cto-ai-cli 5.2.0 → 7.1.0

package/dist/interact/index.js

@@ -1,1542 +0,0 @@
-// src/interact/orchestrator.ts
-import { randomUUID as randomUUID2 } from "crypto";
-
-// src/engine/selector.ts
-import { createHash as createHash2 } from "crypto";
-
-// src/govern/secrets.ts
-import { readFile } from "fs/promises";
-import { readFileSync, existsSync, mkdirSync, writeFileSync } from "fs";
-import { resolve, relative, join, dirname } from "path";
-import { createHash } from "crypto";
-var BUILTIN_PATTERNS = [
-  // API Keys
-  { type: "api-key", source: `(?:api[_-]?key|apikey)\\s*[:=]\\s*['"]?([a-zA-Z0-9_\\-]{20,})['"]?`, flags: "gi", severity: "critical", description: "API Key" },
-  { type: "api-key", source: "sk-[a-zA-Z0-9]{20,}", flags: "g", severity: "critical", description: "OpenAI/Anthropic API Key" },
-  { type: "api-key", source: "sk-ant-[a-zA-Z0-9\\-]{20,}", flags: "g", severity: "critical", description: "Anthropic API Key" },
-  // AWS
-  { type: "aws-key", source: "AKIA[0-9A-Z]{16}", flags: "g", severity: "critical", description: "AWS Access Key ID" },
-  { type: "aws-key", source: `(?:aws_secret_access_key|aws_secret)\\s*[:=]\\s*['"]?([a-zA-Z0-9/+=]{40})['"]?`, flags: "gi", severity: "critical", description: "AWS Secret Key" },
-  // Private Keys
-  { type: "private-key", source: "-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----", flags: "g", severity: "critical", description: "Private Key" },
-  { type: "private-key", source: "-----BEGIN OPENSSH PRIVATE KEY-----", flags: "g", severity: "critical", description: "SSH Private Key" },
-  // Passwords
-  { type: "password", source: `(?:password|passwd|pwd)\\s*[:=]\\s*['"]([^'"]{8,})['"](?!\\s*\\{)`, flags: "gi", severity: "high", description: "Hardcoded Password" },
-  { type: "password", source: `(?:DB_PASSWORD|DATABASE_PASSWORD|MYSQL_PASSWORD|POSTGRES_PASSWORD)\\s*[:=]\\s*['"]?([^'"{}\\s]{4,})['"]?`, flags: "gi", severity: "high", description: "Database Password" },
-  // Tokens
-  { type: "token", source: `(?:bearer|token|auth_token|access_token|refresh_token)\\s*[:=]\\s*['"]([a-zA-Z0-9_\\-.]{20,})['"](?!\\s*\\{)`, flags: "gi", severity: "high", description: "Auth Token" },
-  { type: "token", source: "ghp_[a-zA-Z0-9]{36}", flags: "g", severity: "critical", description: "GitHub Personal Access Token" },
-  { type: "token", source: "gho_[a-zA-Z0-9]{36}", flags: "g", severity: "critical", description: "GitHub OAuth Token" },
-  { type: "token", source: "glpat-[a-zA-Z0-9\\-]{20,}", flags: "g", severity: "critical", description: "GitLab Personal Access Token" },
-  { type: "token", source: "npm_[a-zA-Z0-9]{36}", flags: "g", severity: "high", description: "npm Token" },
-  // Connection strings
-  { type: "connection-string", source: `(?:mongodb(?:\\+srv)?|postgres(?:ql)?|mysql|redis|amqp):\\/\\/[^\\s'"]+:[^\\s'"]+@[^\\s'"]+`, flags: "gi", severity: "critical", description: "Database Connection String" },
-  { type: "connection-string", source: `(?:DATABASE_URL|REDIS_URL|MONGODB_URI)\\s*[:=]\\s*['"]?([^\\s'"]{10,})['"]?`, flags: "gi", severity: "high", description: "Database URL" },
-  // Environment variables with secrets
-  { type: "env-variable", source: `(?:SECRET|PRIVATE|ENCRYPTION)[_-]?(?:KEY|TOKEN|PASS)\\s*[:=]\\s*['"]?([^\\s'"]{8,})['"]?`, flags: "gi", severity: "high", description: "Secret Environment Variable" },
-  // Stripe
-  { type: "api-key", source: "sk_live_[a-zA-Z0-9]{24,}", flags: "g", severity: "critical", description: "Stripe Live Secret Key" },
-  { type: "api-key", source: "pk_live_[a-zA-Z0-9]{24,}", flags: "g", severity: "high", description: "Stripe Live Publishable Key" },
-  { type: "api-key", source: "rk_live_[a-zA-Z0-9]{24,}", flags: "g", severity: "critical", description: "Stripe Restricted Key" },
-  // Slack
-  { type: "token", source: "xoxb-[0-9]{10,}-[0-9]{10,}-[a-zA-Z0-9]{24,}", flags: "g", severity: "critical", description: "Slack Bot Token" },
-  { type: "token", source: "xoxp-[0-9]{10,}-[0-9]{10,}-[a-zA-Z0-9]{24,}", flags: "g", severity: "critical", description: "Slack User Token" },
-  { type: "api-key", source: "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]+/B[a-zA-Z0-9_]+/[a-zA-Z0-9_]+", flags: "g", severity: "high", description: "Slack Webhook URL" },
-  // Google
-  { type: "api-key", source: "AIza[0-9A-Za-z_-]{35}", flags: "g", severity: "high", description: "Google API Key" },
-  { type: "token", source: "ya29\\.[0-9A-Za-z_-]+", flags: "g", severity: "high", description: "Google OAuth Token" },
-  // Azure
-  { type: "api-key", source: "(?:AccountKey|SharedAccessKey)\\s*=\\s*[a-zA-Z0-9+/=]{40,}", flags: "g", severity: "critical", description: "Azure Storage Key" },
-  // Twilio
-  { type: "api-key", source: "AC[a-f0-9]{32}", flags: "g", severity: "high", description: "Twilio Account SID" },
-  // SendGrid
-  { type: "api-key", source: "SG\\.[a-zA-Z0-9_-]{22}\\.[a-zA-Z0-9_-]{43}", flags: "g", severity: "critical", description: "SendGrid API Key" },
-  // JWT
-  { type: "token", source: "eyJ[a-zA-Z0-9_-]{10,}\\.eyJ[a-zA-Z0-9_-]{10,}\\.[a-zA-Z0-9_-]{10,}", flags: "g", severity: "high", description: "JSON Web Token" },
-  // Datadog
-  { type: "api-key", source: `(?:DD_API_KEY|DATADOG_API_KEY)\\s*[:=]\\s*['"]?([a-f0-9]{32})['"]?`, flags: "gi", severity: "critical", description: "Datadog API Key" },
-  { type: "api-key", source: `(?:DD_APP_KEY|DATADOG_APP_KEY)\\s*[:=]\\s*['"]?([a-f0-9]{40})['"]?`, flags: "gi", severity: "critical", description: "Datadog App Key" },
-  // Sentry
-  { type: "connection-string", source: "https://[a-f0-9]{32}@[a-z0-9]+\\.ingest\\.sentry\\.io/[0-9]+", flags: "g", severity: "high", description: "Sentry DSN" },
-  // Firebase
-  { type: "api-key", source: `(?:FIREBASE_API_KEY|FIREBASE_KEY)\\s*[:=]\\s*['"]?([a-zA-Z0-9_\\-]{30,})['"]?`, flags: "gi", severity: "high", description: "Firebase API Key" },
-  { type: "connection-string", source: `firebase[a-z]*:\\/\\/[^\\s'"]+`, flags: "gi", severity: "high", description: "Firebase URL" },
-  // Supabase
-  { type: "api-key", source: "sbp_[a-f0-9]{40}", flags: "g", severity: "critical", description: "Supabase Service Key" },
-  { type: "token", source: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\\.[a-zA-Z0-9_-]{20,}\\.[a-zA-Z0-9_-]{20,}", flags: "g", severity: "high", description: "Supabase Anon/Service JWT" },
-  // Vercel
-  { type: "token", source: `(?:VERCEL_TOKEN|VERCEL_API_TOKEN)\\s*[:=]\\s*['"]?([a-zA-Z0-9]{24,})['"]?`, flags: "gi", severity: "critical", description: "Vercel Token" },
-  // Heroku
-  { type: "api-key", source: `(?:HEROKU_API_KEY|HEROKU_TOKEN)\\s*[:=]\\s*['"]?([a-f0-9\\-]{36,})['"]?`, flags: "gi", severity: "critical", description: "Heroku API Key" },
-  // DigitalOcean
-  { type: "token", source: "dop_v1_[a-f0-9]{64}", flags: "g", severity: "critical", description: "DigitalOcean Personal Access Token" },
-  { type: "token", source: "doo_v1_[a-f0-9]{64}", flags: "g", severity: "critical", description: "DigitalOcean OAuth Token" },
-  // Mailgun
-  { type: "api-key", source: "key-[a-zA-Z0-9]{32}", flags: "g", severity: "high", description: "Mailgun API Key" },
-  // PII
-  { type: "pii", source: "\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Z|a-z]{2,}\\b", flags: "g", severity: "medium", description: "Email Address (PII)" },
-  { type: "pii", source: "\\b(?!000|666|9\\d{2})(\\d{3})[-.]?(?!00)(\\d{2})[-.]?(?!0000)(\\d{4})\\b", flags: "g", severity: "high", description: "Possible SSN (PII)" }
