depwire-cli 1.0.5 → 1.0.7

package/dist/{chunk-SPZNB7BS.js → chunk-SLGC72RW.js}

@@ -35,8 +35,9 @@ function scanDirectory(rootDir, baseDir = rootDir) {
         const isCpp = entry.endsWith(".cpp") || entry.endsWith(".cc") || entry.endsWith(".cxx") || entry.endsWith(".c++") || entry.endsWith(".hpp") || entry.endsWith(".hh") || entry.endsWith(".hxx") || entry.endsWith(".h++") || entry.endsWith(".h") || entry.endsWith(".inl") || entry.endsWith(".ipp");
         const isCSharp = entry.endsWith(".cs") || entry.endsWith(".csx") || entry.endsWith(".csproj");
         const isJava = entry.endsWith(".java") || entry === "pom.xml" || entry === "build.gradle" || entry === "build.gradle.kts";
+        const isKotlin = entry.endsWith(".kt") || entry.endsWith(".kts") || entry === "settings.gradle.kts" || entry === "settings.gradle";
         const isCppBuild = entry === "CMakeLists.txt" || entry === "conanfile.txt" || entry === "vcpkg.json";
-        if (isTypeScript || isJavaScript || isPython || isGo || isRust || isC || isCpp || isCSharp || isJava || isCppBuild) {
+        if (isTypeScript || isJavaScript || isPython || isGo || isRust || isC || isCpp || isCSharp || isJava || isKotlin || isCppBuild) {
           files.push(relative(rootDir, fullPath));
         }
       }
@@ -78,6 +79,8 @@ function findProjectRoot(startDir = process.cwd()) {
     // Java (Maven)
     "build.gradle",
     // Java (Gradle)
+    "build.gradle.kts",
+    // Kotlin (Gradle KTS)
     ".git"
     // Any git repo
   ];
@@ -111,11 +114,11 @@ function findProjectRoot(startDir = process.cwd()) {
 }
 
 // src/parser/index.ts
-import { readFileSync as readFileSync8, statSync as statSync5 } from "fs";
-import { join as join11, resolve as resolve5 } from "path";
+import { readFileSync as readFileSync9, statSync as statSync6 } from "fs";
+import { join as join12, resolve as resolve6 } from "path";
 
 // src/parser/detect.ts
-import { extname as extname6, basename as basename4 } from "path";
+import { extname as extname7, basename as basename5 } from "path";
 
