: "Refactoring needs good structural understanding",
+    upgradeReason: "Large + complex project \u2014 Opus for safer refactoring"
+  },
+  {
+    task: "review",
+    defaultModel: "claude-sonnet-4",
+    upgradeIf: (a) => a.riskProfile.distribution.critical > 3,
+    upgradeTo: "claude-opus-4",
+    reason: "Code review benefits from balanced reasoning",
+    upgradeReason: "Critical code under review \u2014 Opus for thorough analysis"
+  },
+  {
+    task: "feature",
+    defaultModel: "claude-sonnet-4",
+    upgradeIf: (a) => a.totalFiles > 100,
+    upgradeTo: "claude-opus-4",
+    reason: "Feature development needs code generation + understanding",
+    upgradeReason: "Large codebase \u2014 Opus for better integration"
+  },
+  {
+    task: "architecture",
+    defaultModel: "claude-opus-4",
+    upgradeIf: () => false,
+    upgradeTo: "claude-opus-4",
+    reason: "Architecture decisions require deep reasoning",
+    upgradeReason: ""
+  }
+];
+var TASK_KEYWORDS = {
+  debug: ["debug", "fix", "bug", "error", "issue", "broken", "crash", "failing", "wrong"],
+  review: ["review", "check", "assess", "evaluate", "audit", "inspect", "critique"],
+  refactor: ["refactor", "restructure", "reorganize", "clean up", "simplify", "extract", "move"],
+  test: ["test", "spec", "coverage", "unit test", "integration test", "e2e"],
+  docs: ["document", "docs", "readme", "jsdoc", "comment", "explain"],
+  feature: ["add", "implement", "create", "build", "new", "feature", "endpoint"],
+  architecture: ["architecture", "design", "system", "structure", "migrate", "pattern"],
+  "simple-edit": ["rename", "typo", "update", "change", "modify", "tweak", "adjust"]
+};
+function classifyTask(taskDescription) {
+  const lower = taskDescription.toLowerCase();
+  let bestType = "simple-edit";
+  let bestScore = 0;
+  for (const [type, keywords] of Object.entries(TASK_KEYWORDS)) {
+    let score = 0;
+    for (const kw of keywords) {
+      if (lower.includes(kw)) score++;
+    }
+    if (score > bestScore) {
+      bestScore = score;
+      bestType = type;
+    }
+  }
+  return bestType;
+}
+function routeModel(taskType, analysis, preferredModel) {
+  if (preferredModel) {
+    const spec = MODEL_REGISTRY.find((m) => m.id === preferredModel);
+    if (spec) {
+      return {
+        model: preferredModel,
+        reason: "User-specified model",
+        confidence: 1,
+        alternatives: buildAlternatives(preferredModel, taskType)
+      };
+    }
+  }
+  const rule = ROUTING_RULES.find((r) => r.task === taskType);
+  if (!rule) {
+    return {
+      model: "claude-sonnet-4",
+      reason: "Default model for unrecognized task type",
+      confidence: 0.5,
+      alternatives: buildAlternatives("claude-sonnet-4", taskType)
+    };
+  }
+  const shouldUpgrade = rule.upgradeIf(analysis);
+  const model = shouldUpgrade ? rule.upgradeTo : rule.defaultModel;
+  const reason = shouldUpgrade ? rule.upgradeReason : rule.reason;
+  return {
+    model,
+    reason,
+    confidence: shouldUpgrade ? 0.8 : 0.9,
+    alternatives: buildAlternatives(model, taskType)
+  };
+}
+function buildAlternatives(chosenModel, taskType) {
+  return MODEL_REGISTRY.filter((m) => m.id !== chosenModel).map((m) => {
+    const chosen = MODEL_REGISTRY.find((r) => r.id === chosenModel);
+    const costDelta = m.pricing.inputPerMillion - chosen.pricing.inputPerMillion;
+    const tradeoff = costDelta > 0 ? `More capable but ${(costDelta / chosen.pricing.inputPerMillion * 100).toFixed(0)}% more expensive` : `${Math.abs(costDelta / chosen.pricing.inputPerMillion * 100).toFixed(0)}% cheaper but less capable`;
+    return { model: m.id, costDelta, tradeoff };
+  });
+}
+function getModelSpec(modelId) {
+  return MODEL_REGISTRY.find((m) => m.id === modelId);
+}
+
+// src/interact/prompt.ts
+function buildPrompt(options) {
+  const {
+    task,
+    taskType,
+    analysis,
+    selection,
+    enableCoT = true,
+    enableConstraints = true,
+    enableAntiHallucination = true
+  } = options;
+  const sections = [];
+  sections.push(buildSystemSection(analysis.stack, taskType));
+  sections.push(buildContextSection(analysis, selection));
+  sections.push(buildTaskSection(task, taskType));
+  if (enableConstraints) {
+    sections.push(buildConstraintsSection(analysis.stack, taskType));
+  }
+  if (enableCoT) {
+    sections.push(buildCoTSection(taskType));
+  }
+  if (enableAntiHallucination) {
+    sections.push(buildAntiHallucinationSection());
+  }
+  sections.push(buildFormatSection(taskType));
+  const rendered = sections.map((s) => s.content).join("\n\n---\n\n");
+  const totalTokens = sections.reduce((s, sec) => s + sec.tokens, 0);
+  return { sections, totalTokens, rendered };
+}
+function buildSystemSection(stack, taskType) {
+  const stackStr = stack.length > 0 ? stack.join(", ") : "software";
+  const taskRole = TASK_ROLES[taskType] ?? "engineer";
+  const content = [
+    `You are a senior ${stackStr} ${taskRole} with deep expertise in clean architecture, testing, and production-quality code.`,
+    "You prioritize correctness, readability, and maintainability.",
+    "You never make assumptions without evidence from the code."