-];
-var _cachedBuiltinPatterns = null;
-function getBuiltinPatterns() {
-  if (!_cachedBuiltinPatterns) {
-    _cachedBuiltinPatterns = BUILTIN_PATTERNS.map((def) => ({
-      type: def.type,
-      pattern: new RegExp(def.source, def.flags),
-      severity: def.severity,
-      description: def.description
-    }));
-  }
-  return _cachedBuiltinPatterns;
-}
-function buildPatterns(customPatterns = []) {
-  const builtins = getBuiltinPatterns();
-  if (customPatterns.length === 0) return builtins;
-  const patterns = [...builtins];
-  for (const custom of customPatterns) {
-    try {
-      patterns.push({
-        type: "custom",
-        pattern: new RegExp(custom, "gi"),
-        severity: "medium",
-        description: `Custom pattern: ${custom}`
-      });
-    } catch {
-    }
-  }
-  return patterns;
-}
-function scanContentForSecrets(content, filePath, customPatterns = [], extraPiiSafeDomains) {
-  const findings = [];
-  const lines = content.split("\n");
-  const allPatterns = buildPatterns(customPatterns);
-  for (const secretPattern of allPatterns) {
-    for (let i = 0; i < lines.length; i++) {
-      const line = lines[i];
-      secretPattern.pattern.lastIndex = 0;
-      let match;
-      while ((match = secretPattern.pattern.exec(line)) !== null) {
-        const matchText = match[0];
-        if (isTemplateOrPlaceholder(matchText)) continue;
-        if (secretPattern.type === "pii" && isSafeEmail(matchText, extraPiiSafeDomains)) continue;
-        findings.push({
-          type: secretPattern.type,
-          file: filePath,
-          line: i + 1,
-          match: matchText,
-          redacted: redactSecret(matchText),
-          severity: secretPattern.severity
-        });
-      }
-    }
-  }
-  return deduplicateFindings(findings);
-}
-async function scanFileForSecrets(filePath, projectPath, customPatterns = []) {
-  try {
-    const content = await readFile(filePath, "utf-8");
-    const relPath = relative(resolve(projectPath), resolve(filePath));
-    return scanContentForSecrets(content, relPath, customPatterns);
-  } catch {
-    return [];
-  }
-}
-function redactSecret(value) {
-  if (value.length <= 8) return "***REDACTED***";
-  const prefix = value.substring(0, 4);
-  const suffix = value.substring(value.length - 2);
-  return `${prefix}${"*".repeat(Math.min(value.length - 6, 20))}${suffix}`;
-}
-function isTemplateOrPlaceholder(value) {
-  const placeholders = [
-    /\$\{.*\}/,
-    /\{\{.*\}\}/,
-    /%[sd]/,
-    /<[A-Z_]+>/,
-    /YOUR_.*_HERE/i,
-    /\bCHANGE_ME\b/i,
-    /\bPLACEHOLDER\b/i,
-    /\bexample\b/i,
-    /\bTODO\b/i,
-    /xxx+/i,
-    /\breplace.?me\b/i,
-    /\bdummy\b/i,
-    /\btest_?key\b/i,
-    /\bsample\b/i
-  ];
-  return placeholders.some((p) => p.test(value));
-}
-var PII_SAFE_EMAIL_DOMAINS = /* @__PURE__ */ new Set([
-  "example.com",
-  "example.org",
-  "example.net",
-  "test.com",
-  "test.org",
-  "test.net",
-  "localhost",
-  "localhost.localdomain",
-  "email.com",
-  "mail.com",
-  "foo.com",
-  "bar.com",
-  "baz.com",
-  "acme.com",
-  "company.com",
-  "corp.com",
-  "noreply.com",
-  "no-reply.com",
-  "users.noreply.github.com",
-  "placeholder.com"
-]);
-function isSafeEmail(value, extraDomains) {
-  const match = value.match(/@([a-zA-Z0-9.-]+)$/);
-  if (!match) return false;
-  const domain = match[1].toLowerCase();
-  if (PII_SAFE_EMAIL_DOMAINS.has(domain)) return true;
-  if (extraDomains && extraDomains.has(domain)) return true;
-  return false;
-}
-function deduplicateFindings(findings) {
-  const seen = /* @__PURE__ */ new Set();
-  return findings.filter((f) => {
-    const key = `${f.file}:${f.line}:${f.type}:${f.match}`;
-    if (seen.has(key)) return false;
-    seen.add(key);
-    return true;
-  });
-}
-
-// src/engine/pruner.ts
-import { readFile as readFile3 } from "fs/promises";
-
-// src/engine/tokenizer.ts
-import { encodingForModel } from "js-tiktoken";
-import { readFile as readFile2, stat } from "fs/promises";
-var CHARS_PER_TOKEN = 4;
-function countTokensChars4(sizeInBytes) {
-  return Math.ceil(sizeInBytes / CHARS_PER_TOKEN);
-}
-
-// src/engine/pruner.ts
-var TS_EXTENSIONS = /* @__PURE__ */ new Set(["ts", "tsx", "js", "jsx", "mts", "mjs"]);
-async function pruneFile(file, level) {
-  if (level === "excluded") {
-    return emptyResult(file, "excluded");
-  }
-  if (level === "full") {
-    return fullContent(file);
-  }
-  const ext = file.extension.toLowerCase();
-  const isTS = TS_EXTENSIONS.has(ext);
-  if (isTS) {
-    return pruneTypeScript(file, level);
-  }
-  return pruneGeneric(file, level);
-}
-async function pruneTypeScript(file, level) {
-  let content;
-  try {
-    content = await readFile3(file.path, "utf-8");
-  } catch {
-    return emptyResult(file, level);
-  }
-  const prunedContent = level === "signatures" ? extractSignaturesRegex(content) : extractSkeletonRegex(content);
-  const prunedTokens = countTokensChars4(Buffer.byteLength(prunedContent, "utf-8"));
-  const savingsPercent = file.tokens > 0 ? (file.tokens - prunedTokens) / file.tokens * 100 : 0;
-  return {
-    relativePath: file.relativePath,
-    originalTokens: file.tokens,
-    prunedTokens,
-    pruneLevel: level,
-    content: prunedContent,
-    savingsPercent: Math.max(0, savingsPercent)
-  };
-}
-function extractSignaturesRegex(content) {
-  const lines = content.split("\n");
-  const parts = [];
-  let i = 0;
-  while (i < lines.length) {
-    const line = lines[i];
-    const trimmed = line.trim();
-    if (trimmed === "") {
-      i++;
-      continue;
-    }
-    if (trimmed.startsWith("/**")) {
-      const docLines = [];
-      while (i < lines.length) {
-        docLines.push(lines[i]);
-        if (lines[i].includes("*/")) {
-          i++;
-          break;
-        }
-        i++;
-      }
-      parts.push(docLines.join("\n"));
-      continue;
-    }
-    if (trimmed.startsWith("//")) {
-      parts.push(line);
-      i++;
-      continue;
-    }
-    if (/^\s*(import|export)\s/.test(line) && (trimmed.includes(" from ") || trimmed.startsWith("import "))) {
-      const block = collectBracedLine(lines, i);
-      parts.push(block.text);
-      i = block.nextIndex;
-      continue;
-    }
-    if (/^\s*export\s*(\{|\*)/.test(trimmed)) {
-      const block = collectBracedLine(lines, i);
-      parts.push(block.text);
-      i = block.nextIndex;
-      continue;
-    }
-    if (/^\s*(export\s+)?type\s+\w/.test(trimmed) && !trimmed.startsWith("typeof")) {
-      const block = collectBalanced(lines, i);
-      parts.push(block.text);
-      i = block.nextIndex;
-      continue;
-    }
-    if (/^\s*(export\s+)?interface\s+\w/.test(trimmed)) {
-      const block = collectBalanced(lines, i);
-      parts.push(block.text);
-      i = block.nextIndex;
-      continue;
-    }
-    if (/^\s*(export\s+)?(const\s+)?enum\s+\w/.test(trimmed)) {
-      const block = collectBalanced(lines, i);
-      parts.push(block.text);
-      i = block.nextIndex;
-      continue;
-    }
-    const fnMatch = trimmed.match(/^(export\s+)?(async\s+)?function\s+(\w+)/);
-    if (fnMatch) {
-      const sig = extractFnSignature(lines, i);
-      parts.push(`${sig} { /* ... */ }`);
-      i = skipBlock(lines, i);
-      continue;
-    }
-    const arrowMatch = trimmed.match(/^(export\s+)?(const|let|var)\s+(\w+)/);
-    if (arrowMatch && looksLikeFunctionDecl(lines, i)) {