 // src/parser/wasm-init.ts
 import { Parser, Language } from "web-tree-sitter";
@@ -145,7 +148,8 @@ async function initParser() {
     "c": "tree-sitter-c.wasm",
     "c_sharp": "tree-sitter-c_sharp.wasm",
     "java": "tree-sitter-java.wasm",
-    "cpp": "tree-sitter-cpp.wasm"
+    "cpp": "tree-sitter-cpp.wasm",
+    "kotlin": "tree-sitter-kotlin.wasm"
   };
   for (const [name, file] of Object.entries(grammarFiles)) {
     const wasmPath = path.join(grammarsDir, file);
@@ -4907,24 +4911,722 @@ function getCurrentSymbolId9(context) {
   if (context.currentScope.length === 0) return null;
   return `${context.filePath}::${context.currentScope[context.currentScope.length - 1]}`;
 }
-var cppParser = {
-  name: "cpp",
-  extensions: [
-    ".cpp",
-    ".cc",
-    ".cxx",
-    ".c++",
-    ".hpp",
-    ".hh",
-    ".hxx",
-    ".h++",
-    ".inl",
-    ".ipp",
-    "CMakeLists.txt",
-    "conanfile.txt",
-    "vcpkg.json"
-  ],
-  parseFile: parseCppFile
+var cppParser = {
+  name: "cpp",
+  extensions: [
+    ".cpp",
+    ".cc",
+    ".cxx",
+    ".c++",
+    ".hpp",
+    ".hh",
+    ".hxx",
+    ".h++",
+    ".inl",
+    ".ipp",
+    "CMakeLists.txt",
+    "conanfile.txt",
+    "vcpkg.json"
+  ],
+  parseFile: parseCppFile
+};
+
+// src/parser/kotlin.ts
+import { dirname as dirname10, join as join11, basename as basename4 } from "path";
+import { existsSync as existsSync11, readdirSync as readdirSync8, statSync as statSync5 } from "fs";
+function parseKotlinFile(filePath, sourceCode, projectRoot) {
+  if (filePath.endsWith("build.gradle.kts")) {
+    return parseGradleBuild2(filePath, sourceCode, projectRoot);
+  }
+  if (filePath.endsWith("build.gradle")) {
+    return parseGradleBuild2(filePath, sourceCode, projectRoot);
+  }
+  if (filePath.endsWith("settings.gradle.kts") || filePath.endsWith("settings.gradle")) {
+    return parseSettingsGradle(filePath, sourceCode, projectRoot);
+  }
+  const parser = getParser("kotlin");
+  const tree = parser.parse(sourceCode, null, { bufferSize: 1024 * 1024 });
+  const context = {
+    filePath,
+    projectRoot,
+    sourceCode,
+    symbols: [],
+    edges: [],
+    currentScope: [],
+    currentClass: null,
+    currentPackage: null,
+    imports: /* @__PURE__ */ new Map(),
+    isBuildFile: false,
+    isScriptFile: filePath.endsWith(".kts")
+  };
+  walkNode10(tree.rootNode, context);
+  return {
+    filePath,
+    symbols: context.symbols,
+    edges: context.edges
+  };
+}
+function walkNode10(node, context) {
+  processNode10(node, context);
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (child) {
+      walkNode10(child, context);
+    }
+  }
+}
+function processNode10(node, context) {
+  switch (node.type) {
+    case "package_header":
+      processPackageHeader(node, context);
+      break;
+    case "import_header":
+      processImportHeader(node, context);
+      break;
+    case "class_declaration":
+      processClassDeclaration5(node, context);
+      break;
+    case "object_declaration":
+      processObjectDeclaration(node, context);
+      break;
+    case "companion_object":
+      processCompanionObject(node, context);
+      break;
+    case "function_declaration":
+      processFunctionDeclaration4(node, context);
+      break;
+    case "property_declaration":
+      processPropertyDeclaration2(node, context);
+      break;
+    case "secondary_constructor":
+      processSecondaryConstructor(node, context);
+      break;
+    case "type_alias":
+      processTypeAlias(node, context);
+      break;
+    case "call_expression":
+      processCallExpression10(node, context);
+      break;
+    case "navigation_expression":
+      processNavigationExpression(node, context);
+      break;
+  }
+}
+function processPackageHeader(node, context) {
+  const ident = findDescendantByTypes2(node, ["identifier"]);
+  if (!ident) return;
+  const name = nodeText9(ident, context);
+  const symbolId = `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "module",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: true
+  });
+  context.currentPackage = name;
+}
+function processImportHeader(node, context) {
+  const ident = findDescendantByTypes2(node, ["identifier"]);
+  if (!ident) return;
+  let importPath = nodeText9(ident, context);
+  const text = nodeText9(node, context).trim();
+  const isWildcard = text.endsWith(".*");
+  if (isWildcard && !importPath.endsWith(".*")) {
+    importPath = importPath + ".*";
+  }
+  const aliasMatch = text.match(/\bas\s+(\w+)/);
+  const alias = aliasMatch ? aliasMatch[1] : null;
+  const resolvedPath = resolveKotlinImport(importPath, context.filePath, context.projectRoot);
+  if (resolvedPath) {
+    const sourceId = `${context.filePath}::__file__`;
+    const targetId = `${resolvedPath}::__file__`;
+    context.edges.push({
+      source: sourceId,
+      target: targetId,
+      kind: "imports",
+      filePath: context.filePath,
+      line: node.startPosition.row + 1
+    });
+    const parts = importPath.replace(/\.\*$/, "").split(".");
+    if (!isWildcard) {
+      const simpleName = alias || parts[parts.length - 1];
+      context.imports.set(simpleName, `${resolvedPath}::${parts[parts.length - 1]}`);
+    }
+  }
+  const symbolId = `${context.filePath}::import:${importPath}`;
+  context.symbols.push({
+    id: symbolId,
+    name: importPath,
+    kind: "import",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: false
+  });
+}
+function processClassDeclaration5(node, context) {
+  const nameNode = findChildByType10(node, "type_identifier");
+  if (!nameNode) return;
+  let name = nodeText9(nameNode, context);
+  const angleBracketIdx = name.indexOf("<");
+  if (angleBracketIdx > 0) {
+    name = name.substring(0, angleBracketIdx);
+  }
+  const text = nodeText9(node, context);
+  const modifiers = getModifiers(node, context);
+  let kind = "class";
+  if (text.match(/\binterface\b/) && !text.match(/\bfun\s+interface\b/)) {
+    kind = "interface";
+  } else if (text.match(/\benum\s+class\b/)) {
+    kind = "enum";
+  } else if (text.match(/\bannotation\s+class\b/)) {
+    kind = "interface";
+  }
+  const exported = modifiers.includes("public") || modifiers.includes("internal") || !modifiers.includes("private") && !modifiers.includes("protected");
+  const scope = context.currentClass || void 0;
+  const symbolId = `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind,
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported,
+    scope
+  });
+  const delegationSpecifiers = findChildByType10(node, "delegation_specifiers");
+  if (delegationSpecifiers) {
+    processDelegationSpecifiers(delegationSpecifiers, symbolId, context);
+  }
+  if (kind === "enum") {
+    processEnumEntries(node, name, context);
+  }
+  const oldClass = context.currentClass;
+  context.currentClass = name;
+  context.currentScope.push(name);
+  const body = findChildByType10(node, "class_body") || findChildByType10(node, "enum_class_body");
+  if (body) {
+    walkNode10(body, context);
+  }
+  context.currentScope.pop();
+  context.currentClass = oldClass;
+}
+function processObjectDeclaration(node, context) {
+  const nameNode = findChildByType10(node, "type_identifier");
+  if (!nameNode) return;
+  const name = nodeText9(nameNode, context);
+  const modifiers = getModifiers(node, context);
+  const exported = !modifiers.includes("private");
+  const scope = context.currentClass || void 0;
+  const symbolId = `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "class",
+    // Objects are singletons, map to class
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported,
+    scope
+  });
+  const delegationSpecifiers = findChildByType10(node, "delegation_specifiers");
+  if (delegationSpecifiers) {
+    processDelegationSpecifiers(delegationSpecifiers, symbolId, context);
+  }
+  const oldClass = context.currentClass;
+  context.currentClass = name;
+  context.currentScope.push(name);
+  const body = findChildByType10(node, "class_body");
+  if (body) {
+    walkNode10(body, context);
+  }
+  context.currentScope.pop();
+  context.currentClass = oldClass;
+}
+function processCompanionObject(node, context) {
+  const nameNode = findChildByType10(node, "type_identifier");
+  const name = nameNode ? nodeText9(nameNode, context) : "Companion";
+  const scope = context.currentClass || void 0;
+  const symbolId = scope ? `${context.filePath}::${scope}.${name}` : `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "class",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: true,
+    scope
+  });
+  const oldClass = context.currentClass;
+  context.currentClass = scope ? `${scope}.${name}` : name;
+  context.currentScope.push(context.currentClass);
+  const body = findChildByType10(node, "class_body");
+  if (body) {
+    walkNode10(body, context);
+  }
+  context.currentScope.pop();
+  context.currentClass = oldClass;
+}
+function processDelegationSpecifiers(node, sourceId, context) {
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (!child) continue;
+    const typeName = extractTypeName5(child, context);
+    if (typeName) {
+      const baseId = resolveSymbol9(typeName, context);
+      if (baseId) {
+        const edgeKind = typeName.startsWith("I") && typeName.length > 1 && typeName[1] === typeName[1].toUpperCase() ? "implements" : "inherits";
+        context.edges.push({
+          source: sourceId,
+          target: baseId,
+          kind: edgeKind,
+          filePath: context.filePath,
+          line: child.startPosition.row + 1
+        });
+      }
+    }
+  }
+}
+function processEnumEntries(node, enumName, context) {
+  const body = findChildByType10(node, "enum_class_body");
+  if (!body) return;
+  const entries = findChildrenByType4(body, "enum_entry");
+  for (const entry of entries) {
+    const nameNode = findChildByType10(entry, "simple_identifier");
+    if (!nameNode) continue;
+    const constName = nodeText9(nameNode, context);
+    const constId = `${context.filePath}::${enumName}.${constName}`;
+    context.symbols.push({
+      id: constId,
+      name: constName,
+      kind: "constant",
+      filePath: context.filePath,
+      startLine: entry.startPosition.row + 1,
+      endLine: entry.endPosition.row + 1,
+      exported: true,
+      scope: enumName
+    });
+  }
+}
+function processFunctionDeclaration4(node, context) {
+  const nameNode = findChildByType10(node, "simple_identifier");
+  if (!nameNode) return;
+  const name = nodeText9(nameNode, context);
+  const modifiers = getModifiers(node, context);
+  const exported = !modifiers.includes("private");
+  const scope = context.currentClass || void 0;
+  const text = nodeText9(node, context);
+  const isExtension = text.match(/fun\s+[\w.<>, ]+\./) !== null;
+  const symbolId = scope ? `${context.filePath}::${scope}.${name}` : `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: context.currentClass ? "method" : "function",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported,
+    scope
+  });
+  const scopeName = scope ? `${scope}.${name}` : name;
+  context.currentScope.push(scopeName);
+  const body = findChildByType10(node, "function_body");
+  if (body) {
+    walkNode10(body, context);
+  }
+  context.currentScope.pop();
+}
+function processPropertyDeclaration2(node, context) {
+  const varDecl = findChildByType10(node, "variable_declaration");
+  if (!varDecl) return;
+  const nameNode = findChildByType10(varDecl, "simple_identifier");
+  if (!nameNode) return;
+  const name = nodeText9(nameNode, context);
+  const modifiers = getModifiers(node, context);
+  const exported = !modifiers.includes("private");
+  const scope = context.currentClass || void 0;
+  const text = nodeText9(node, context);
+  const isConst = modifiers.includes("const") || text.match(/\bval\b/) !== null && text.match(/\bconst\b/) !== null;
+  const symbolId = scope ? `${context.filePath}::${scope}.${name}` : `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: isConst ? "constant" : "property",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported,
+    scope
+  });
+}
+function processSecondaryConstructor(node, context) {
+  const scope = context.currentClass || void 0;
+  if (!scope) return;
+  const name = "constructor";
+  const symbolId = `${context.filePath}::${scope}.${name}:${node.startPosition.row + 1}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "method",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: true,
+    scope
+  });
+  const scopeName = `${scope}.${name}`;
+  context.currentScope.push(scopeName);
+  const body = findChildByType10(node, "function_body");
+  if (body) {
+    walkNode10(body, context);
+  }
+  context.currentScope.pop();
+}
+function processTypeAlias(node, context) {
+  const nameNode = findChildByType10(node, "type_identifier");
+  if (!nameNode) return;
+  const name = nodeText9(nameNode, context);
+  const symbolId = `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "type_alias",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: true
+  });
+}
+function processCallExpression10(node, context) {
+  if (context.currentScope.length === 0) return;
+  const firstChild = node.child(0);
+  if (!firstChild) return;
+  let calleeName = null;
+  if (firstChild.type === "simple_identifier") {
+    calleeName = nodeText9(firstChild, context);
+  } else if (firstChild.type === "navigation_expression") {
+    const suffix = findChildByType10(firstChild, "navigation_suffix");
+    if (suffix) {
+      const ident = findChildByType10(suffix, "simple_identifier");
+      if (ident) calleeName = nodeText9(ident, context);
+    }
+    if (!calleeName) {
+      for (let i = firstChild.childCount - 1; i >= 0; i--) {
+        const child = firstChild.child(i);
+        if (child && child.type === "simple_identifier") {
+          calleeName = nodeText9(child, context);
+          break;
+        }
+      }
+    }
+  }
+  if (!calleeName) return;
+  const builtins = /* @__PURE__ */ new Set([
+    "println",
+    "print",
+    "toString",
+    "equals",
+    "hashCode",
+    "let",
+    "apply",
+    "also",
+    "run",
+    "with",
+    "takeIf",
+    "takeUnless",
+    "repeat",
+    "require",
+    "check",
+    "error",
+    "TODO",
+    "listOf",
+    "mapOf",
+    "setOf",
+    "arrayOf",
+    "mutableListOf",
+    "mutableMapOf",
+    "mutableSetOf",
+    "emptyList",
+    "emptyMap",
+    "emptySet",
+    "to",
+    "Pair",
+    "Triple",
+    "lazy",
+    "synchronized",
+    "map",
+    "filter",
+    "forEach",
+    "flatMap",
+    "fold",
+    "reduce",
+    "any",
+    "all",
+    "none",
+    "find",
+    "first",
+    "last",
+    "count",
+    "sum",
+    "average",
+    "sortedBy",
+    "groupBy",
+    "associate",
+    "zip",
+    "joinToString",
+    "getOrDefault",
+    "getOrElse",
+    "getOrPut",
+    "contains",
+    "containsKey",
+    "add",
+    "remove",
+    "clear",
+    "size",
+    "isEmpty",
+    "isNotEmpty"
+  ]);
+  if (builtins.has(calleeName)) return;
+  const callerId = getCurrentSymbolId10(context);
+  if (!callerId) return;
+  const calleeId = resolveSymbol9(calleeName, context);
+  if (calleeId) {
+    context.edges.push({
+      source: callerId,
+      target: calleeId,
+      kind: "calls",
+      filePath: context.filePath,
+      line: node.startPosition.row + 1
+    });
+  }
+}
+function processNavigationExpression(node, context) {
+}
+function parseGradleBuild2(filePath, sourceCode, projectRoot) {
+  const symbols = [];
+  const edges = [];
+  const lines = sourceCode.split("\n");
+  const projectName = basename4(dirname10(join11(projectRoot, filePath)));
+  symbols.push({
+    id: `${filePath}::${projectName}`,
+    name: projectName,
+    kind: "module",
+    filePath,
+    startLine: 1,
+    endLine: lines.length,
+    exported: true
+  });
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i].trim();
+    const lineNum = i + 1;
+    const depMatch = line.match(
+      /(?:implementation|api|compileOnly|runtimeOnly|testImplementation|testRuntimeOnly|kapt|ksp|annotationProcessor)\s*[\(]?\s*['"]([^'"]+)['"]\s*[\)]?/
+    );
+    if (depMatch) {
+      const depCoord = depMatch[1];
+      if (!depCoord.startsWith(":")) {
+        symbols.push({
+          id: `${filePath}::dep:${depCoord}`,
+          name: depCoord,
+          kind: "import",
+          filePath,
+          startLine: lineNum,
+          endLine: lineNum,
+          exported: false
+        });
+      }
+    }
+    const projectMatch = line.match(/project\s*\(\s*['":]+([^'")\s]+)['"]*\s*\)/);
+    if (projectMatch) {
+      const moduleName = projectMatch[1].replace(/^:/, "");
+      const candidates = [
+        join11(moduleName, "build.gradle.kts"),
+        join11(moduleName, "build.gradle")
+      ];
+      for (const candidate of candidates) {
+        if (existsSync11(join11(projectRoot, candidate))) {
+          edges.push({
+            source: `${filePath}::__file__`,
+            target: `${candidate}::__file__`,
+            kind: "imports",
+            filePath,
+            line: lineNum
+          });
+          break;
+        }
+      }
+    }
+  }
+  return { filePath, symbols, edges };
+}
+function parseSettingsGradle(filePath, sourceCode, projectRoot) {
+  const symbols = [];
+  const edges = [];
+  const lines = sourceCode.split("\n");
+  symbols.push({
+    id: `${filePath}::settings`,
+    name: "settings",
+    kind: "module",
+    filePath,
+    startLine: 1,
+    endLine: lines.length,
+    exported: true
+  });
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i].trim();
+    const lineNum = i + 1;
+    const includeMatches = line.matchAll(/['"]:([^'"]+)['"]/g);
+    for (const match of includeMatches) {
+      const moduleName = match[1];
+      const candidates = [
+        join11(moduleName, "build.gradle.kts"),
+        join11(moduleName, "build.gradle")
+      ];
+      for (const candidate of candidates) {
+        if (existsSync11(join11(projectRoot, candidate))) {
+          edges.push({
+            source: `${filePath}::__file__`,
+            target: `${candidate}::__file__`,
+            kind: "imports",
+            filePath,
+            line: lineNum
+          });
+          break;
+        }
+      }
+    }
+  }
+  return { filePath, symbols, edges };
+}
+function resolveKotlinImport(importPath, currentFile, projectRoot) {
+  const cleanPath2 = importPath.replace(/\.\*$/, "");
+  const parts = cleanPath2.split(".");
+  const className = parts[parts.length - 1];
+  const packagePath = parts.slice(0, -1).join("/");
+  const sourceRoots = [
+    "",
+    "src/main/kotlin",
+    "src/main/java",
+    // Kotlin can live in java source dirs
+    "src",
+    "app/src/main/kotlin",
+    "app/src/main/java"
+  ];
+  for (const root of sourceRoots) {
+    for (const ext of [".kt", ".java"]) {
+      const filePath = packagePath ? join11(packagePath, className + ext) : className + ext;
+      const candidate = root ? join11(root, filePath) : filePath;
+      const fullPath = join11(projectRoot, candidate);
+      if (existsSync11(fullPath)) {
+        return candidate;
+      }
+    }
+  }
+  if (importPath.endsWith(".*")) {
+    const dirPath = cleanPath2.replace(/\./g, "/");
+    for (const root of sourceRoots) {
+      const candidate = root ? join11(root, dirPath) : dirPath;
+      const fullPath = join11(projectRoot, candidate);
+      if (existsSync11(fullPath)) {
+        try {
+          const stats = statSync5(fullPath);
+          if (stats.isDirectory()) {
+            const ktFiles = readdirSync8(fullPath).filter((f) => f.endsWith(".kt"));
+            if (ktFiles.length > 0) {
+              return join11(candidate, ktFiles[0]);
+            }
+          }
+        } catch {
+        }
+      }
+    }
+  }
+  return null;
+}
+function resolveSymbol9(name, context) {
+  if (context.imports.has(name)) {
+    return context.imports.get(name) || null;
+  }
+  const currentFileId = `${context.filePath}::${name}`;
+  if (context.symbols.find((s) => s.id === currentFileId)) {
+    return currentFileId;
+  }
+  if (context.currentClass) {
+    const classMethodId = `${context.filePath}::${context.currentClass}.${name}`;
+    if (context.symbols.find((s) => s.id === classMethodId)) {
+      return classMethodId;
+    }
+  }
+  return null;
+}
+function getModifiers(node, context) {
+  const modifiers = [];
+  const modList = findChildByType10(node, "modifiers");
+  if (modList) {
+    for (let i = 0; i < modList.childCount; i++) {
+      const child = modList.child(i);
+      if (child) {
+        const text = nodeText9(child, context).trim();
+        if (text) modifiers.push(text);
+      }
+    }
+  }
+  return modifiers;
+}
+function extractTypeName5(node, context) {
+  const text = nodeText9(node, context).trim();
+  if (!text || text === "," || text === ":") return null;
+  let name = text;
+  const angleBracketIdx = name.indexOf("<");
+  if (angleBracketIdx > 0) name = name.substring(0, angleBracketIdx);
+  const parenIdx = name.indexOf("(");
+  if (parenIdx > 0) name = name.substring(0, parenIdx);
+  const dotIdx = name.lastIndexOf(".");
+  name = dotIdx >= 0 ? name.substring(dotIdx + 1) : name;
+  return name.trim() || null;
+}
+function findChildByType10(node, type) {
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (child && child.type === type) return child;
+  }
+  return null;
+}
+function findChildrenByType4(node, type) {
+  const results = [];
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (child && child.type === type) results.push(child);
+  }
+  return results;
+}
+function findDescendantByTypes2(node, types) {
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (!child) continue;
+    if (types.includes(child.type)) return child;
+    const found = findDescendantByTypes2(child, types);
+    if (found) return found;
+  }
+  return null;
+}
+function nodeText9(node, context) {
+  return context.sourceCode.substring(node.startIndex, node.endIndex);
+}
+function getCurrentSymbolId10(context) {
+  if (context.currentScope.length === 0) return null;
+  return `${context.filePath}::${context.currentScope[context.currentScope.length - 1]}`;
+}
+var kotlinParser = {
+  name: "kotlin",
+  extensions: [".kt", ".kts", "build.gradle.kts", "settings.gradle.kts", "settings.gradle"],
+  parseFile: parseKotlinFile
 };
 