+  ].join(" ");
+  return makeSection("system", "system", content);
+}
+function buildContextSection(analysis, selection) {
+  const lines = [];
+  lines.push(`## Project: ${analysis.projectName}`);
+  lines.push(`Stack: ${analysis.stack.join(", ") || "Unknown"}`);
+  lines.push(`Files analyzed: ${analysis.totalFiles} | Tokens: ~${Math.round(analysis.totalTokens / 1e3)}K`);
+  lines.push(`Context coverage: ${selection.coverage.score}% | Risk score: ${selection.riskScore}/100`);
+  lines.push("");
+  lines.push("### Included Files");
+  lines.push("");
+  const fullFiles = selection.files.filter((f) => f.pruneLevel === "full");
+  const sigFiles = selection.files.filter((f) => f.pruneLevel === "signatures");
+  const skelFiles = selection.files.filter((f) => f.pruneLevel === "skeleton");
+  if (fullFiles.length > 0) {
+    lines.push("**Full content (read these first):**");
+    for (const f of fullFiles) {
+      lines.push(`- \`${f.relativePath}\` (~${Math.round(f.tokens / 1e3)}K tokens) \u2014 ${f.reason}`);
+    }
+    lines.push("");
+  }
+  if (sigFiles.length > 0) {
+    lines.push("**Signatures only (reference as needed):**");
+    for (const f of sigFiles) {
+      lines.push(`- \`${f.relativePath}\` (~${Math.round(f.tokens / 1e3)}K tokens)`);
+    }
+    lines.push("");
+  }
+  if (skelFiles.length > 0) {
+    lines.push("**Skeleton (structure overview):**");
+    for (const f of skelFiles) {
+      lines.push(`- \`${f.relativePath}\``);
+    }
+    lines.push("");
+  }
+  if (selection.coverage.missingCritical.length > 0) {
+    lines.push("\u26A0\uFE0F **Missing critical files** (not included due to budget):");
+    for (const f of selection.coverage.missingCritical) {
+      lines.push(`- \`${f}\``);
+    }
+    lines.push("");
+  }
+  const content = lines.join("\n");
+  return makeSection("context", "context", content);
+}
+function buildTaskSection(task, taskType) {
+  const content = [
+    "## Task",
+    "",
+    task,
+    "",
+    `Task type: **${taskType}**`
+  ].join("\n");
+  return makeSection("task", "task", content);
+}
+function buildConstraintsSection(stack, taskType) {
+  const lines = ["## Constraints", ""];
+  lines.push("- **Do NOT** delete or modify existing tests unless explicitly asked");
+  lines.push("- **Do NOT** change function signatures that are part of the public API");
+  lines.push("- **Do NOT** introduce new dependencies without mentioning it");
+  lines.push("- **Always** handle errors explicitly (no silent catches)");
+  lines.push("- **Always** preserve existing code style and conventions");
+  lines.push("- **Prefer** minimal changes \u2014 smallest diff that solves the problem");
+  if (stack.includes("TypeScript")) {
+    lines.push("- **Always** use strict TypeScript types (no `any` unless unavoidable)");
+    lines.push("- **Always** add explicit return types to exported functions");
+  }
+  if (taskType === "refactor") {
+    lines.push("- **Do NOT** change behavior \u2014 refactoring must be behavior-preserving");
+    lines.push("- **Verify** all existing tests still pass after changes");
+  }
+  if (taskType === "test") {
+    lines.push("- Use AAA pattern: Arrange, Act, Assert");
+    lines.push("- Test boundaries, null/undefined, async errors, type edges");
+    lines.push('- Use descriptive test names: "should [expected] when [condition]"');
+  }
+  return makeSection("constraints", "constraints", lines.join("\n"));
+}
+function buildCoTSection(taskType) {
+  const steps = COT_STEPS[taskType] ?? COT_STEPS["simple-edit"];
+  const lines = ["## Thinking Process", "", "Before writing any code:"];
+  steps.forEach((step, i) => {
+    lines.push(`${i + 1}. ${step}`);
+  });
+  return makeSection("cot", "constraints", lines.join("\n"));
+}
+function buildAntiHallucinationSection() {
+  const content = [
+    "## Important",
+    "",
+    "- Only reference files, functions, and APIs that exist in the provided context",
+    "- If you are unsure about something, say so explicitly",
+    "- Do NOT invent function signatures, types, or module paths",
+    "- If the context is insufficient to complete the task, explain what is missing"
+  ].join("\n");
+  return makeSection("anti-hallucination", "constraints", content);
+}
+function buildFormatSection(taskType) {
+  const lines = ["## Output Format", ""];
+  if (taskType === "review") {
+    lines.push("Provide findings in priority order: Critical > Major > Minor > Nitpick");
+    lines.push("For each finding: file, line, issue, and concrete suggestion with code");
+  } else if (taskType === "architecture") {
+    lines.push("Present 2-3 options with trade-offs, then recommend one with justification");
+  } else if (taskType === "debug") {
+    lines.push("1. Root cause analysis");
+    lines.push("2. Minimal fix");
+    lines.push("3. Explanation of why the fix works");
+    lines.push("4. Edge cases to consider");
+  } else {
+    lines.push("Provide clean, production-ready code with brief explanations of key decisions");
+  }
+  return makeSection("format", "format", lines.join("\n"));
+}
+var TASK_ROLES = {
+  debug: "debugger",
+  review: "code reviewer",
+  refactor: "architect",
+  test: "test engineer",
+  docs: "technical writer",
+  feature: "engineer",
+  architecture: "systems architect",
+  "simple-edit": "engineer"
+};
+var COT_STEPS = {
+  debug: [
+    "**Reproduce** \u2014 Understand the exact symptom and when it occurs",
+    "**Hypothesize** \u2014 List the most likely root causes (max 3)",
+    "**Verify** \u2014 Check each hypothesis against the code",
+    "**Fix** \u2014 Apply the minimal fix that addresses the root cause",
+    "**Validate** \u2014 Explain why the fix works and what edge cases it covers"
+  ],
+  review: [
+    "**Understand** \u2014 Read the code and understand its purpose",
+    "**Assess** \u2014 Evaluate correctness, readability, performance, security",
+    "**Prioritize** \u2014 Rank issues by severity (critical > major > minor)",
+    "**Suggest** \u2014 Provide concrete, actionable improvements with code"
+  ],
+  refactor: [
+    "**Analyze** \u2014 Identify code smells and structural issues",
+    "**Plan** \u2014 Define the target structure before changing anything",
+    "**Preserve** \u2014 Ensure behavior doesn't change",
+    "**Refactor** \u2014 Apply changes incrementally",
+    "**Verify** \u2014 Confirm all existing tests still pass"
+  ],
+  test: [
+    "**Identify** \u2014 What needs testing? (happy path, edge cases, errors)",
+    "**Structure** \u2014 Use AAA pattern: Arrange, Act, Assert",
+    "**Cover** \u2014 Test boundaries, null/undefined, async errors",
+    "**Isolate** \u2014 Mock external dependencies, test units independently"
+  ],
+  docs: [
+    "**Read** \u2014 Understand the code before documenting",
+    "**Structure** \u2014 Organize by audience (API users, contributors, operators)",
+    "**Write** \u2014 Clear, concise, with examples"
+  ],
+  feature: [
+    "**Clarify** \u2014 Restate the requirement in your own words",
+    "**Design** \u2014 Plan the approach (types, interfaces, flow)",
+    "**Implement** \u2014 Build incrementally, starting with types",
+    "**Test** \u2014 Write tests alongside implementation",
+    "**Integrate** \u2014 Ensure no regressions"
+  ],
+  architecture: [
+    "**Context** \u2014 Understand current architecture and constraints",
+    "**Options** \u2014 Present 2-3 viable approaches with trade-offs",
+    "**Recommend** \u2014 Choose the best and explain why",
+    "**Plan** \u2014 Define migration steps",