-      const prefix = trimmed.match(/^((?:export\s+)?(?:const|let|var)\s+\w+[^=]*=)/)?.[1];
-      if (prefix) {
-        parts.push(`${prefix} /* ... */;`);
-      }
-      i = skipBlock(lines, i);
-      continue;
-    }
-    if (arrowMatch) {
-      const block = collectStatement(lines, i);
-      parts.push(block.text);
-      i = block.nextIndex;
-      continue;
-    }
-    if (/^\s*(export\s+)?(abstract\s+)?class\s+\w/.test(trimmed)) {
-      const classOutline = extractClassOutline(lines, i);
-      parts.push(classOutline.text);
-      i = classOutline.nextIndex;
-      continue;
-    }
-    i++;
-  }
-  return parts.join("\n");
-}
-function extractSkeletonRegex(content) {
-  const lines = content.split("\n");
-  const parts = [];
-  let i = 0;
-  while (i < lines.length) {
-    const trimmed = lines[i].trim();
-    if (/^import\s/.test(trimmed)) {
-      const block = collectBracedLine(lines, i);
-      parts.push(block.text);
-      i = block.nextIndex;
-      continue;
-    }
-    if (/^export\s+(type|interface)\s+\w/.test(trimmed)) {
-      const block = collectBalanced(lines, i);
-      parts.push(block.text);
-      i = block.nextIndex;
-      continue;
-    }
-    if (/^export\s+(const\s+)?enum\s+\w/.test(trimmed)) {
-      const block = collectBalanced(lines, i);
-      parts.push(block.text);
-      i = block.nextIndex;
-      continue;
-    }
-    if (/^export\s+(async\s+)?function\s+\w/.test(trimmed)) {
-      const sig = extractFnSignature(lines, i);
-      parts.push(`${sig};`);
-      i = skipBlock(lines, i);
-      continue;
-    }
-    if (/^export\s+(abstract\s+)?class\s+/.test(trimmed)) {
-      const nameMatch = trimmed.match(/class\s+(\w+)/);
-      const name = nameMatch?.[1] ?? "Unknown";
-      const end = skipBlock(lines, i);
-      const methods = [];
-      for (let j = i + 1; j < end; j++) {
-        const mt = lines[j].trim();
-        const mm = mt.match(/^(?:static\s+)?(?:async\s+)?(\w+)\s*\(/);
-        if (mm && mm[1] !== "constructor") methods.push(mm[1]);
-      }
-      parts.push(`export class ${name} { /* methods: ${methods.join(", ")} */ }`);
-      i = end;
-      continue;
-    }
-    if (/^export\s*(\{|\*)/.test(trimmed)) {
-      const block = collectBracedLine(lines, i);
-      parts.push(block.text);
-      i = block.nextIndex;
-      continue;
-    }
-    i++;
-  }
-  return parts.join("\n");
-}
-function collectBracedLine(lines, start) {
-  let text = lines[start];
-  let i = start + 1;
-  while (i < lines.length && !text.includes(";") && !text.trimEnd().endsWith("'") && !text.trimEnd().endsWith('"')) {
-    text += "\n" + lines[i];
-    i++;
-  }
-  return { text, nextIndex: i };
-}
-function collectBalanced(lines, start) {
-  let depth = 0;
-  let text = "";
-  let i = start;
-  let started = false;
-  while (i < lines.length) {
-    const line = lines[i];
-    text += (text ? "\n" : "") + line;
-    for (const ch of line) {
-      if (ch === "{" || ch === "(") {
-        depth++;
-        started = true;
-      }
-      if (ch === "}" || ch === ")") depth--;
-    }
-    i++;
-    if (started && depth <= 0) break;
-    if (!started && line.includes(";")) break;
-  }
-  return { text, nextIndex: i };
-}
-function collectStatement(lines, start) {
-  let text = lines[start];
-  let i = start + 1;
-  if (text.includes(";")) return { text, nextIndex: i };
-  let depth = 0;
-  for (const ch of text) {
-    if (ch === "{" || ch === "(" || ch === "[") depth++;
-    if (ch === "}" || ch === ")" || ch === "]") depth--;
-  }
-  while (i < lines.length && depth > 0) {
-    text += "\n" + lines[i];
-    for (const ch of lines[i]) {
-      if (ch === "{" || ch === "(" || ch === "[") depth++;
-      if (ch === "}" || ch === ")" || ch === "]") depth--;
-    }
-    i++;
-  }
-  return { text, nextIndex: i };
-}
-function extractFnSignature(lines, start) {
-  let sig = "";
-  let i = start;
-  while (i < lines.length) {
-    const line = lines[i].trim();
-    sig += (sig ? " " : "") + line;
-    if (line.includes("{")) {
-      sig = sig.replace(/\s*\{[^]*$/, "").trim();
-      break;
-    }
-    i++;
-  }
-  return sig;
-}
-function skipBlock(lines, start) {
-  let depth = 0;
-  let i = start;
-  let foundBrace = false;
-  while (i < lines.length) {
-    for (const ch of lines[i]) {
-      if (ch === "{") {
-        depth++;
-        foundBrace = true;
-      }
-      if (ch === "}") depth--;
-    }
-    i++;
-    if (foundBrace && depth <= 0) break;
-    if (!foundBrace && lines[i - 1].includes(";")) break;
-  }
-  return i;
-}
-function looksLikeFunctionDecl(lines, start) {
-  const chunk = lines.slice(start, Math.min(start + 5, lines.length)).join(" ");
-  return /=>/.test(chunk) || /=\s*function/.test(chunk);
-}
-function extractClassOutline(lines, start) {
-  const header = lines[start].trim();
-  let headerText = header;
-  let i = start + 1;
-  if (!header.includes("{")) {
-    while (i < lines.length) {
-      headerText += " " + lines[i].trim();
-      if (lines[i].includes("{")) {
-        i++;
-        break;
-      }
-      i++;
-    }
-  } else {
-    i = start + 1;
-  }
-  const bodyParts = [headerText.replace(/\{[^]*$/, "{").trim()];
-  let depth = 1;
-  while (i < lines.length && depth > 0) {
-    const line = lines[i];
-    const trimmed = line.trim();
-    for (const ch of line) {
-      if (ch === "{") depth++;
-      if (ch === "}") depth--;
-    }
-    if (depth <= 0) {
-      i++;
-      break;
-    }
-    if (depth === 1) {
-      if (/^(private|protected|public|readonly|static|#)/.test(trimmed) && !trimmed.includes("(")) {
-        bodyParts.push(`  ${trimmed}`);
-      } else if (/^constructor\s*\(/.test(trimmed)) {
-        const sig = extractFnSignature(lines, i);
-        bodyParts.push(`  ${sig} { /* ... */ }`);
-      } else if (/^(?:static\s+)?(?:async\s+)?(?:get\s+|set\s+)?\w+\s*[(<]/.test(trimmed) && !trimmed.startsWith("//")) {
-        const sig = extractFnSignature(lines, i);
-        bodyParts.push(`  ${sig} { /* ... */ }`);
-      }
-    }
-    i++;
-  }
-  bodyParts.push("}");
-  return { text: bodyParts.join("\n"), nextIndex: i };
-}
-async function pruneGeneric(file, level) {
-  let content;
-  try {
-    content = await readFile3(file.path, "utf-8");
-  } catch {
-    return emptyResult(file, level);
-  }
-  return pruneGenericFromContent(file, content, level);
-}
-function pruneGenericFromContent(file, content, level) {
-  const lines = content.split("\n");
-  let result;
-  if (level === "signatures") {
-    result = lines.filter((line) => {
-      const t = line.trim();
-      return t === "" || t.startsWith("#") || t.startsWith("//") || t.startsWith("import ") || t.startsWith("from ") || t.startsWith("export ") || t.startsWith("def ") || t.startsWith("async def ") || t.startsWith("class ") || t.startsWith("function ") || t.startsWith("const ") || t.startsWith("let ") || t.startsWith("var ") || /^(pub |fn |struct |enum |impl |mod |use )/.test(t);
-    });
-  } else {
-    result = lines.filter((line) => {
-      const t = line.trim();
-      return t.startsWith("import ") || t.startsWith("from ") || t.startsWith("export ") || t.startsWith("def ") || t.startsWith("class ") || t.startsWith("function ") || /^(pub |fn |struct |enum |mod |use )/.test(t);
-    });
-  }
-  const prunedContent = result.join("\n");
-  const prunedTokens = countTokensChars4(Buffer.byteLength(prunedContent, "utf-8"));