 // src/parser/detect.ts
@@ -4937,12 +5639,13 @@ var parsers = [
   cParser,
   csharpParser,
   javaParser,
-  cppParser
+  cppParser,
+  kotlinParser
 ];
 var CPP_KEYWORDS = /\b(?:class|namespace|template|public:|private:|protected:|virtual|nullptr|constexpr|auto\s+\w+\s*=|using\s+\w+\s*=|static_cast|dynamic_cast|reinterpret_cast|const_cast|noexcept|override|final|decltype|concept|requires|co_await|co_yield|co_return|std::)\b/;
 function getParserForFile(filePath, content) {
-  const ext = extname6(filePath).toLowerCase();
-  const fileName = basename4(filePath);
+  const ext = extname7(filePath).toLowerCase();
+  const fileName = basename5(filePath);
   if (ext === ".h" && content) {
     if (CPP_KEYWORDS.test(content)) {
       return cppParser;
@@ -4960,7 +5663,7 @@ import { minimatch } from "minimatch";
 var MAX_FILE_SIZE = 1e6;
 function shouldParseFile(fullPath) {
   try {
-    const stats = statSync5(fullPath);
+    const stats = statSync6(fullPath);
     if (stats.size > MAX_FILE_SIZE) {
       console.error(`[Parser] Skipping ${fullPath} \u2014 file too large (${(stats.size / 1024).toFixed(0)}KB)`);
       return false;
@@ -4978,8 +5681,8 @@ async function parseProject(projectRoot, options) {
   let errorFiles = 0;
   for (const file of files) {
     try {
-      const fullPath = join11(projectRoot, file);
-      if (!resolve5(fullPath).startsWith(resolve5(projectRoot))) {
+      const fullPath = join12(projectRoot, file);
+      if (!resolve6(fullPath).startsWith(resolve6(projectRoot))) {
         skippedFiles++;
         continue;
       }
@@ -5002,7 +5705,7 @@ async function parseProject(projectRoot, options) {
       if (options?.verbose) {
         console.error(`[Parser] Parsing: ${file}`);
       }
-      const sourceCode = readFileSync8(fullPath, "utf-8");
+      const sourceCode = readFileSync9(fullPath, "utf-8");
       const parser = getParserForFile(file, sourceCode);
       if (!parser) {
         console.error(`No parser found for file: ${file}`);
@@ -5031,8 +5734,8 @@ async function parseProject(projectRoot, options) {
 }
 