+    "**Risks** \u2014 Identify risks and mitigation strategies"
+  ],
+  "simple-edit": [
+    "**Understand** \u2014 Read the relevant code",
+    "**Plan** \u2014 Think before writing",
+    "**Implement** \u2014 Write clean, well-typed code",
+    "**Verify** \u2014 Check for edge cases"
+  ]
+};
+function makeSection(id, role, content) {
+  const tokens = countTokensChars4(Buffer.byteLength(content, "utf-8"));
+  return { id, role, content, tokens };
+}
+
+// src/engine/quality-benchmark.ts
+async function runQualityBenchmark(analysis, task, budget = 5e4) {
+  const taskType = classifyTask(task);
+  const relevantFiles = identifyRelevantFiles(analysis, task, taskType);
+  const relevantPaths = new Set(relevantFiles.map((f) => f.relativePath));
+  const typeFilesNeeded = findTypeFiles(analysis, relevantFiles);
+  const typePaths = new Set(typeFilesNeeded.map((f) => f.relativePath));
+  const adj = buildAdjacencyList(analysis.graph.edges);
+  const depsNeeded = bfsBidirectional(
+    relevantFiles.map((f) => f.relativePath),
+    adj,
+    2
+  );
+  const ctoSelection = await selectContext({ task, analysis, budget });
+  const ctoMetrics = computeMetrics(
+    ctoSelection.files.map((f) => f.relativePath),
+    ctoSelection.totalTokens,
+    analysis,
+    relevantPaths,
+    typePaths,
+    depsNeeded
+  );
+  const naiveFiles = [...analysis.files].sort((a, b) => a.relativePath.localeCompare(b.relativePath));
+  const naiveSelected = [];
+  let naiveTokens = 0;
+  for (const f of naiveFiles) {
+    if (naiveTokens + f.tokens <= budget) {
+      naiveSelected.push(f.relativePath);
+      naiveTokens += f.tokens;
+    }
+  }
+  if (naiveSelected.length === 0 && analysis.totalTokens <= budget) {
+    for (const f of analysis.files) naiveSelected.push(f.relativePath);
+    naiveTokens = analysis.totalTokens;
+  }
+  const naiveMetrics = computeMetrics(
+    naiveSelected,
+    naiveTokens,
+    analysis,
+    relevantPaths,
+    typePaths,
+    depsNeeded
+  );
+  const shuffled = [...analysis.files].sort(() => Math.random() - 0.5);
+  const randomSelected = [];
+  let randomTokens = 0;
+  for (const f of shuffled) {
+    if (randomTokens + f.tokens <= budget) {
+      randomSelected.push(f.relativePath);
+      randomTokens += f.tokens;
+    }
+  }
+  const randomMetrics = computeMetrics(
+    randomSelected,
+    randomTokens,
+    analysis,
+    relevantPaths,
+    typePaths,
+    depsNeeded
+  );
+  const ctoPrompt = buildPrompt({
+    task,
+    taskType,
+    analysis,
+    selection: ctoSelection,
+    enableCoT: true
+  });
+  const naiveSelectionFiles = naiveSelected.map((p) => {
+    const f = analysis.files.find((af) => af.relativePath === p);
+    return {
+      relativePath: p,
+      tokens: f?.tokens ?? 0,
+      originalTokens: f?.tokens ?? 0,
+      pruneLevel: "full",
+      riskScore: f?.riskScore ?? 0,
+      reason: "alphabetical inclusion"
+    };
+  });
+  const naiveFakeSelection = {
+    files: naiveSelectionFiles,
+    totalTokens: naiveTokens,
+    budget,
+    usedPercent: budget > 0 ? naiveTokens / budget * 100 : 0,
+    coverage: { score: naiveMetrics.completenessScore, missingCritical: [], missingRelevant: [], relevantFiles: [], includedRelevant: [], explanation: "naive selection" },
+    riskScore: 0,
+    deterministic: false,
+    hash: "",
+    decisions: []
+  };
+  const naivePrompt = buildPrompt({
+    task,
+    taskType,
+    analysis,
+    selection: naiveFakeSelection,
+    enableCoT: true
+  });
+  const comparison = {
+    ctoVsNaiveRelevance: ctoMetrics.relevanceScore - naiveMetrics.relevanceScore,
+    ctoVsRandomRelevance: ctoMetrics.relevanceScore - randomMetrics.relevanceScore,
+    ctoVsNaiveCompleteness: ctoMetrics.completenessScore - naiveMetrics.completenessScore,
+    ctoVsRandomCompleteness: ctoMetrics.completenessScore - randomMetrics.completenessScore,
+    ctoNoiseReduction: naiveMetrics.noiseRatio - ctoMetrics.noiseRatio
+  };
+  const verdict = generateVerdict(ctoMetrics, naiveMetrics, randomMetrics, comparison);
+  return {
+    project: analysis.projectName,
+    task,
+    taskType,
+    budget,
+    strategies: {
+      cto: ctoMetrics,
+      naive: naiveMetrics,
+      random: randomMetrics
+    },
+    comparison,
+    prompts: {
+      cto: { rendered: ctoPrompt.rendered, tokens: ctoPrompt.totalTokens },
+      naive: { rendered: naivePrompt.rendered, tokens: naivePrompt.totalTokens }
+    },
+    verdict
+  };
+}
+function identifyRelevantFiles(analysis, task, taskType) {
+  const keywords = extractKeywords(task);
+  const scored = /* @__PURE__ */ new Map();
+  for (const file of analysis.files) {
+    let relevance = 0;
+    for (const kw of keywords) {
+      if (file.relativePath.toLowerCase().includes(kw)) {
+        relevance += 10;
+      }
+    }
+    if (file.riskScore >= 60) relevance += 5;
+    if (file.isHub) relevance += 3;
+    if (file.kind === "entry") relevance += 3;
+    if (file.kind === "type") relevance += 2;
+    if (taskType === "test" && file.kind === "test") relevance += 8;
+    if (taskType === "refactor" && file.complexity > 10) relevance += 4;
+    if (taskType === "debug" && file.riskScore >= 40) relevance += 4;
+    if (relevance > 0) {
+      scored.set(file.relativePath, relevance);
+    }
+  }
+  const adj = buildAdjacencyList(analysis.graph.edges);
+  const seeds = [...scored.keys()];
+  const expanded = bfsBidirectional(seeds, adj, 1);
+  for (const path of expanded) {
+    if (!scored.has(path)) {
+      scored.set(path, 1);
+    }
+  }
+  return analysis.files.filter((f) => scored.has(f.relativePath)).sort((a, b) => (scored.get(b.relativePath) ?? 0) - (scored.get(a.relativePath) ?? 0));
+}
+function extractKeywords(task) {
+  const stopWords = /* @__PURE__ */ new Set([
+    "the",
+    "a",
+    "an",
+    "is",
+    "are",
+    "was",
+    "were",
+    "be",
+    "been",
+    "being",
+    "have",
+    "has",
+    "had",
+    "do",
+    "does",
+    "did",
+    "will",
+    "would",
+    "could",
+    "should",
+    "may",
+    "might",
+    "can",
+    "shall",
+    "to",
+    "of",
+    "in",
+    "for",
+    "on",
+    "with",
+    "at",
+    "by",
+    "from",
+    "as",
+    "into",
+    "through",
+    "and",
+    "but",
+    "or",
+    "nor",
+    "not",
+    "so",
+    "yet",
+    "both",
+    "either",
+    "neither",
+    "this",
+    "that",
+    "these",
+    "those",
+    "it",
+    "its",
+    "my",
+    "your",
+    "our",
+    "their",
+    "his",
+    "her",
+    "fix",
+    "add",
+    "remove",
+    "update",
+    "change",
+    "refactor",
+    "implement",
+    "create",
+    "build",
+    "make",
+    "code",
+    "file"
+  ]);
+  return task.toLowerCase().replace(/[^a-z0-9\s]/g, "").split(/\s+/).filter((w) => w.length > 2 && !stopWords.has(w));
+}
+function findTypeFiles(analysis, relevantFiles) {
+  const adj = buildAdjacencyList(analysis.graph.edges);
+  const typeFiles = /* @__PURE__ */ new Set();
+  for (const file of relevantFiles) {
+    const deps = adj.forward.get(file.relativePath) ?? [];
+    for (const dep of deps) {
+      const depFile = analysis.files.find((f) => f.relativePath === dep);
+      if (depFile && depFile.kind === "type") {
+        typeFiles.add(dep);
+      }
+    }
+  }
+  return analysis.files.filter((f) => typeFiles.has(f.relativePath));
+}
+function computeMetrics(selectedPaths, tokensUsed, analysis, relevantPaths, typePaths, depsNeeded) {
+  const selected = new Set(selectedPaths);
+  const relevantIncluded = selectedPaths.filter((p) => relevantPaths.has(p)).length;