-  const savingsPercent = file.tokens > 0 ? (file.tokens - prunedTokens) / file.tokens * 100 : 0;
-  return {
-    relativePath: file.relativePath,
-    originalTokens: file.tokens,
-    prunedTokens,
-    pruneLevel: level,
-    content: prunedContent,
-    savingsPercent: Math.max(0, savingsPercent)
-  };
-}
-async function fullContent(file) {
-  let content = "";
-  try {
-    content = await readFile3(file.path, "utf-8");
-  } catch {
-  }
-  return {
-    relativePath: file.relativePath,
-    originalTokens: file.tokens,
-    prunedTokens: file.tokens,
-    pruneLevel: "full",
-    content,
-    savingsPercent: 0
-  };
-}
-function emptyResult(file, level) {
-  return {
-    relativePath: file.relativePath,
-    originalTokens: file.tokens,
-    prunedTokens: 0,
-    pruneLevel: level,
-    content: "",
-    savingsPercent: 100
-  };
-}
-
-// src/engine/graph-utils.ts
-function buildAdjacencyList(edges) {
-  const forward = /* @__PURE__ */ new Map();
-  const reverse = /* @__PURE__ */ new Map();
-  for (const edge of edges) {
-    if (!forward.has(edge.from)) forward.set(edge.from, []);
-    forward.get(edge.from).push(edge.to);
-    if (!reverse.has(edge.to)) reverse.set(edge.to, []);
-    reverse.get(edge.to).push(edge.from);
-  }
-  return { forward, reverse };
-}
-function bfsBidirectional(seeds, adj, depth) {
-  const result = new Set(seeds);
-  let frontier = [...seeds];
-  const visited = /* @__PURE__ */ new Set();
-  for (let d = 0; d < depth; d++) {
-    const nextFrontier = [];
-    for (const node of frontier) {
-      if (visited.has(node)) continue;
-      visited.add(node);
-      const fwd = adj.forward.get(node);
-      if (fwd) {
-        for (const neighbor of fwd) {
-          if (!visited.has(neighbor)) {
-            result.add(neighbor);
-            nextFrontier.push(neighbor);
-          }
-        }
-      }
-      const rev = adj.reverse.get(node);
-      if (rev) {
-        for (const neighbor of rev) {
-          if (!visited.has(neighbor)) {
-            result.add(neighbor);
-            nextFrontier.push(neighbor);
-          }
-        }
-      }
-    }
-    frontier = nextFrontier;
-  }
-  return result;
-}
-function matchGlob(path, pattern) {
-  const regexStr = pattern.replace(/\./g, "\\.").replace(/\*\*/g, "\xA7\xA7").replace(/\*/g, "[^/]*").replace(/§§/g, ".*").replace(/\?/g, ".");
-  try {
-    return new RegExp(`^${regexStr}$`).test(path);
-  } catch {
-    return false;
-  }
-}
-
-// src/engine/coverage.ts
-function calculateCoverage(targetPaths, includedPaths, allFiles, graph, depth = 2) {
-  const adj = buildAdjacencyList(graph.edges);
-  const relevantSet = targetPaths.length > 0 ? bfsBidirectional(targetPaths, adj, depth) : /* @__PURE__ */ new Set();
-  const includedSet = new Set(includedPaths);
-  const tempFileMap = new Map(allFiles.map((f) => [f.relativePath, f]));
-  for (const path of includedPaths) {
-    const file = tempFileMap.get(path);
-    if (!file) continue;
-    for (const imp of file.imports) {
-      const impFile = tempFileMap.get(imp);
-      if (impFile && impFile.kind === "type") {
-        relevantSet.add(imp);
-      }
-    }
-  }
-  const relevantFiles = Array.from(relevantSet);
-  const includedRelevant = relevantFiles.filter((f) => includedSet.has(f));
-  const missingRelevant = relevantFiles.filter((f) => !includedSet.has(f));
-  const missingCritical = missingRelevant.filter((f) => {
-    const file = tempFileMap.get(f);
-    return file && (file.exclusionImpact === "critical" || file.exclusionImpact === "high");
-  });
-  const fileMap = new Map(allFiles.map((f) => [f.relativePath, f]));
-  let totalRelevantRisk = 0;
-  let includedRelevantRisk = 0;
-  for (const f of relevantFiles) {
-    const risk = fileMap.get(f)?.riskScore ?? 1;
-    totalRelevantRisk += risk;
-    if (includedSet.has(f)) {
-      includedRelevantRisk += risk;
-    }
-  }
-  const score = totalRelevantRisk > 0 ? Math.round(includedRelevantRisk / totalRelevantRisk * 100) : relevantFiles.length > 0 ? Math.round(includedRelevant.length / relevantFiles.length * 100) : 100;
-  let explanation;
-  if (score >= 90) {
-    explanation = `Excellent coverage (${score}%): AI has nearly all relevant context.`;
-  } else if (score >= 70) {
-    explanation = `Good coverage (${score}%): Most relevant files included.`;
-    if (missingCritical.length > 0) {
-      explanation += ` Warning: ${missingCritical.length} critical file(s) missing.`;
-    }
-  } else if (score >= 50) {
-    explanation = `Partial coverage (${score}%): Significant context is missing.`;
-    if (missingCritical.length > 0) {
-      explanation += ` ${missingCritical.length} critical file(s) not included \u2014 AI quality will degrade.`;
-    }
-  } else {
-    explanation = `Low coverage (${score}%): Most relevant files are excluded. AI response quality will be poor.`;
-  }
-  return {
-    score,
-    relevantFiles,
-    includedRelevant,
-    missingRelevant,
-    missingCritical,
-    explanation
-  };
-}
-
-// src/engine/budget.ts
-function getPruneLevelForRisk(riskScore) {
-  if (riskScore >= 80) return "full";
-  if (riskScore >= 60) return "full";
-  if (riskScore >= 30) return "signatures";
-  return "skeleton";
-}
-
-// src/engine/selector.ts
-async function selectContext(input) {
-  const { task, analysis, budget, policies, depth = 2 } = input;
-  const decisions = [];
-  const targetPaths = identifyTargetFiles(task, analysis.files);
-  if (targetPaths.length > 0) {
-    decisions.push({
-      file: targetPaths.join(", "),
-      action: "include-full",
-      reason: `Target file(s) identified from task description`
-    });
-  }
-  const adj = buildAdjacencyList(analysis.graph.edges);
-  const expandedPaths = targetPaths.length > 0 ? Array.from(bfsBidirectional(targetPaths, adj, depth)) : [];
-  const expansionCount = expandedPaths.length - targetPaths.length;
-  if (expansionCount > 0) {
-    decisions.push({
-      file: `${expansionCount} dependencies`,
-      action: "include-full",
-      reason: `Expanded ${targetPaths.length} target(s) to ${expandedPaths.length} files via dependency graph (depth ${depth})`
-    });
-  }
-  const allFileMap = new Map(analysis.files.map((f) => [f.relativePath, f]));
-  if (targetPaths.length > 0) {
-    for (const path of expandedPaths) {
-      const file = allFileMap.get(path);
-      if (!file) continue;
-      for (const imp of file.imports) {
-        const impFile = allFileMap.get(imp);
-        if (impFile && impFile.kind === "type") {
-          expandedPaths.push(imp);
-        }
-      }
-    }
-  }
-  const { mustInclude, mustExclude } = applyPolicies(analysis.files, policies);
-  const candidateSet = /* @__PURE__ */ new Set([...expandedPaths, ...mustInclude]);
-  if (targetPaths.length === 0) {
-    for (const f of analysis.files) {
-      candidateSet.add(f.relativePath);
-    }
-  }
-  for (const ex of mustExclude) {
-    candidateSet.delete(ex);
-    decisions.push({
-      file: ex,
-      action: "exclude",
-      reason: "Excluded by policy"
-    });
-  }
-  const hasSecretBlock = policies?.rules.some(
-    (r) => r.type === "secret-block" && r.enabled
-  );
-  if (hasSecretBlock) {
-    for (const path of Array.from(candidateSet)) {
-      const file = allFileMap.get(path);
-      if (!file) continue;
-      const findings = await scanFileForSecrets(
-        file.path,
-        analysis.projectPath