 // src/cross-language/detectors/rest-api.ts
-import { readFileSync as readFileSync9 } from "fs";
-import { join as join12, resolve as resolve6 } from "path";
+import { readFileSync as readFileSync10 } from "fs";
+import { join as join13, resolve as resolve7 } from "path";
 function getLanguage(filePath) {
   if (filePath.endsWith(".ts") || filePath.endsWith(".tsx")) return "typescript";
   if (filePath.endsWith(".js") || filePath.endsWith(".jsx") || filePath.endsWith(".mjs") || filePath.endsWith(".cjs")) return "javascript";
@@ -5040,6 +5743,7 @@ function getLanguage(filePath) {
   if (filePath.endsWith(".go")) return "go";
   if (filePath.endsWith(".cs") || filePath.endsWith(".csx")) return "csharp";
   if (filePath.endsWith(".java")) return "java";
+  if (filePath.endsWith(".kt") || filePath.endsWith(".kts")) return "kotlin";
   if (filePath.endsWith(".cpp") || filePath.endsWith(".cc") || filePath.endsWith(".cxx") || filePath.endsWith(".c++") || filePath.endsWith(".hpp") || filePath.endsWith(".hh") || filePath.endsWith(".hxx") || filePath.endsWith(".h++") || filePath.endsWith(".h") || filePath.endsWith(".inl") || filePath.endsWith(".ipp")) return "cpp";
   return "unknown";
 }
@@ -5294,6 +5998,110 @@ function extractRouteDefinitions(source, filePath) {
         });
       }
     }
+    if (lang === "kotlin") {
+      const springMethodMatch = line.match(/@(Get|Post|Put|Delete|Patch)Mapping\s*\(\s*(?:value\s*=\s*)?["']([^"']+)["']/);
+      if (springMethodMatch) {
+        const method = springMethodMatch[1].toUpperCase();
+        let path6 = springMethodMatch[2];
+        const classPrefix = findClassLevelPrefix(source);
+        if (classPrefix) path6 = classPrefix + path6;
+        if (!path6.startsWith("/")) path6 = "/" + path6;
+        routes.push({
+          method,
+          path: path6,
+          normalizedPath: normalizePath(path6),
+          file: filePath,
+          line: i + 1
+        });
+      }
+      if (!springMethodMatch) {
+        const springNoPathMatch = line.match(/@(Get|Post|Put|Delete|Patch)Mapping\s*$/);
+        if (springNoPathMatch) {
+          const method = springNoPathMatch[1].toUpperCase();
+          const classPrefix = findClassLevelPrefix(source);
+          if (classPrefix) {
+            routes.push({
+              method,
+              path: classPrefix,
+              normalizedPath: normalizePath(classPrefix),
+              file: filePath,
+              line: i + 1
+            });
+          }
+        }
+      }
+      const requestMappingMatch = line.match(/@RequestMapping\s*\(\s*(?:value\s*=\s*(?:\[)?\s*)?["']([^"']+)["']/);
+      if (requestMappingMatch) {
+        let path6 = requestMappingMatch[1];
+        if (!path6.startsWith("/")) path6 = "/" + path6;
+        const methodMatch = line.match(/method\s*=\s*\[?\s*RequestMethod\.(\w+)/);
+        const method = methodMatch ? methodMatch[1].toUpperCase() : "ANY";
+        routes.push({
+          method,
+          path: path6,
+          normalizedPath: normalizePath(path6),
+          file: filePath,
+          line: i + 1
+        });
+      }
+      const ktorMatch = line.match(/\b(get|post|put|delete|patch|head|options)\s*\(\s*["']([^"']+)["']\s*\)/);
+      if (ktorMatch) {
+        const path6 = ktorMatch[2];
+        if (path6.startsWith("/")) {
+          routes.push({
+            method: ktorMatch[1].toUpperCase(),
+            path: path6,
+            normalizedPath: normalizePath(path6),
+            file: filePath,
+            line: i + 1
+          });
+        }
+      }
+      const ktorRouteMatch = line.match(/\broute\s*\(\s*["']([^"']+)["']\s*\)/);
+      if (ktorRouteMatch) {
+        const path6 = ktorRouteMatch[1];
+        if (path6.startsWith("/")) {
+          routes.push({
+            method: "ANY",
+            path: path6,
+            normalizedPath: normalizePath(path6),
+            file: filePath,
+            line: i + 1
+          });
+        }
+      }
+      const resourceMatch = line.match(/@Resource\s*\(\s*["']([^"']+)["']\s*\)/);
+      if (resourceMatch) {
+        const path6 = resourceMatch[1];
+        if (path6.startsWith("/")) {
+          routes.push({
+            method: "ANY",
+            path: path6,
+            normalizedPath: normalizePath(path6),
+            file: filePath,
+            line: i + 1
+          });
+        }
+      }
+      const http4kMatch = line.match(/["']([^"']+)["']\s*bind\s*(GET|POST|PUT|DELETE|PATCH)/);
+      if (http4kMatch) {
+        const path6 = http4kMatch[1];
+        if (path6.startsWith("/")) {
+          routes.push({
+            method: http4kMatch[2].toUpperCase(),
+            path: path6,
+            normalizedPath: normalizePath(path6),
+            file: filePath,
+            line: i + 1
+          });
+        }
+      }
+      const retrofitMatch = line.match(/@(GET|POST|PUT|DELETE|PATCH|HEAD)\s*\(\s*["']([^"']+)["']\s*\)/);
+      if (retrofitMatch) {
+        let path6 = retrofitMatch[2];
+        if (!path6.startsWith("/")) path6 = "/" + path6;
+      }
+    }
     if (lang === "cpp") {
       const crowMatch = line.match(/CROW_ROUTE\s*\(\s*\w+\s*,\s*"([^"]+)"/);
       if (crowMatch) {
@@ -5408,11 +6216,11 @@ function detectRestApiEdges(files, projectRoot) {
   const allCalls = [];
   const allRoutes = [];
   for (const file of files) {
-    const fullPath = join12(projectRoot, file.filePath);
-    if (!resolve6(fullPath).startsWith(resolve6(projectRoot))) continue;
+    const fullPath = join13(projectRoot, file.filePath);
+    if (!resolve7(fullPath).startsWith(resolve7(projectRoot))) continue;
     let source;
     try {
-      source = readFileSync9(fullPath, "utf-8");
+      source = readFileSync10(fullPath, "utf-8");
     } catch {
       continue;
     }
@@ -5420,6 +6228,18 @@ function detectRestApiEdges(files, projectRoot) {
     if (lang === "typescript" || lang === "javascript") {
       allCalls.push(...extractHttpCalls(source, file.filePath));
     }
+    if (lang === "kotlin") {
+      const kotlinLines = source.split("\n");
+      for (let i = 0; i < kotlinLines.length; i++) {
+        const line = kotlinLines[i];
+        const retrofitMatch = line.match(/@(GET|POST|PUT|DELETE|PATCH|HEAD)\s*\(\s*["']([^"']+)["']\s*\)/);
+        if (retrofitMatch) {
+          let path6 = retrofitMatch[2];
+          if (!path6.startsWith("/")) path6 = "/" + path6;
+          allCalls.push({ method: retrofitMatch[1].toUpperCase(), path: path6, file: file.filePath, line: i + 1 });
+        }
+      }
+    }
     allRoutes.push(...extractRouteDefinitions(source, file.filePath));
   }
   for (const call of allCalls) {
@@ -5448,8 +6268,8 @@ function detectRestApiEdges(files, projectRoot) {
 }
 