+  const relevanceScore = selectedPaths.length > 0 ? Math.round(relevantIncluded / selectedPaths.length * 100) : 0;
+  const completenessHits = [...relevantPaths].filter((p) => selected.has(p)).length;
+  const completenessScore = relevantPaths.size > 0 ? Math.round(completenessHits / relevantPaths.size * 100) : 100;
+  let irrelevantTokens = 0;
+  for (const path of selectedPaths) {
+    if (!relevantPaths.has(path)) {
+      const f = analysis.files.find((af) => af.relativePath === path);
+      irrelevantTokens += f?.tokens ?? 0;
+    }
+  }
+  const noiseRatio = tokensUsed > 0 ? Math.min(100, Math.round(irrelevantTokens / tokensUsed * 100)) : 0;
+  const typeIncluded = [...typePaths].filter((p) => selected.has(p)).length;
+  const typeCoverage = typePaths.size > 0 ? Math.round(typeIncluded / typePaths.size * 100) : 100;
+  const depsIncluded = [...depsNeeded].filter((p) => selected.has(p)).length;
+  const dependencyClosure = depsNeeded.size > 0 ? Math.round(depsIncluded / depsNeeded.size * 100) : 100;
+  return {
+    filesSelected: selectedPaths.length,
+    tokensUsed,
+    relevanceScore,
+    completenessScore,
+    noiseRatio,
+    typeCoverage,
+    dependencyClosure,
+    relevantFilesIncluded: relevantIncluded,
+    relevantFilesTotal: relevantPaths.size,
+    typeFilesIncluded: typeIncluded,
+    typeFilesNeeded: typePaths.size,
+    depsIncluded,
+    depsNeeded: depsNeeded.size
+  };
+}
+function generateVerdict(cto, naive, random, comp) {
+  const lines = [];
+  lines.push("## Quality Verdict");
+  lines.push("");
+  if (comp.ctoVsNaiveRelevance > 0 && comp.ctoVsNaiveCompleteness > 0) {
+    lines.push(`**CTO produces higher-quality context than both naive and random selection.**`);
+  } else if (comp.ctoVsRandomRelevance > 0) {
+    lines.push(`**CTO produces higher-quality context than random selection.**`);
+  } else {
+    lines.push(`**All strategies perform similarly for this task.**`);
+  }
+  lines.push("");
+  lines.push(`### Relevance (higher = less hallucination risk)`);
+  lines.push(`- CTO: ${cto.relevanceScore}% of included files are relevant`);
+  lines.push(`- Naive: ${naive.relevanceScore}% relevant`);
+  lines.push(`- Random: ${random.relevanceScore}% relevant`);
+  if (comp.ctoVsNaiveRelevance > 0) {
+    lines.push(`- **CTO includes ${comp.ctoVsNaiveRelevance}% more relevant files than naive**`);
+  }
+  lines.push("");
+  lines.push(`### Completeness (higher = more correct code generation)`);
+  lines.push(`- CTO: ${cto.completenessScore}% of required files included`);
+  lines.push(`- Naive: ${naive.completenessScore}% complete`);
+  lines.push(`- Random: ${random.completenessScore}% complete`);
+  if (comp.ctoVsNaiveCompleteness > 0) {
+    lines.push(`- **CTO captures ${comp.ctoVsNaiveCompleteness}% more required files**`);
+  }
+  lines.push("");
+  lines.push(`### Noise (lower = less distraction for the AI)`);
+  lines.push(`- CTO: ${cto.noiseRatio}% noise`);
+  lines.push(`- Naive: ${naive.noiseRatio}% noise`);
+  lines.push(`- Random: ${random.noiseRatio}% noise`);
+  if (comp.ctoNoiseReduction > 0) {
+    lines.push(`- **CTO reduces noise by ${comp.ctoNoiseReduction} percentage points**`);
+  }
+  lines.push("");
+  lines.push(`### Type Coverage (higher = fewer type errors in generated code)`);
+  lines.push(`- CTO: ${cto.typeCoverage}% | Naive: ${naive.typeCoverage}% | Random: ${random.typeCoverage}%`);
+  lines.push("");
+  lines.push(`### Dependency Closure (higher = AI understands import chain)`);
+  lines.push(`- CTO: ${cto.dependencyClosure}% | Naive: ${naive.dependencyClosure}% | Random: ${random.dependencyClosure}%`);
+  return lines.join("\n");
+}
+
+// src/engine/pr-context.ts
+import { resolve as resolve6 } from "path";
+import { execFile } from "child_process";
+import { promisify } from "util";
+var exec = promisify(execFile);
+async function git(args, cwd) {
+  try {
+    const { stdout } = await exec("git", args, { cwd, maxBuffer: 10 * 1024 * 1024 });
+    return stdout.trim();
+  } catch {
+    return "";
+  }
+}
+async function isGitRepo(projectPath) {
+  const result = await git(["rev-parse", "--is-inside-work-tree"], projectPath);
+  return result === "true";
+}
+async function getCurrentBranch(projectPath) {
+  return git(["rev-parse", "--abbrev-ref", "HEAD"], projectPath);
+}
+async function getChangedFilesFromDiff(projectPath, baseBranch) {
+  const results = /* @__PURE__ */ new Map();
+  const workingDiff = await git(["diff", "--numstat", "HEAD"], projectPath);
+  parseDiffNumstat(workingDiff, results, "modified");
+  const stagedDiff = await git(["diff", "--numstat", "--cached"], projectPath);
+  parseDiffNumstat(stagedDiff, results, "modified");
+  const untracked = await git(["ls-files", "--others", "--exclude-standard"], projectPath);
+  for (const line of untracked.split("\n")) {
+    const f = line.trim();
+    if (f && !results.has(f)) {
+      results.set(f, { relativePath: f, changeType: "added", linesAdded: 0, linesRemoved: 0 });
+    }
+  }
+  if (baseBranch) {
+    const branchExists = await git(["rev-parse", "--verify", baseBranch], projectPath);
+    if (branchExists) {
+      const branchDiff = await git(["diff", "--numstat", `${baseBranch}...HEAD`], projectPath);
+      parseDiffNumstat(branchDiff, results, "modified");
+      const nameStatus = await git(["diff", "--name-status", `${baseBranch}...HEAD`], projectPath);
+      for (const line of nameStatus.split("\n")) {
+        const parts = line.trim().split("	");
+        if (parts.length >= 2) {
+          const status = parts[0];
+          const filePath = parts[parts.length - 1];
+          if (results.has(filePath)) {
+            const existing = results.get(filePath);
+            if (status === "A") existing.changeType = "added";
+            else if (status === "D") existing.changeType = "deleted";
+            else if (status.startsWith("R")) existing.changeType = "renamed";
+          }
+        }
+      }
+    }
+  }
+  return [...results.values()];
+}
+function parseDiffNumstat(output, results, defaultType) {
+  for (const line of output.split("\n")) {
+    const parts = line.trim().split("	");
+    if (parts.length < 3) continue;
+    const added = parts[0] === "-" ? 0 : parseInt(parts[0], 10) || 0;
+    const removed = parts[1] === "-" ? 0 : parseInt(parts[1], 10) || 0;
+    const filePath = parts[2];
+    if (!filePath) continue;
+    const existing = results.get(filePath);
+    if (existing) {
+      existing.linesAdded = Math.max(existing.linesAdded, added);
+      existing.linesRemoved = Math.max(existing.linesRemoved, removed);
+    } else {
+      results.set(filePath, {
+        relativePath: filePath,
+        changeType: defaultType,
+        linesAdded: added,
+        linesRemoved: removed
+      });
+    }
+  }
+}
+async function generatePRContext(analysis, options = {}) {
+  const projectPath = resolve6(analysis.projectPath);
+  const baseBranch = options.baseBranch ?? "main";
+  const depth = options.depth ?? 2;
+  const includeTests = options.includeTests ?? false;
+  const gitRepo = await isGitRepo(projectPath);
+  if (!gitRepo) {
+    return emptyResult2(baseBranch);
+  }
+  const currentBranch = await getCurrentBranch(projectPath);
+  const changedFiles = await getChangedFilesFromDiff(projectPath, baseBranch);
+  if (changedFiles.length === 0) {
+    return {
+      ...emptyResult2(baseBranch),
+      currentBranch,
+      isGitRepo: true,
+      renderedSummary: "# PR Context\n\nNo changed files detected."