-      );
-      if (findings.length > 0) {
-        candidateSet.delete(path);
-        decisions.push({
-          file: path,
-          action: "exclude",
-          reason: `Blocked: ${findings.length} secret(s) detected (${findings.map((f) => f.type).join(", ")})`
-        });
-      }
-    }
-  }
-  const candidates = Array.from(candidateSet).map((p) => allFileMap.get(p)).filter((f) => f !== void 0).sort((a, b) => {
-    const aIsTarget = targetPaths.includes(a.relativePath) ? 0 : 1;
-    const bIsTarget = targetPaths.includes(b.relativePath) ? 0 : 1;
-    if (aIsTarget !== bIsTarget) return aIsTarget - bIsTarget;
-    const aIsMust = mustInclude.has(a.relativePath) ? 0 : 1;
-    const bIsMust = mustInclude.has(b.relativePath) ? 0 : 1;
-    if (aIsMust !== bIsMust) return aIsMust - bIsMust;
-    return b.riskScore - a.riskScore;
-  });
-  const selectedFiles = [];
-  let usedTokens = 0;
-  for (const file of candidates) {
-    const isTarget = targetPaths.includes(file.relativePath);
-    const isMustInclude = mustInclude.has(file.relativePath);
-    const defaultLevel = isTarget ? "full" : getPruneLevelForRisk(file.riskScore);
-    const levels = getCascadeLevels(defaultLevel);
-    let included = false;
-    for (const level of levels) {
-      if (level === "excluded") break;
-      let tokens;
-      if (level === "full") {
-        tokens = file.tokens;
-      } else {
-        const pruned = await pruneFile(file, level);
-        tokens = pruned.prunedTokens;
-      }
-      if (usedTokens + tokens <= budget) {
-        usedTokens += tokens;
-        selectedFiles.push({
-          relativePath: file.relativePath,
-          tokens,
-          originalTokens: file.tokens,
-          pruneLevel: level,
-          riskScore: file.riskScore,
-          reason: buildReason(file, level, isTarget, isMustInclude)
-        });
-        if (level !== defaultLevel) {
-          decisions.push({
-            file: file.relativePath,
-            action: `include-${level}`,
-            reason: `Downgraded from ${defaultLevel} to ${level} due to budget constraint`,
-            alternatives: `Would need ${file.tokens - tokens} more tokens for ${defaultLevel}`
-          });
-        }
-        included = true;
-        break;
-      }
-    }
-    if (!included) {
-      decisions.push({
-        file: file.relativePath,
-        action: "exclude",
-        reason: `Budget exhausted (risk: ${file.riskScore}, needs ${file.tokens} tokens)`
-      });
-    }
-  }
-  const includedPaths = selectedFiles.map((f) => f.relativePath);
-  const coverage = calculateCoverage(
-    targetPaths,
-    includedPaths,
-    analysis.files,
-    analysis.graph,
-    depth
-  );
-  const includedSet = new Set(includedPaths);
-  const excludedFiles = analysis.files.filter(
-    (f) => !includedSet.has(f.relativePath)
-  );
-  const excludedRisk = excludedFiles.length > 0 ? Math.round(excludedFiles.reduce((s, f) => s + f.riskScore, 0) / excludedFiles.length) : 0;
-  const hashInput = selectedFiles.map((f) => `${f.relativePath}:${f.pruneLevel}`).sort().join("|") + `|budget:${budget}`;
-  const hash = createHash2("sha256").update(hashInput).digest("hex").substring(0, 16);
-  return {
-    files: selectedFiles,
-    totalTokens: usedTokens,
-    budget,
-    usedPercent: budget > 0 ? Math.round(usedTokens / budget * 100 * 10) / 10 : 0,
-    coverage,
-    riskScore: excludedRisk,
-    deterministic: true,
-    hash,
-    decisions
-  };
-}
-function identifyTargetFiles(task, files) {
-  const targets = [];
-  const pathPattern = /(?:^|\s|["'`])([.\w/-]+\.[a-zA-Z]{1,4})(?:\s|$|["'`]|,|:)/g;
-  let match;
-  while ((match = pathPattern.exec(task)) !== null) {
-    const candidate = match[1];
-    const found = files.find(
-      (f) => f.relativePath === candidate || f.relativePath.endsWith(candidate)
-    );
-    if (found && !targets.includes(found.relativePath)) {
-      targets.push(found.relativePath);
-    }
-  }
-  return targets;
-}
-function applyPolicies(files, policies) {
-  const mustInclude = /* @__PURE__ */ new Set();
-  const mustExclude = /* @__PURE__ */ new Set();
-  if (!policies) return { mustInclude, mustExclude };
-  for (const rule of policies.rules) {
-    if (!rule.enabled) continue;
-    if (rule.type === "include-always" && rule.pattern) {
-      for (const file of files) {
-        if (matchGlob(file.relativePath, rule.pattern)) {
-          mustInclude.add(file.relativePath);
-        }
-      }
-    }
-    if (rule.type === "exclude-always" && rule.pattern) {
-      for (const file of files) {
-        if (matchGlob(file.relativePath, rule.pattern)) {
-          mustExclude.add(file.relativePath);
-        }
-      }
-    }
-  }
-  return { mustInclude, mustExclude };
-}
-function getCascadeLevels(startLevel) {
-  const all = ["full", "signatures", "skeleton", "excluded"];
-  const startIdx = all.indexOf(startLevel);
-  return all.slice(startIdx);
-}
-function buildReason(file, level, isTarget, isMustInclude) {
-  if (isTarget) return "Target file";
-  if (isMustInclude) return "Required by policy";
-  const impact = file.exclusionImpact;
-  const levelStr = level === "full" ? "full content" : level;
-  if (impact === "critical") return `Critical dependency (risk ${file.riskScore}) \u2014 ${levelStr}`;
-  if (impact === "high") return `High-risk dependency (risk ${file.riskScore}) \u2014 ${levelStr}`;
-  if (impact === "medium") return `Medium relevance (risk ${file.riskScore}) \u2014 ${levelStr}`;
-  return `Low relevance (risk ${file.riskScore}) \u2014 ${levelStr}`;
-}
-
-// src/interact/router.ts
-var MODEL_REGISTRY = [
-  {
-    id: "claude-haiku-3.5",
-    name: "Claude 3.5 Haiku",
-    tier: "fast",
-    pricing: { inputPerMillion: 0.8, outputPerMillion: 4, cacheReadPerMillion: 0.08 },
-    contextWindow: 2e5,
-    strengths: ["speed", "simple-tasks", "low-cost"]
-  },
-  {
-    id: "claude-sonnet-4",
-    name: "Claude Sonnet 4",
-    tier: "balanced",
-    pricing: { inputPerMillion: 3, outputPerMillion: 15, cacheReadPerMillion: 0.3 },
-    contextWindow: 2e5,
-    strengths: ["code-generation", "refactoring", "balanced-reasoning"]
-  },
-  {
-    id: "claude-opus-4",
-    name: "Claude Opus 4",
-    tier: "reasoning",
-    pricing: { inputPerMillion: 15, outputPerMillion: 75, cacheReadPerMillion: 1.5 },
-    contextWindow: 2e5,
-    strengths: ["deep-reasoning", "architecture", "complex-debugging"]
-  }
-];
-var ROUTING_RULES = [
-  {
-    task: "simple-edit",
-    defaultModel: "claude-haiku-3.5",
-    upgradeIf: () => false,
-    upgradeTo: "claude-haiku-3.5",
-    reason: "Simple edits are best handled by fast models",
-    upgradeReason: ""
-  },
-  {
-    task: "docs",
-    defaultModel: "claude-haiku-3.5",
-    upgradeIf: (a) => a.totalTokens > 1e5,
-    upgradeTo: "claude-sonnet-4",
-    reason: "Documentation tasks are straightforward",
-    upgradeReason: "Large codebase \u2014 Sonnet provides better understanding"
-  },
-  {
-    task: "test",
-    defaultModel: "claude-sonnet-4",
-    upgradeIf: (a) => a.riskProfile.overallComplexity > 15,
-    upgradeTo: "claude-opus-4",
-    reason: "Test generation requires good code understanding",
-    upgradeReason: "High complexity codebase \u2014 Opus for better test coverage"
-  },
-  {
-    task: "debug",
-    defaultModel: "claude-sonnet-4",
-    upgradeIf: (a) => a.riskProfile.distribution.critical > 5,