 // src/cross-language/detectors/subprocess.ts
-import { readFileSync as readFileSync10 } from "fs";
-import { join as join13, resolve as resolve7, basename as basename5 } from "path";
+import { readFileSync as readFileSync11 } from "fs";
+import { join as join14, resolve as resolve8, basename as basename6 } from "path";
 var SCRIPT_EXTENSIONS = [".py", ".js", ".ts", ".go", ".rs"];
 function getLanguage2(filePath) {
   if (filePath.endsWith(".ts") || filePath.endsWith(".tsx")) return "typescript";
@@ -5548,16 +6368,16 @@ function detectSubprocessEdges(files, projectRoot) {
   const knownFiles = new Set(files.map((f) => f.filePath));
   const basenameMap = /* @__PURE__ */ new Map();
   for (const f of files) {
-    const base = basename5(f.filePath);
+    const base = basename6(f.filePath);
     if (!basenameMap.has(base)) basenameMap.set(base, []);
     basenameMap.get(base).push(f.filePath);
   }
   for (const file of files) {
-    const fullPath = join13(projectRoot, file.filePath);
-    if (!resolve7(fullPath).startsWith(resolve7(projectRoot))) continue;
+    const fullPath = join14(projectRoot, file.filePath);
+    if (!resolve8(fullPath).startsWith(resolve8(projectRoot))) continue;
     let source;
     try {
-      source = readFileSync10(fullPath, "utf-8");
+      source = readFileSync11(fullPath, "utf-8");
     } catch {
       continue;
     }
@@ -5569,7 +6389,7 @@ function detectSubprocessEdges(files, projectRoot) {
         targetFile = call.calledFile;
         confidence = "high";
       } else {
-        const base = basename5(call.calledFile);
+        const base = basename6(call.calledFile);
         const candidates = basenameMap.get(base);
         if (candidates && candidates.length > 0) {
           const exactCandidate = candidates.find((c) => c.endsWith(call.calledFile));
@@ -5948,7 +6768,7 @@ function getArchitectureSummary(graph) {
 }
 