+    };
+  }
+  const analysisFileSet = new Set(analysis.files.map((f) => f.relativePath));
+  const validChangedPaths = changedFiles.filter((c) => c.changeType !== "deleted" && analysisFileSet.has(c.relativePath)).map((c) => c.relativePath);
+  const adj = buildAdjacencyList(analysis.graph.edges);
+  const expanded = bfsBidirectional(validChangedPaths, adj, depth);
+  const changedSet = new Set(validChangedPaths);
+  const dependencyFiles = [...expanded].filter((f) => !changedSet.has(f));
+  const allRelevantPaths = new Set(expanded);
+  if (!includeTests) {
+    for (const path of allRelevantPaths) {
+      const file = analysis.files.find((f) => f.relativePath === path);
+      if (file && file.kind === "test") {
+        if (!changedSet.has(path)) {
+          allRelevantPaths.delete(path);
+        }
+      }
+    }
+  }
+  const allRelevantFiles = analysis.files.filter((f) => allRelevantPaths.has(f.relativePath)).sort((a, b) => b.riskScore - a.riskScore);
+  const changedAnalyzed = allRelevantFiles.filter((f) => changedSet.has(f.relativePath));
+  const totalChangedTokens = changedAnalyzed.reduce((s, f) => s + f.tokens, 0);
+  const totalContextTokens = allRelevantFiles.reduce((s, f) => s + f.tokens, 0);
+  const riskSummary = {
+    critical: allRelevantFiles.filter((f) => f.riskScore >= 80).length,
+    high: allRelevantFiles.filter((f) => f.riskScore >= 60 && f.riskScore < 80).length,
+    medium: allRelevantFiles.filter((f) => f.riskScore >= 30 && f.riskScore < 60).length,
+    low: allRelevantFiles.filter((f) => f.riskScore < 30).length,
+    maxRiskFile: allRelevantFiles[0]?.relativePath ?? "",
+    maxRiskScore: allRelevantFiles[0]?.riskScore ?? 0
+  };
+  const renderedSummary = renderSummary(
+    analysis,
+    currentBranch,
+    baseBranch,
+    changedFiles,
+    dependencyFiles,
+    allRelevantFiles,
+    changedSet,
+    riskSummary,
+    totalChangedTokens,
+    totalContextTokens
+  );
+  return {
+    baseBranch,
+    currentBranch,
+    isGitRepo: true,
+    changedFiles,
+    dependencyFiles: dependencyFiles.filter((f) => allRelevantPaths.has(f)),
+    allRelevantFiles,
+    totalChangedTokens,
+    totalContextTokens,
+    riskSummary,
+    renderedSummary
+  };
+}
+function renderSummary(analysis, currentBranch, baseBranch, changedFiles, dependencyFiles, allRelevant, changedSet, risk, changedTokens, totalTokens) {
+  const lines = [];
+  lines.push(`## PR Context \u2014 ${analysis.projectName}`);
+  lines.push("");
+  lines.push(`**Branch:** ${currentBranch} \u2190 ${baseBranch}`);
+  lines.push(`**Changed:** ${changedFiles.length} files | **Dependencies:** ${dependencyFiles.length} files`);
+  lines.push(`**Tokens:** ~${Math.round(changedTokens / 1e3)}K changed + ~${Math.round((totalTokens - changedTokens) / 1e3)}K context = ~${Math.round(totalTokens / 1e3)}K total`);
+  lines.push("");
+  if (risk.critical > 0 || risk.high > 0) {
+    lines.push(`\u26A0\uFE0F **Risk:** ${risk.critical} critical + ${risk.high} high-risk files affected`);
+    lines.push(`**Highest risk:** ${risk.maxRiskFile} (score: ${risk.maxRiskScore})`);
+    lines.push("");
+  }
+  lines.push("### Changed Files");
+  lines.push("");
+  const sortedChanged = changedFiles.filter((c) => c.changeType !== "deleted").sort((a, b) => {
+    const fa = allRelevant.find((f) => f.relativePath === a.relativePath);
+    const fb = allRelevant.find((f) => f.relativePath === b.relativePath);
+    return (fb?.riskScore ?? 0) - (fa?.riskScore ?? 0);
+  });
+  for (const c of sortedChanged) {
+    const file = allRelevant.find((f) => f.relativePath === c.relativePath);
+    const risk2 = file ? ` risk:${file.riskScore}` : "";
+    const delta = c.linesAdded || c.linesRemoved ? ` (+${c.linesAdded}/-${c.linesRemoved})` : "";
+    const badge = c.changeType === "added" ? " \u{1F195}" : c.changeType === "renamed" ? " \u{1F4DD}" : "";
+    lines.push(`- \`${c.relativePath}\`${delta}${risk2}${badge}`);
+  }
+  const deleted = changedFiles.filter((c) => c.changeType === "deleted");
+  if (deleted.length > 0) {
+    lines.push("");
+    lines.push(`**Deleted:** ${deleted.map((d) => `\`${d.relativePath}\``).join(", ")}`);
+  }
+  if (dependencyFiles.length > 0) {
+    lines.push("");
+    lines.push("### Dependencies (included for context)");
+    lines.push("");
+    const depWithInfo = dependencyFiles.map((d) => {
+      const file = allRelevant.find((f) => f.relativePath === d);
+      return { path: d, riskScore: file?.riskScore ?? 0, tokens: file?.tokens ?? 0 };
+    }).sort((a, b) => b.riskScore - a.riskScore);
+    for (const d of depWithInfo) {
+      lines.push(`- \`${d.path}\` risk:${d.riskScore} ~${Math.round(d.tokens / 1e3)}K tokens`);
+    }
+  }
+  lines.push("");
+  lines.push("### Review Focus");
+  lines.push("");
+  lines.push("- Review changed files for correctness, especially high-risk files");
+  lines.push("- Dependencies are included for type/interface context \u2014 not for review");
+  lines.push(`- ${analysis.totalFiles - allRelevant.length} files excluded (not affected by this change)`);
+  return lines.join("\n");
+}
+function emptyResult2(baseBranch) {
+  return {
+    baseBranch,
+    currentBranch: "",
+    isGitRepo: false,
+    changedFiles: [],
+    dependencyFiles: [],
+    allRelevantFiles: [],
+    totalChangedTokens: 0,
+    totalContextTokens: 0,
+    riskSummary: { critical: 0, high: 0, medium: 0, low: 0, maxRiskFile: "", maxRiskScore: 0 },
+    renderedSummary: "# PR Context\n\nNot a git repository."