-    upgradeTo: "claude-opus-4",
-    reason: "Debugging requires solid reasoning about code flow",
-    upgradeReason: "Many critical files involved \u2014 Opus for deeper analysis"
-  },
-  {
-    task: "refactor",
-    defaultModel: "claude-sonnet-4",
-    upgradeIf: (a) => a.totalFiles > 50 && a.riskProfile.overallComplexity > 10,
-    upgradeTo: "claude-opus-4",
-    reason: "Refactoring needs good structural understanding",
-    upgradeReason: "Large + complex project \u2014 Opus for safer refactoring"
-  },
-  {
-    task: "review",
-    defaultModel: "claude-sonnet-4",
-    upgradeIf: (a) => a.riskProfile.distribution.critical > 3,
-    upgradeTo: "claude-opus-4",
-    reason: "Code review benefits from balanced reasoning",
-    upgradeReason: "Critical code under review \u2014 Opus for thorough analysis"
-  },
-  {
-    task: "feature",
-    defaultModel: "claude-sonnet-4",
-    upgradeIf: (a) => a.totalFiles > 100,
-    upgradeTo: "claude-opus-4",
-    reason: "Feature development needs code generation + understanding",
-    upgradeReason: "Large codebase \u2014 Opus for better integration"
-  },
-  {
-    task: "architecture",
-    defaultModel: "claude-opus-4",
-    upgradeIf: () => false,
-    upgradeTo: "claude-opus-4",
-    reason: "Architecture decisions require deep reasoning",
-    upgradeReason: ""
-  }
-];
-var TASK_KEYWORDS = {
-  debug: ["debug", "fix", "bug", "error", "issue", "broken", "crash", "failing", "wrong"],
-  review: ["review", "check", "assess", "evaluate", "audit", "inspect", "critique"],
-  refactor: ["refactor", "restructure", "reorganize", "clean up", "simplify", "extract", "move"],
-  test: ["test", "spec", "coverage", "unit test", "integration test", "e2e"],
-  docs: ["document", "docs", "readme", "jsdoc", "comment", "explain"],
-  feature: ["add", "implement", "create", "build", "new", "feature", "endpoint"],
-  architecture: ["architecture", "design", "system", "structure", "migrate", "pattern"],
-  "simple-edit": ["rename", "typo", "update", "change", "modify", "tweak", "adjust"]
-};
-function classifyTask(taskDescription) {
-  const lower = taskDescription.toLowerCase();
-  let bestType = "simple-edit";
-  let bestScore = 0;
-  for (const [type, keywords] of Object.entries(TASK_KEYWORDS)) {
-    let score = 0;
-    for (const kw of keywords) {
-      if (lower.includes(kw)) score++;
-    }
-    if (score > bestScore) {
-      bestScore = score;
-      bestType = type;
-    }
-  }
-  return bestType;
-}
-function routeModel(taskType, analysis, preferredModel) {
-  if (preferredModel) {
-    const spec = MODEL_REGISTRY.find((m) => m.id === preferredModel);
-    if (spec) {
-      return {
-        model: preferredModel,
-        reason: "User-specified model",
-        confidence: 1,
-        alternatives: buildAlternatives(preferredModel, taskType)
-      };
-    }
-  }
-  const rule = ROUTING_RULES.find((r) => r.task === taskType);
-  if (!rule) {
-    return {
-      model: "claude-sonnet-4",
-      reason: "Default model for unrecognized task type",
-      confidence: 0.5,
-      alternatives: buildAlternatives("claude-sonnet-4", taskType)
-    };
-  }
-  const shouldUpgrade = rule.upgradeIf(analysis);
-  const model = shouldUpgrade ? rule.upgradeTo : rule.defaultModel;
-  const reason = shouldUpgrade ? rule.upgradeReason : rule.reason;
-  return {
-    model,
-    reason,
-    confidence: shouldUpgrade ? 0.8 : 0.9,
-    alternatives: buildAlternatives(model, taskType)
-  };
-}
-function buildAlternatives(chosenModel, taskType) {
-  return MODEL_REGISTRY.filter((m) => m.id !== chosenModel).map((m) => {
-    const chosen = MODEL_REGISTRY.find((r) => r.id === chosenModel);
-    const costDelta = m.pricing.inputPerMillion - chosen.pricing.inputPerMillion;
-    const tradeoff = costDelta > 0 ? `More capable but ${(costDelta / chosen.pricing.inputPerMillion * 100).toFixed(0)}% more expensive` : `${Math.abs(costDelta / chosen.pricing.inputPerMillion * 100).toFixed(0)}% cheaper but less capable`;
-    return { model: m.id, costDelta, tradeoff };
-  });
-}
-function getModelSpec(modelId) {
-  return MODEL_REGISTRY.find((m) => m.id === modelId);
-}
-
-// src/interact/estimator.ts
-function estimateCost(modelId, inputTokens, totalProjectTokens, estimatedOutputRatio = 0.3) {
-  const spec = getModelSpec(modelId) ?? MODEL_REGISTRY[1];
-  const estimatedOutputTokens = Math.round(inputTokens * estimatedOutputRatio);
-  const inputCost = inputTokens / 1e6 * spec.pricing.inputPerMillion;
-  const outputCost = estimatedOutputTokens / 1e6 * spec.pricing.outputPerMillion;
-  const totalCost = inputCost + outputCost;
-  const woInputCost = totalProjectTokens / 1e6 * spec.pricing.inputPerMillion;
-  const woOutputCost = Math.round(totalProjectTokens * estimatedOutputRatio) / 1e6 * spec.pricing.outputPerMillion;
-  const woTotalCost = woInputCost + woOutputCost;
-  const tokensSaved = totalProjectTokens - inputTokens;
-  const costSaved = woTotalCost - totalCost;
-  const savingsPercent = woTotalCost > 0 ? costSaved / woTotalCost * 100 : 0;
-  return {
-    model: modelId,
-    inputTokens,
-    estimatedOutputTokens,
-    inputCost: round(inputCost),
-    outputCost: round(outputCost),
-    totalCost: round(totalCost),
-    formatted: formatCost(totalCost),
-    withoutOptimization: {
-      inputTokens: totalProjectTokens,
-      totalCost: round(woTotalCost),
-      formatted: formatCost(woTotalCost)
-    },
-    savings: {
-      tokensSaved: Math.max(0, tokensSaved),
-      costSaved: round(Math.max(0, costSaved)),
-      percent: Math.max(0, Math.round(savingsPercent)),
-      formatted: costSaved > 0 ? `saved ${formatCost(costSaved)} (${Math.round(savingsPercent)}%)` : "no savings"
-    }
-  };
-}
-function round(n) {
-  return Math.round(n * 1e6) / 1e6;
-}
-function formatCost(cost) {
-  if (cost < 1e-3) return "<$0.001";
-  if (cost < 0.01) return `$${cost.toFixed(4)}`;
-  if (cost < 1) return `$${cost.toFixed(3)}`;
-  return `$${cost.toFixed(2)}`;
-}
-
-// src/interact/prompt.ts
-function buildPrompt(options) {
-  const {
-    task,
-    taskType,
-    analysis,
-    selection,
-    enableCoT = true,
-    enableConstraints = true,
-    enableAntiHallucination = true
-  } = options;
-  const sections = [];
-  sections.push(buildSystemSection(analysis.stack, taskType));
-  sections.push(buildContextSection(analysis, selection));
-  sections.push(buildTaskSection(task, taskType));
-  if (enableConstraints) {
-    sections.push(buildConstraintsSection(analysis.stack, taskType));
-  }
-  if (enableCoT) {
-    sections.push(buildCoTSection(taskType));
-  }
-  if (enableAntiHallucination) {
-    sections.push(buildAntiHallucinationSection());
-  }
-  sections.push(buildFormatSection(taskType));
-  const rendered = sections.map((s) => s.content).join("\n\n---\n\n");
-  const totalTokens = sections.reduce((s, sec) => s + sec.tokens, 0);
-  return { sections, totalTokens, rendered };
-}
-function buildSystemSection(stack, taskType) {
-  const stackStr = stack.length > 0 ? stack.join(", ") : "software";
-  const taskRole = TASK_ROLES[taskType] ?? "engineer";
-  const content = [
-    `You are a senior ${stackStr} ${taskRole} with deep expertise in clean architecture, testing, and production-quality code.`,
-    "You prioritize correctness, readability, and maintainability.",
-    "You never make assumptions without evidence from the code."