 // src/health/metrics.ts
-import { dirname as dirname10 } from "path";
+import { dirname as dirname11 } from "path";
 function scoreToGrade(score) {
   if (score >= 90) return "A";
   if (score >= 80) return "B";
@@ -5981,8 +6801,8 @@ function calculateCouplingScore(graph) {
       totalEdges++;
       fileConnections.set(sourceAttrs.filePath, (fileConnections.get(sourceAttrs.filePath) || 0) + 1);
       fileConnections.set(targetAttrs.filePath, (fileConnections.get(targetAttrs.filePath) || 0) + 1);
-      const sourceDir = dirname10(sourceAttrs.filePath).split("/")[0];
-      const targetDir = dirname10(targetAttrs.filePath).split("/")[0];
+      const sourceDir = dirname11(sourceAttrs.filePath).split("/")[0];
+      const targetDir = dirname11(targetAttrs.filePath).split("/")[0];
       if (sourceDir !== targetDir) {
         crossDirEdges++;
       }
@@ -6029,8 +6849,8 @@ function calculateCohesionScore(graph) {
     const sourceAttrs = graph.getNodeAttributes(source);
     const targetAttrs = graph.getNodeAttributes(target);
     if (sourceAttrs.filePath !== targetAttrs.filePath) {
-      const sourceDir = dirname10(sourceAttrs.filePath);
-      const targetDir = dirname10(targetAttrs.filePath);
+      const sourceDir = dirname11(sourceAttrs.filePath);
+      const targetDir = dirname11(targetAttrs.filePath);
       if (!dirEdges.has(sourceDir)) {
         dirEdges.set(sourceDir, { internal: 0, total: 0 });
       }
@@ -6312,8 +7132,8 @@ function calculateDepthScore(graph) {
 }
 