+  };
+}
+
+// src/interact/orchestrator.ts
+import { randomUUID as randomUUID2 } from "crypto";
+
+// src/interact/estimator.ts
+function estimateCost(modelId, inputTokens, totalProjectTokens, estimatedOutputRatio = 0.3) {
+  const spec = getModelSpec(modelId) ?? MODEL_REGISTRY[1];
+  const estimatedOutputTokens = Math.round(inputTokens * estimatedOutputRatio);
+  const inputCost = inputTokens / 1e6 * spec.pricing.inputPerMillion;
+  const outputCost = estimatedOutputTokens / 1e6 * spec.pricing.outputPerMillion;
+  const totalCost = inputCost + outputCost;
+  const woInputCost = totalProjectTokens / 1e6 * spec.pricing.inputPerMillion;
+  const woOutputCost = Math.round(totalProjectTokens * estimatedOutputRatio) / 1e6 * spec.pricing.outputPerMillion;
+  const woTotalCost = woInputCost + woOutputCost;
+  const tokensSaved = totalProjectTokens - inputTokens;
+  const costSaved = woTotalCost - totalCost;
+  const savingsPercent = woTotalCost > 0 ? costSaved / woTotalCost * 100 : 0;
+  return {
+    model: modelId,
+    inputTokens,
+    estimatedOutputTokens,
+    inputCost: round(inputCost),
+    outputCost: round(outputCost),
+    totalCost: round(totalCost),
+    formatted: formatCost(totalCost),
+    withoutOptimization: {
+      inputTokens: totalProjectTokens,
+      totalCost: round(woTotalCost),
+      formatted: formatCost(woTotalCost)
+    },
+    savings: {
+      tokensSaved: Math.max(0, tokensSaved),
+      costSaved: round(Math.max(0, costSaved)),
+      percent: Math.max(0, Math.round(savingsPercent)),
+      formatted: costSaved > 0 ? `saved ${formatCost(costSaved)} (${Math.round(savingsPercent)}%)` : "no savings"
+    }
+  };
+}
+function round(n) {
+  return Math.round(n * 1e6) / 1e6;
+}
+function formatCost(cost) {
+  if (cost < 1e-3) return "<$0.001";
+  if (cost < 0.01) return `$${cost.toFixed(4)}`;
+  if (cost < 1) return `$${cost.toFixed(3)}`;
+  return `$${cost.toFixed(2)}`;
+}
+
+// src/govern/audit.ts
+import { randomUUID, createHash as createHash4 } from "crypto";
+import { readdir as readdir3, chmod } from "fs/promises";
+import { join as join5 } from "path";
+import { userInfo } from "os";
+import { homedir } from "os";
+var CTO_DIR = ".cto-ai";
+var AUDIT_DIR = "audit";
+var MAX_ENTRIES_PER_FILE = 500;
+function getAuditDir() {
+  return join5(homedir(), CTO_DIR, AUDIT_DIR);
+}
+function getCurrentAuditFile() {
+  const date = (/* @__PURE__ */ new Date()).toISOString().split("T")[0].replace(/-/g, "");
+  return join5(getAuditDir(), `audit_${date}.json`);
+}
+function computeIntegrityHash(entry) {
+  const payload = JSON.stringify({
+    id: entry.id,
+    timestamp: entry.timestamp,
+    action: entry.action,
+    user: entry.user,
+    projectPath: entry.projectPath,
+    details: entry.details
+  });
+  return createHash4("sha256").update(payload).digest("hex");
+}
+async function ensureDir(dirPath) {
+  const { mkdir } = await import("fs/promises");
+  await mkdir(dirPath, { recursive: true });
+}
+async function readJSON(filePath) {
+  const { readFile: readFile6 } = await import("fs/promises");
+  try {
+    const content = await readFile6(filePath, "utf-8");
+    return JSON.parse(content);
+  } catch {
+    return null;
+  }
+}
+async function writeJSON(filePath, data) {
+  const { writeFile } = await import("fs/promises");
+  await ensureDir(join5(filePath, ".."));
+  await writeFile(filePath, JSON.stringify(data, null, 2), "utf-8");
+}
+async function logAudit(action, projectPath, details = {}) {
+  const auditDir = getAuditDir();
+  await ensureDir(auditDir);
+  let currentUser;
+  try {
+    currentUser = userInfo().username;
+  } catch {
+    currentUser = process.env.USER ?? process.env.USERNAME ?? "unknown";
+  }
+  const partialEntry = {
+    id: randomUUID().substring(0, 12),
+    timestamp: /* @__PURE__ */ new Date(),
+    action,
+    user: currentUser,
+    projectPath,
+    details
+  };
+  const entry = {
+    ...partialEntry,
+    integrityHash: computeIntegrityHash(partialEntry)
+  };
+  const auditFile = getCurrentAuditFile();
+  let entries = await readJSON(auditFile) ?? [];
+  entries.push(entry);
+  if (entries.length > MAX_ENTRIES_PER_FILE) {
+    entries = entries.slice(-MAX_ENTRIES_PER_FILE);
+  }
+  await writeJSON(auditFile, entries);
+  try {
+    await chmod(auditFile, 384);
+  } catch {
+  }
+  return entry;
+}
+
+// src/interact/orchestrator.ts
+async function planInteraction(input) {
+  const {
+    task,
+    analysis,
+    budget = 5e4,
+    model: preferredModel,
+    policies,
+    depth = 2,
+    enableCoT = true,
+    enableConstraints = true,
+    enableAntiHallucination = true
+  } = input;
+  const decisions = [];
+  const taskType = classifyTask(task);
+  decisions.push({
+    step: "classify",
+    decision: taskType,
+    reason: `Task classified as "${taskType}" based on keyword analysis`,
+    data: { task, taskType }
+  });
+  const context = await selectContext({
+    task,
+    analysis,
+    budget,
+    policies,
+    depth
+  });
+  decisions.push({
+    step: "select-context",
+    decision: `${context.files.length} files selected (${context.totalTokens} tokens)`,
+    reason: `Coverage: ${context.coverage.score}%, Risk: ${context.riskScore}/100`,
+    data: {
+      filesIncluded: context.files.length,
+      tokensUsed: context.totalTokens,
+      budget,
+      coverage: context.coverage.score,
+      risk: context.riskScore
+    }
+  });
+  const modelChoice = routeModel(taskType, analysis, preferredModel);
+  decisions.push({
+    step: "choose-model",
+    decision: modelChoice.model,
+    reason: modelChoice.reason,
+    data: {
+      confidence: modelChoice.confidence,
+      alternatives: modelChoice.alternatives.length
+    }
+  });
+  const prompt = buildPrompt({
+    task,
+    taskType,
+    analysis,
+    selection: context,
+    enableCoT,
+    enableConstraints,
+    enableAntiHallucination
+  });
+  decisions.push({
+    step: "build-prompt",
+    decision: `${prompt.sections.length} sections, ${prompt.totalTokens} tokens`,
+    reason: `Sections: ${prompt.sections.map((s) => s.id).join(", ")}`
+  });
+  const cost = estimateCost(
+    modelChoice.model,
+    context.totalTokens + prompt.totalTokens,
+    analysis.totalTokens
+  );
+  decisions.push({
+    step: "estimate-cost",
+    decision: cost.formatted,
+    reason: cost.savings.formatted,
+    data: {
+      inputTokens: cost.inputTokens,
+      totalCost: cost.totalCost,
+      savings: cost.savings.percent
+    }
+  });
+  const plan = {
+    id: randomUUID2().substring(0, 8),
+    task,
+    taskType,
+    timestamp: /* @__PURE__ */ new Date(),
+    context,
+    model: modelChoice,
+    prompt,
+    cost,
+    decisions
+  };
+  try {
+    await logAudit("interact", analysis.projectPath, {
+      interactionId: plan.id,
+      task,
+      taskType,
+      contextHash: context.hash,
+      filesIncluded: context.files.length,
+      filesExcluded: analysis.totalFiles - context.files.length,
+      tokensUsed: context.totalTokens,
+      coverageScore: context.coverage.score,
+      riskScore: context.riskScore,
+      model: modelChoice.model,
+      estimatedCost: cost.totalCost
+    });
+  } catch {
+  }
+  return plan;
+}
+
+// src/api/server.ts
+var API_VERSION = "1.0.0";
+var DEFAULT_PORT = 3141;
+function validateApiKey(req) {
+  const apiKey = process.env.CTO_API_KEY;
+  if (!apiKey) return true;
+  const authRaw = req.headers["authorization"] ?? req.headers["x-api-key"];