-  ].join(" ");
-  return makeSection("system", "system", content);
-}
-function buildContextSection(analysis, selection) {
-  const lines = [];
-  lines.push(`## Project: ${analysis.projectName}`);
-  lines.push(`Stack: ${analysis.stack.join(", ") || "Unknown"}`);
-  lines.push(`Files analyzed: ${analysis.totalFiles} | Tokens: ~${Math.round(analysis.totalTokens / 1e3)}K`);
-  lines.push(`Context coverage: ${selection.coverage.score}% | Risk score: ${selection.riskScore}/100`);
-  lines.push("");
-  lines.push("### Included Files");
-  lines.push("");
-  const fullFiles = selection.files.filter((f) => f.pruneLevel === "full");
-  const sigFiles = selection.files.filter((f) => f.pruneLevel === "signatures");
-  const skelFiles = selection.files.filter((f) => f.pruneLevel === "skeleton");
-  if (fullFiles.length > 0) {
-    lines.push("**Full content (read these first):**");
-    for (const f of fullFiles) {
-      lines.push(`- \`${f.relativePath}\` (~${Math.round(f.tokens / 1e3)}K tokens) \u2014 ${f.reason}`);
-    }
-    lines.push("");
-  }
-  if (sigFiles.length > 0) {
-    lines.push("**Signatures only (reference as needed):**");
-    for (const f of sigFiles) {
-      lines.push(`- \`${f.relativePath}\` (~${Math.round(f.tokens / 1e3)}K tokens)`);
-    }
-    lines.push("");
-  }
-  if (skelFiles.length > 0) {
-    lines.push("**Skeleton (structure overview):**");
-    for (const f of skelFiles) {
-      lines.push(`- \`${f.relativePath}\``);
-    }
-    lines.push("");
-  }
-  if (selection.coverage.missingCritical.length > 0) {
-    lines.push("\u26A0\uFE0F **Missing critical files** (not included due to budget):");
-    for (const f of selection.coverage.missingCritical) {
-      lines.push(`- \`${f}\``);
-    }
-    lines.push("");
-  }
-  const content = lines.join("\n");
-  return makeSection("context", "context", content);
-}
-function buildTaskSection(task, taskType) {
-  const content = [
-    "## Task",
-    "",
-    task,
-    "",
-    `Task type: **${taskType}**`
-  ].join("\n");
-  return makeSection("task", "task", content);
-}
-function buildConstraintsSection(stack, taskType) {
-  const lines = ["## Constraints", ""];
-  lines.push("- **Do NOT** delete or modify existing tests unless explicitly asked");
-  lines.push("- **Do NOT** change function signatures that are part of the public API");
-  lines.push("- **Do NOT** introduce new dependencies without mentioning it");
-  lines.push("- **Always** handle errors explicitly (no silent catches)");
-  lines.push("- **Always** preserve existing code style and conventions");
-  lines.push("- **Prefer** minimal changes \u2014 smallest diff that solves the problem");
-  if (stack.includes("TypeScript")) {
-    lines.push("- **Always** use strict TypeScript types (no `any` unless unavoidable)");
-    lines.push("- **Always** add explicit return types to exported functions");
-  }
-  if (taskType === "refactor") {
-    lines.push("- **Do NOT** change behavior \u2014 refactoring must be behavior-preserving");
-    lines.push("- **Verify** all existing tests still pass after changes");
-  }
-  if (taskType === "test") {
-    lines.push("- Use AAA pattern: Arrange, Act, Assert");
-    lines.push("- Test boundaries, null/undefined, async errors, type edges");
-    lines.push('- Use descriptive test names: "should [expected] when [condition]"');
-  }
-  return makeSection("constraints", "constraints", lines.join("\n"));
-}
-function buildCoTSection(taskType) {
-  const steps = COT_STEPS[taskType] ?? COT_STEPS["simple-edit"];
-  const lines = ["## Thinking Process", "", "Before writing any code:"];
-  steps.forEach((step, i) => {
-    lines.push(`${i + 1}. ${step}`);
-  });
-  return makeSection("cot", "constraints", lines.join("\n"));
-}
-function buildAntiHallucinationSection() {
-  const content = [
-    "## Important",
-    "",
-    "- Only reference files, functions, and APIs that exist in the provided context",
-    "- If you are unsure about something, say so explicitly",
-    "- Do NOT invent function signatures, types, or module paths",
-    "- If the context is insufficient to complete the task, explain what is missing"
-  ].join("\n");
-  return makeSection("anti-hallucination", "constraints", content);
-}
-function buildFormatSection(taskType) {
-  const lines = ["## Output Format", ""];
-  if (taskType === "review") {
-    lines.push("Provide findings in priority order: Critical > Major > Minor > Nitpick");
-    lines.push("For each finding: file, line, issue, and concrete suggestion with code");
-  } else if (taskType === "architecture") {
-    lines.push("Present 2-3 options with trade-offs, then recommend one with justification");
-  } else if (taskType === "debug") {
-    lines.push("1. Root cause analysis");
-    lines.push("2. Minimal fix");
-    lines.push("3. Explanation of why the fix works");
-    lines.push("4. Edge cases to consider");
-  } else {
-    lines.push("Provide clean, production-ready code with brief explanations of key decisions");
-  }
-  return makeSection("format", "format", lines.join("\n"));
-}
-var TASK_ROLES = {
-  debug: "debugger",
-  review: "code reviewer",
-  refactor: "architect",
-  test: "test engineer",
-  docs: "technical writer",
-  feature: "engineer",
-  architecture: "systems architect",
-  "simple-edit": "engineer"
-};
-var COT_STEPS = {
-  debug: [
-    "**Reproduce** \u2014 Understand the exact symptom and when it occurs",
-    "**Hypothesize** \u2014 List the most likely root causes (max 3)",
-    "**Verify** \u2014 Check each hypothesis against the code",
-    "**Fix** \u2014 Apply the minimal fix that addresses the root cause",
-    "**Validate** \u2014 Explain why the fix works and what edge cases it covers"
-  ],
-  review: [
-    "**Understand** \u2014 Read the code and understand its purpose",
-    "**Assess** \u2014 Evaluate correctness, readability, performance, security",
-    "**Prioritize** \u2014 Rank issues by severity (critical > major > minor)",
-    "**Suggest** \u2014 Provide concrete, actionable improvements with code"
-  ],
-  refactor: [
-    "**Analyze** \u2014 Identify code smells and structural issues",
-    "**Plan** \u2014 Define the target structure before changing anything",
-    "**Preserve** \u2014 Ensure behavior doesn't change",
-    "**Refactor** \u2014 Apply changes incrementally",
-    "**Verify** \u2014 Confirm all existing tests still pass"
-  ],
-  test: [
-    "**Identify** \u2014 What needs testing? (happy path, edge cases, errors)",
-    "**Structure** \u2014 Use AAA pattern: Arrange, Act, Assert",
-    "**Cover** \u2014 Test boundaries, null/undefined, async errors",
-    "**Isolate** \u2014 Mock external dependencies, test units independently"
-  ],
-  docs: [