 // src/health/index.ts
-import { readFileSync as readFileSync11, writeFileSync, existsSync as existsSync11, mkdirSync } from "fs";
-import { dirname as dirname11, resolve as resolve8 } from "path";
+import { readFileSync as readFileSync12, writeFileSync, existsSync as existsSync12, mkdirSync } from "fs";
+import { dirname as dirname12, resolve as resolve9 } from "path";
 function calculateHealthScore(graph, projectRoot) {
   const coupling = calculateCouplingScore(graph);
   const cohesion = calculateCohesionScore(graph);
@@ -6412,8 +7232,8 @@ function getHealthTrend(projectRoot, currentScore) {
   }
 }
 function saveHealthHistory(projectRoot, report) {
-  const resolvedRoot = resolve8(projectRoot);
-  const historyFile = resolve8(resolvedRoot, ".depwire", "health-history.json");
+  const resolvedRoot = resolve9(projectRoot);
+  const historyFile = resolve9(resolvedRoot, ".depwire", "health-history.json");
   if (!historyFile.startsWith(resolvedRoot)) {
     return;
   }
@@ -6428,10 +7248,10 @@ function saveHealthHistory(projectRoot, report) {
     }))
   };
   let history = [];
-  if (existsSync11(historyFile)) {
+  if (existsSync12(historyFile)) {
     try {
       if (!historyFile.startsWith(resolvedRoot)) return;
-      const content = readFileSync11(historyFile, "utf-8");
+      const content = readFileSync12(historyFile, "utf-8");
       history = JSON.parse(content);
     } catch {
     }
@@ -6440,19 +7260,19 @@ function saveHealthHistory(projectRoot, report) {
   if (history.length > 50) {
     history = history.slice(-50);
   }
-  mkdirSync(dirname11(historyFile), { recursive: true });
+  mkdirSync(dirname12(historyFile), { recursive: true });
   if (!historyFile.startsWith(resolvedRoot)) return;
   writeFileSync(historyFile, JSON.stringify(history, null, 2), "utf-8");
 }
 function loadHealthHistory(projectRoot) {
-  const resolvedRoot = resolve8(projectRoot);
-  const historyFile = resolve8(resolvedRoot, ".depwire", "health-history.json");
-  if (!historyFile.startsWith(resolvedRoot) || !existsSync11(historyFile)) {
+  const resolvedRoot = resolve9(projectRoot);
+  const historyFile = resolve9(resolvedRoot, ".depwire", "health-history.json");
+  if (!historyFile.startsWith(resolvedRoot) || !existsSync12(historyFile)) {
     return [];
   }
   try {
     if (!historyFile.startsWith(resolvedRoot)) return [];
-    const content = readFileSync11(historyFile, "utf-8");
+    const content = readFileSync12(historyFile, "utf-8");
     return JSON.parse(content);
   } catch {
     return [];
@@ -6461,7 +7281,7 @@ function loadHealthHistory(projectRoot) {
 
 // src/dead-code/detector.ts
 import path2 from "path";
-import { readFileSync as readFileSync12, existsSync as existsSync12 } from "fs";
+import { readFileSync as readFileSync13, existsSync as existsSync13 } from "fs";
 function findDeadSymbols(graph, projectRoot, includeTests = false, debug = false) {
   const deadSymbols = [];
   const context = { graph, projectRoot };
@@ -6594,11 +7414,11 @@ function getPackageEntryPoints(projectRoot) {
   const entryPoints = /* @__PURE__ */ new Set();
   const resolvedRoot = path2.resolve(projectRoot);
   const packageJsonPath = path2.resolve(resolvedRoot, "package.json");
-  if (!packageJsonPath.startsWith(resolvedRoot) || !existsSync12(packageJsonPath)) {
+  if (!packageJsonPath.startsWith(resolvedRoot) || !existsSync13(packageJsonPath)) {
     return entryPoints;
   }
   try {
-    const packageJson = JSON.parse(readFileSync12(packageJsonPath, "utf-8"));
+    const packageJson = JSON.parse(readFileSync13(packageJsonPath, "utf-8"));
     if (packageJson.main) {
       entryPoints.add(path2.resolve(projectRoot, packageJson.main));
     }
@@ -6652,6 +7472,9 @@ function shouldExclude(attrs, context, includeTests, packageEntryPoints) {
   if (isCppExcluded(attrs)) {
     return "framework";
   }
+  if (isKotlinExcluded(attrs)) {
+    return "framework";
+  }
   return null;
 }
 function isRealPackageEntryPoint(filePath, packageEntryPoints) {
@@ -6690,6 +7513,33 @@ function isCppExcluded(attrs) {
   if (kind === "constant" && /\.(?:h|hpp)$/.test(filePath)) return true;
   return false;
 }
+function isKotlinExcluded(attrs) {
+  const filePath = attrs.file || attrs.filePath || "";
+  const name = attrs.name || "";
+  if (!filePath.endsWith(".kt") && !filePath.endsWith(".kts")) return false;
+  if (name === "main") return true;
+  const androidLifecycle = [
+    "onCreate",
+    "onStart",
+    "onResume",
+    "onPause",
+    "onStop",
+    "onDestroy",
+    "onCreateView",
+    "onViewCreated",
+    "onDestroyView",
+    "onSaveInstanceState",
+    "onRestoreInstanceState",
+    "onActivityResult",
+    "onRequestPermissionsResult",
+    "onConfigurationChanged",
+    "onNewIntent"
+  ];
+  if (androidLifecycle.includes(name)) return true;
+  if (["readObject", "writeObject", "readResolve", "writeReplace"].includes(name)) return true;
+  if (name.startsWith("operator")) return true;
+  return false;
+}
 
 // src/dead-code/classifier.ts
 import path3 from "path";
@@ -6756,8 +7606,8 @@ function generateReason(symbol, confidence) {
   return "Potentially unused";
 }
 function isBarrelFile(filePath) {
-  const basename9 = path3.basename(filePath);
-  return basename9 === "index.ts" || basename9 === "index.js";
+  const basename10 = path3.basename(filePath);
+  return basename10 === "index.ts" || basename10 === "index.js";
 }
 function isTestFile2(filePath) {
   return filePath.includes("__tests__/") || filePath.includes(".test.") || filePath.includes(".spec.") || filePath.includes("/test/") || filePath.includes("/tests/");
@@ -6936,11 +7786,11 @@ function filterByConfidence(symbols, minConfidence) {
 }
 
 // src/docs/generator.ts
-import { writeFileSync as writeFileSync3, mkdirSync as mkdirSync2, existsSync as existsSync15 } from "fs";
-import { join as join17 } from "path";
+import { writeFileSync as writeFileSync3, mkdirSync as mkdirSync2, existsSync as existsSync16 } from "fs";
+import { join as join18 } from "path";
 
 // src/docs/architecture.ts
-import { dirname as dirname12 } from "path";
+import { dirname as dirname13 } from "path";
 
 // src/docs/templates.ts
 function header(text, level = 1) {
@@ -7091,7 +7941,7 @@ function generateModuleStructure(graph) {
 function getDirectoryStats(graph) {
   const dirMap = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname12(attrs.filePath);
+    const dir = dirname13(attrs.filePath);
     if (dir === ".") return;
     if (!dirMap.has(dir)) {
       dirMap.set(dir, {
@@ -7116,7 +7966,7 @@ function getDirectoryStats(graph) {
   });
   const filesPerDir = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname12(attrs.filePath);
+    const dir = dirname13(attrs.filePath);
     if (!filesPerDir.has(dir)) {
       filesPerDir.set(dir, /* @__PURE__ */ new Set());
     }
@@ -7131,8 +7981,8 @@ function getDirectoryStats(graph) {
   graph.forEachEdge((edge, attrs, source, target) => {
     const sourceAttrs = graph.getNodeAttributes(source);
     const targetAttrs = graph.getNodeAttributes(target);
-    const sourceDir = dirname12(sourceAttrs.filePath);
-    const targetDir = dirname12(targetAttrs.filePath);
+    const sourceDir = dirname13(sourceAttrs.filePath);
+    const targetDir = dirname13(targetAttrs.filePath);
     if (sourceDir !== targetDir) {
       if (!dirEdges.has(sourceDir)) {
         dirEdges.set(sourceDir, { in: 0, out: 0 });
@@ -7339,7 +8189,7 @@ function detectCycles(graph) {
 }
 