+  if (!authRaw) return false;
+  const auth = Array.isArray(authRaw) ? authRaw[0] : authRaw;
+  const token = auth.startsWith("Bearer ") ? auth.slice(7) : auth;
+  return token === apiKey;
+}
+var rateLimitWindow = 6e4;
+var rateLimitMax = parseInt(process.env.CTO_RATE_LIMIT ?? "60", 10);
+var requestCounts = /* @__PURE__ */ new Map();
+function checkRateLimit(ip) {
+  const now = Date.now();
+  const entry = requestCounts.get(ip);
+  if (!entry || now > entry.reset) {
+    requestCounts.set(ip, { count: 1, reset: now + rateLimitWindow });
+    return true;
+  }
+  if (entry.count >= rateLimitMax) return false;
+  entry.count++;
+  return true;
+}
+function getIP(req) {
+  return req.headers["x-forwarded-for"]?.split(",")[0]?.trim() ?? req.socket.remoteAddress ?? "unknown";
+}
+async function readBody(req) {
+  return new Promise((resolve8, reject) => {
+    const chunks = [];
+    req.on("data", (chunk) => chunks.push(chunk));
+    req.on("end", () => {
+      try {
+        const body = Buffer.concat(chunks).toString("utf-8");
+        resolve8(body ? JSON.parse(body) : {});
+      } catch {
+        reject(new Error("Invalid JSON body"));
+      }
+    });
+    req.on("error", reject);
+  });
+}
+function json(res, status, data) {
+  res.writeHead(status, {
+    "Content-Type": "application/json",
+    "Access-Control-Allow-Origin": "*",
+    "Access-Control-Allow-Headers": "Content-Type, Authorization, X-Api-Key",
+    "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
+    "X-CTO-Version": API_VERSION
+  });
+  res.end(JSON.stringify(data));
+}
+function error(res, status, message) {
+  json(res, status, { error: message, status });
+}
+async function handleAnalyze(body, res) {
+  const { path: projectPath } = body;
+  if (!projectPath) return error(res, 400, "Missing required field: path");
+  const absPath = resolve7(projectPath);
+  const analysis = await getCachedAnalysis(absPath);
+  json(res, 200, {
+    project: analysis.projectName,
+    files: analysis.totalFiles,
+    tokens: analysis.totalTokens,
+    stack: analysis.stack,
+    risk: analysis.riskProfile.distribution,
+    graph: {
+      edges: analysis.graph.edges.length,
+      hubs: analysis.graph.hubs.length,
+      clusters: analysis.graph.clusters.length,
+      orphans: analysis.graph.orphans.length
+    },
+    analyzedAt: analysis.analyzedAt
+  });
+}
+async function handleSelect(body, res) {
+  const { path: projectPath, task, budget } = body;
+  if (!projectPath) return error(res, 400, "Missing required field: path");
+  if (!task) return error(res, 400, "Missing required field: task");
+  const absPath = resolve7(projectPath);
+  const analysis = await getCachedAnalysis(absPath);
+  const selection = await selectContext({
+    task,
+    analysis,
+    budget: budget ?? 5e4
+  });
+  json(res, 200, {
+    files: selection.files.map((f) => ({
+      path: f.relativePath,
+      tokens: f.tokens,
+      pruneLevel: f.pruneLevel,
+      riskScore: f.riskScore,
+      reason: f.reason
+    })),
+    totalTokens: selection.totalTokens,
+    budget: selection.budget,
+    usedPercent: selection.usedPercent,
+    coverage: selection.coverage.score,
+    riskScore: selection.riskScore,
+    hash: selection.hash
+  });
+}
+async function handleScore(body, res) {
+  const { path: projectPath, task, budget } = body;
+  if (!projectPath) return error(res, 400, "Missing required field: path");
+  const absPath = resolve7(projectPath);
+  const analysis = await getCachedAnalysis(absPath);
+  const score = await computeContextScore(
+    analysis,
+    task ?? "general code review and refactoring",
+    budget ?? 5e4
+  );
+  json(res, 200, {
+    overall: score.overall,
+    grade: score.grade,
+    dimensions: {
+      efficiency: score.dimensions.efficiency.score,
+      coverage: score.dimensions.coverage.score,
+      riskControl: score.dimensions.riskControl.score,
+      structure: score.dimensions.structure.score,
+      governance: score.dimensions.governance.score
+    },
+    comparison: score.comparison,
+    insights: score.insights,
+    meta: score.meta
+  });
+}
+async function handleBenchmark(body, res) {
+  const { path: projectPath, task, budget } = body;
+  if (!projectPath) return error(res, 400, "Missing required field: path");
+  const absPath = resolve7(projectPath);
+  const analysis = await getCachedAnalysis(absPath);
+  const result = await runBenchmark(
+    analysis,
+    task ?? "general code review and refactoring",
+    budget ?? 5e4
+  );
+  json(res, 200, result);
+}
+async function handleQuality(body, res) {
+  const { path: projectPath, task, budget } = body;
+  if (!projectPath) return error(res, 400, "Missing required field: path");
+  if (!task) return error(res, 400, "Missing required field: task");
+  const absPath = resolve7(projectPath);
+  const analysis = await getCachedAnalysis(absPath);
+  const result = await runQualityBenchmark(analysis, task, budget ?? 5e4);
+  json(res, 200, {
+    strategies: result.strategies,
+    comparison: result.comparison,
+    verdict: result.verdict,
+    promptTokens: {
+      cto: result.prompts.cto.tokens,
+      naive: result.prompts.naive.tokens
+    }
+  });
+}
+async function handlePRContext(body, res) {
+  const { path: projectPath, baseBranch, depth, includeTests } = body;
+  if (!projectPath) return error(res, 400, "Missing required field: path");
+  const absPath = resolve7(projectPath);
+  const analysis = await getCachedAnalysis(absPath);
+  const pr = await generatePRContext(analysis, {
+    baseBranch: baseBranch ?? "main",
+    depth: depth ?? 2,
+    includeTests: includeTests ?? false
+  });
+  json(res, 200, {
+    isGitRepo: pr.isGitRepo,
+    baseBranch: pr.baseBranch,
+    currentBranch: pr.currentBranch,
+    changedFiles: pr.changedFiles,
+    dependencyFiles: pr.dependencyFiles,
+    totalChangedTokens: pr.totalChangedTokens,
+    totalContextTokens: pr.totalContextTokens,
+    riskSummary: pr.riskSummary
+  });
+}
+async function handleInteract(body, res) {
+  const { path: projectPath, task, budget, model } = body;
+  if (!projectPath) return error(res, 400, "Missing required field: path");
+  if (!task) return error(res, 400, "Missing required field: task");
+  const absPath = resolve7(projectPath);
+  const analysis = await getCachedAnalysis(absPath);
+  const plan = await planInteraction({
+    task,
+    analysis,
+    budget: budget ?? 5e4,
+    model
+  });
+  json(res, 200, {
+    id: plan.id,
+    task: plan.task,
+    model: plan.model,
+    context: {
+      files: plan.context.files.length,
+      totalTokens: plan.context.totalTokens,
+      coverage: plan.context.coverage.score,
+      riskScore: plan.context.riskScore
+    },
+    prompt: {
+      tokens: plan.prompt.totalTokens,
+      sections: plan.prompt.sections.map((s) => s.id),
+      rendered: plan.prompt.rendered
+    },
+    cost: plan.cost,
+    decisions: plan.decisions
+  });
+}
+function handleHealth(_body, res) {
+  json(res, 200, {
+    status: "ok",
+    version: API_VERSION,
+    uptime: process.uptime(),
+    rateLimit: {
+      max: rateLimitMax,
+      windowMs: rateLimitWindow
+    }
+  });
+}
+function handleOpenAPI(_body, res) {
+  json(res, 200, {
+    openapi: "3.1.0",
+    info: {
+      title: "CTO Context-as-a-Service API",
+      version: API_VERSION,
+      description: "AI context optimization API. Analyzes codebases, scores context quality, selects optimal files."