-    "**Read** \u2014 Understand the code before documenting",
-    "**Structure** \u2014 Organize by audience (API users, contributors, operators)",
-    "**Write** \u2014 Clear, concise, with examples"
-  ],
-  feature: [
-    "**Clarify** \u2014 Restate the requirement in your own words",
-    "**Design** \u2014 Plan the approach (types, interfaces, flow)",
-    "**Implement** \u2014 Build incrementally, starting with types",
-    "**Test** \u2014 Write tests alongside implementation",
-    "**Integrate** \u2014 Ensure no regressions"
-  ],
-  architecture: [
-    "**Context** \u2014 Understand current architecture and constraints",
-    "**Options** \u2014 Present 2-3 viable approaches with trade-offs",
-    "**Recommend** \u2014 Choose the best and explain why",
-    "**Plan** \u2014 Define migration steps",
-    "**Risks** \u2014 Identify risks and mitigation strategies"
-  ],
-  "simple-edit": [
-    "**Understand** \u2014 Read the relevant code",
-    "**Plan** \u2014 Think before writing",
-    "**Implement** \u2014 Write clean, well-typed code",
-    "**Verify** \u2014 Check for edge cases"
-  ]
-};
-function makeSection(id, role, content) {
-  const tokens = countTokensChars4(Buffer.byteLength(content, "utf-8"));
-  return { id, role, content, tokens };
-}
-
-// src/govern/audit.ts
-import { randomUUID, createHash as createHash3 } from "crypto";
-import { readdir, chmod } from "fs/promises";
-import { join as join2 } from "path";
-import { userInfo } from "os";
-import { homedir } from "os";
-var CTO_DIR = ".cto-ai";
-var AUDIT_DIR = "audit";
-var MAX_ENTRIES_PER_FILE = 500;
-function getAuditDir() {
-  return join2(homedir(), CTO_DIR, AUDIT_DIR);
-}
-function getCurrentAuditFile() {
-  const date = (/* @__PURE__ */ new Date()).toISOString().split("T")[0].replace(/-/g, "");
-  return join2(getAuditDir(), `audit_${date}.json`);
-}
-function computeIntegrityHash(entry) {
-  const payload = JSON.stringify({
-    id: entry.id,
-    timestamp: entry.timestamp,
-    action: entry.action,
-    user: entry.user,
-    projectPath: entry.projectPath,
-    details: entry.details
-  });
-  return createHash3("sha256").update(payload).digest("hex");
-}
-async function ensureDir(dirPath) {
-  const { mkdir } = await import("fs/promises");
-  await mkdir(dirPath, { recursive: true });
-}
-async function readJSON(filePath) {
-  const { readFile: readFile4 } = await import("fs/promises");
-  try {
-    const content = await readFile4(filePath, "utf-8");
-    return JSON.parse(content);
-  } catch {
-    return null;
-  }
-}
-async function writeJSON(filePath, data) {
-  const { writeFile: writeFile2 } = await import("fs/promises");
-  await ensureDir(join2(filePath, ".."));
-  await writeFile2(filePath, JSON.stringify(data, null, 2), "utf-8");
-}
-async function logAudit(action, projectPath, details = {}) {
-  const auditDir = getAuditDir();
-  await ensureDir(auditDir);
-  let currentUser;
-  try {
-    currentUser = userInfo().username;
-  } catch {
-    currentUser = process.env.USER ?? process.env.USERNAME ?? "unknown";
-  }
-  const partialEntry = {
-    id: randomUUID().substring(0, 12),
-    timestamp: /* @__PURE__ */ new Date(),
-    action,
-    user: currentUser,
-    projectPath,
-    details
-  };
-  const entry = {
-    ...partialEntry,
-    integrityHash: computeIntegrityHash(partialEntry)
-  };
-  const auditFile = getCurrentAuditFile();
-  let entries = await readJSON(auditFile) ?? [];
-  entries.push(entry);
-  if (entries.length > MAX_ENTRIES_PER_FILE) {
-    entries = entries.slice(-MAX_ENTRIES_PER_FILE);
-  }
-  await writeJSON(auditFile, entries);
-  try {
-    await chmod(auditFile, 384);
-  } catch {
-  }
-  return entry;
-}
-
-// src/interact/orchestrator.ts
-async function planInteraction(input) {
-  const {
-    task,
-    analysis,
-    budget = 5e4,
-    model: preferredModel,
-    policies,
-    depth = 2,
-    enableCoT = true,
-    enableConstraints = true,
-    enableAntiHallucination = true
-  } = input;
-  const decisions = [];
-  const taskType = classifyTask(task);
-  decisions.push({
-    step: "classify",
-    decision: taskType,
-    reason: `Task classified as "${taskType}" based on keyword analysis`,
-    data: { task, taskType }
-  });
-  const context = await selectContext({
-    task,
-    analysis,
-    budget,
-    policies,
-    depth
-  });
-  decisions.push({
-    step: "select-context",
-    decision: `${context.files.length} files selected (${context.totalTokens} tokens)`,
-    reason: `Coverage: ${context.coverage.score}%, Risk: ${context.riskScore}/100`,
-    data: {
-      filesIncluded: context.files.length,
-      tokensUsed: context.totalTokens,
-      budget,
-      coverage: context.coverage.score,
-      risk: context.riskScore
-    }
-  });
-  const modelChoice = routeModel(taskType, analysis, preferredModel);
-  decisions.push({
-    step: "choose-model",
-    decision: modelChoice.model,
-    reason: modelChoice.reason,
-    data: {
-      confidence: modelChoice.confidence,
-      alternatives: modelChoice.alternatives.length
-    }
-  });
-  const prompt = buildPrompt({
-    task,
-    taskType,
-    analysis,
-    selection: context,
-    enableCoT,
-    enableConstraints,
-    enableAntiHallucination
-  });
-  decisions.push({
-    step: "build-prompt",
-    decision: `${prompt.sections.length} sections, ${prompt.totalTokens} tokens`,
-    reason: `Sections: ${prompt.sections.map((s) => s.id).join(", ")}`
-  });
-  const cost = estimateCost(
-    modelChoice.model,
-    context.totalTokens + prompt.totalTokens,
-    analysis.totalTokens
-  );
-  decisions.push({
-    step: "estimate-cost",
-    decision: cost.formatted,
-    reason: cost.savings.formatted,
-    data: {
-      inputTokens: cost.inputTokens,
-      totalCost: cost.totalCost,
-      savings: cost.savings.percent
-    }
-  });
-  const plan = {
-    id: randomUUID2().substring(0, 8),
-    task,
-    taskType,
-    timestamp: /* @__PURE__ */ new Date(),
-    context,
-    model: modelChoice,
-    prompt,
-    cost,
-    decisions
-  };
-  try {
-    await logAudit("interact", analysis.projectPath, {
-      interactionId: plan.id,
-      task,
-      taskType,
-      contextHash: context.hash,
-      filesIncluded: context.files.length,
-      filesExcluded: analysis.totalFiles - context.files.length,
-      tokensUsed: context.totalTokens,
-      coverageScore: context.coverage.score,
-      riskScore: context.riskScore,
-      model: modelChoice.model,
-      estimatedCost: cost.totalCost
-    });
-  } catch {
-  }
-  return plan;
-}
-export {
-  MODEL_REGISTRY,
-  buildPrompt,
-  classifyTask,
-  estimateCost,
-  getModelSpec,
-  planInteraction,
-  routeModel
-};
-//# sourceMappingURL=index.js.map