+    },
+    servers: [{ url: `http://localhost:${process.env.PORT ?? DEFAULT_PORT}` }],
+    security: [{ apiKey: [] }],
+    components: {
+      securitySchemes: {
+        apiKey: {
+          type: "apiKey",
+          in: "header",
+          name: "Authorization",
+          description: "Bearer token. Set CTO_API_KEY env var on server."
+        }
+      }
+    },
+    paths: {
+      "/v1/analyze": {
+        post: {
+          summary: "Analyze a project",
+          requestBody: { content: { "application/json": { schema: { type: "object", required: ["path"], properties: { path: { type: "string", description: "Absolute path to project" } } } } } },
+          responses: { "200": { description: "Project analysis summary" } }
+        }
+      },
+      "/v1/select": {
+        post: {
+          summary: "Select optimal context for a task",
+          requestBody: { content: { "application/json": { schema: { type: "object", required: ["path", "task"], properties: { path: { type: "string" }, task: { type: "string" }, budget: { type: "number", default: 5e4 } } } } } },
+          responses: { "200": { description: "Selected files with tokens, risk, coverage" } }
+        }
+      },
+      "/v1/score": {
+        post: {
+          summary: "Get Context Score\u2122 (0-100)",
+          requestBody: { content: { "application/json": { schema: { type: "object", required: ["path"], properties: { path: { type: "string" }, task: { type: "string" }, budget: { type: "number" } } } } } },
+          responses: { "200": { description: "Context Score with dimensions and savings" } }
+        }
+      },
+      "/v1/benchmark": {
+        post: {
+          summary: "Run CTO vs naive vs random benchmark",
+          requestBody: { content: { "application/json": { schema: { type: "object", required: ["path"], properties: { path: { type: "string" }, task: { type: "string" }, budget: { type: "number" } } } } } },
+          responses: { "200": { description: "Three-way benchmark comparison" } }
+        }
+      },
+      "/v1/quality": {
+        post: {
+          summary: "Quality benchmark \u2014 relevance, completeness, noise",
+          requestBody: { content: { "application/json": { schema: { type: "object", required: ["path", "task"], properties: { path: { type: "string" }, task: { type: "string" }, budget: { type: "number" } } } } } },
+          responses: { "200": { description: "Quality metrics for CTO vs naive vs random" } }
+        }
+      },
+      "/v1/pr-context": {
+        post: {
+          summary: "PR-focused context from git diff",
+          requestBody: { content: { "application/json": { schema: { type: "object", required: ["path"], properties: { path: { type: "string" }, baseBranch: { type: "string", default: "main" }, depth: { type: "number", default: 2 } } } } } },
+          responses: { "200": { description: "Changed files, dependencies, risk summary" } }
+        }
+      },
+      "/v1/interact": {
+        post: {
+          summary: "Full pipeline: analyze \u2192 select \u2192 prompt \u2192 cost",
+          requestBody: { content: { "application/json": { schema: { type: "object", required: ["path", "task"], properties: { path: { type: "string" }, task: { type: "string" }, budget: { type: "number" }, model: { type: "string" } } } } } },
+          responses: { "200": { description: "Full interaction plan with prompt and cost" } }
+        }
+      },
+      "/v1/health": {
+        get: {
+          summary: "Health check",
+          responses: { "200": { description: "Server status" } }
+        }
+      }
+    }
+  });
+}
+var routes = {
+  "POST /v1/analyze": handleAnalyze,
+  "POST /v1/select": handleSelect,
+  "POST /v1/score": handleScore,
+  "POST /v1/benchmark": handleBenchmark,
+  "POST /v1/quality": handleQuality,
+  "POST /v1/pr-context": handlePRContext,
+  "POST /v1/interact": handleInteract,
+  "GET /v1/health": handleHealth,
+  "GET /v1/openapi": handleOpenAPI,
+  "GET /v1/openapi.json": handleOpenAPI
+};
+function createAPIServer() {
+  const server2 = createServer(async (req, res) => {
+    if (req.method === "OPTIONS") {
+      res.writeHead(204, {
+        "Access-Control-Allow-Origin": "*",
+        "Access-Control-Allow-Headers": "Content-Type, Authorization, X-Api-Key",
+        "Access-Control-Allow-Methods": "GET, POST, OPTIONS"
+      });
+      return res.end();
+    }
+    const ip = getIP(req);
+    const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
+    const routeKey = `${req.method} ${url.pathname}`;
+    if (!checkRateLimit(ip)) {
+      return error(res, 429, "Rate limit exceeded. Try again later.");
+    }
+    if (!validateApiKey(req)) {
+      return error(res, 401, "Unauthorized. Provide a valid API key via Authorization header.");
+    }
+    const handler = routes[routeKey];
+    if (!handler) {
+      return error(res, 404, `Not found: ${routeKey}. GET /v1/openapi for docs.`);
+    }
+    try {
+      const body = req.method === "GET" ? {} : await readBody(req);
+      await handler(body, res);
+    } catch (err) {
+      console.error(`[CTO API] Error on ${routeKey}:`, err.message);
+      error(res, 500, err.message ?? "Internal server error");
+    }
+  });
+  return server2;
+}
+var port = parseInt(process.env.PORT ?? `${DEFAULT_PORT}`, 10);
+var server = createAPIServer();
+server.listen(port, () => {
+  const keyStatus = process.env.CTO_API_KEY ? "\u{1F512} API key required" : "\u{1F513} Open (set CTO_API_KEY to secure)";
+  console.log(`
+  \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557
+  \u2551                                              \u2551
+  \u2551   \u26A1 CTO Context-as-a-Service API v${API_VERSION}    \u2551
+  \u2551                                              \u2551
+  \u2551   http://localhost:${port.toString().padEnd(25)}\u2551
+  \u2551   ${keyStatus.padEnd(42)} \u2551
+  \u2551   Rate limit: ${rateLimitMax} req/min${"".padEnd(20)} \u2551
+  \u2551                                              \u2551
+  \u2551   GET  /v1/health     \u2014 Status               \u2551
+  \u2551   GET  /v1/openapi    \u2014 API docs             \u2551
+  \u2551   POST /v1/analyze    \u2014 Analyze project      \u2551
+  \u2551   POST /v1/select     \u2014 Select context       \u2551
+  \u2551   POST /v1/score      \u2014 Context Score\u2122       \u2551
+  \u2551   POST /v1/benchmark  \u2014 CTO vs naive         \u2551
+  \u2551   POST /v1/quality    \u2014 Quality benchmark    \u2551
+  \u2551   POST /v1/pr-context \u2014 PR context           \u2551
+  \u2551   POST /v1/interact   \u2014 Full pipeline        \u2551
+  \u2551                                              \u2551
+  \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D
+`);
+});
+export {
+  createAPIServer
+};
+//# sourceMappingURL=server.js.map