 // src/docs/conventions.ts
-import { basename as basename6, extname as extname7 } from "path";
+import { basename as basename7, extname as extname8 } from "path";
 function generateConventions(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -7377,7 +8227,7 @@ function generateFileOrganization(graph) {
   graph.forEachNode((node, attrs) => {
     if (!files.has(attrs.filePath)) {
       files.add(attrs.filePath);
-      const fileName = basename6(attrs.filePath);
+      const fileName = basename7(attrs.filePath);
       if (fileName === "index.ts" || fileName === "index.js" || fileName === "index.tsx" || fileName === "index.jsx") {
         barrelFileCount++;
       }
@@ -7436,7 +8286,7 @@ function generateNamingPatterns(graph) {
   graph.forEachNode((node, attrs) => {
     if (!files.has(attrs.filePath)) {
       files.add(attrs.filePath);
-      const fileName = basename6(attrs.filePath, extname7(attrs.filePath));
+      const fileName = basename7(attrs.filePath, extname8(attrs.filePath));
       if (isCamelCase(fileName)) patterns.files.camelCase++;
       else if (isPascalCase(fileName)) patterns.files.PascalCase++;
       else if (isKebabCase(fileName)) patterns.files.kebabCase++;
@@ -8113,7 +8963,7 @@ function detectCyclesDetailed(graph) {
 }
 
 // src/docs/onboarding.ts
-import { dirname as dirname13 } from "path";
+import { dirname as dirname14 } from "path";
 function generateOnboarding(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -8172,7 +9022,7 @@ function generateQuickOrientation(graph) {
   const primaryLang = Object.entries(languages2).sort((a, b) => b[1] - a[1])[0];
   const dirs = /* @__PURE__ */ new Set();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname13(attrs.filePath);
+    const dir = dirname14(attrs.filePath);
     if (dir !== ".") {
       const topLevel = dir.split("/")[0];
       dirs.add(topLevel);
@@ -8276,7 +9126,7 @@ function generateModuleMap(graph) {
 function getDirectoryStats2(graph) {
   const dirMap = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname13(attrs.filePath);
+    const dir = dirname14(attrs.filePath);
     if (dir === ".") return;
     if (!dirMap.has(dir)) {
       dirMap.set(dir, {
@@ -8291,7 +9141,7 @@ function getDirectoryStats2(graph) {
   });
   const filesPerDir = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname13(attrs.filePath);
+    const dir = dirname14(attrs.filePath);
     if (!filesPerDir.has(dir)) {
       filesPerDir.set(dir, /* @__PURE__ */ new Set());
     }
@@ -8306,8 +9156,8 @@ function getDirectoryStats2(graph) {
   graph.forEachEdge((edge, attrs, source, target) => {
     const sourceAttrs = graph.getNodeAttributes(source);
     const targetAttrs = graph.getNodeAttributes(target);
-    const sourceDir = dirname13(sourceAttrs.filePath);
-    const targetDir = dirname13(targetAttrs.filePath);
+    const sourceDir = dirname14(sourceAttrs.filePath);
+    const targetDir = dirname14(targetAttrs.filePath);
     if (sourceDir !== targetDir) {
       if (!dirEdges.has(sourceDir)) {
         dirEdges.set(sourceDir, { in: 0, out: 0 });
@@ -8388,7 +9238,7 @@ function detectClusters(graph) {
   const dirFiles = /* @__PURE__ */ new Map();
   const fileEdges = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname13(attrs.filePath);
+    const dir = dirname14(attrs.filePath);
     if (!dirFiles.has(dir)) {
       dirFiles.set(dir, /* @__PURE__ */ new Set());
     }
@@ -8442,8 +9292,8 @@ function inferClusterName(files) {
   if (sortedWords.length > 0 && sortedWords[0][1] > 1) {
     return capitalizeFirst2(sortedWords[0][0]);
   }
-  const commonDir = dirname13(files[0]);
-  if (files.every((f) => dirname13(f) === commonDir)) {
+  const commonDir = dirname14(files[0]);
+  if (files.every((f) => dirname14(f) === commonDir)) {
     return capitalizeFirst2(commonDir.split("/").pop() || "Core");
   }
   return "Core";
@@ -8501,7 +9351,7 @@ function generateDepwireUsage(projectRoot) {
 }
 
 // src/docs/files.ts
-import { dirname as dirname14, basename as basename7 } from "path";
+import { dirname as dirname15, basename as basename8 } from "path";
 function generateFiles(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -8605,7 +9455,7 @@ function generateDirectoryBreakdown(graph) {
   const fileStats = getFileStats2(graph);
   const dirMap = /* @__PURE__ */ new Map();
   for (const file of fileStats) {
-    const dir = dirname14(file.filePath);
+    const dir = dirname15(file.filePath);
     const topDir = dir === "." ? "." : dir.split("/")[0];
     if (!dirMap.has(topDir)) {
       dirMap.set(topDir, {
@@ -8620,7 +9470,7 @@ function generateDirectoryBreakdown(graph) {
     dirStats.symbolCount += file.symbolCount;
     if (file.totalConnections > dirStats.maxConnections) {
       dirStats.maxConnections = file.totalConnections;
-      dirStats.mostConnectedFile = basename7(file.filePath);
+      dirStats.mostConnectedFile = basename8(file.filePath);
     }
   }
   if (dirMap.size === 0) {
@@ -9248,7 +10098,7 @@ function generateRecommendations(graph) {
 }
 
 // src/docs/tests.ts
-import { basename as basename8, dirname as dirname15 } from "path";
+import { basename as basename9, dirname as dirname16 } from "path";
 function generateTests(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -9276,8 +10126,8 @@ function getFileCount8(graph) {
   return files.size;
 }
 function isTestFile3(filePath) {
-  const fileName = basename8(filePath).toLowerCase();
-  const dirPath = dirname15(filePath).toLowerCase();
+  const fileName = basename9(filePath).toLowerCase();
+  const dirPath = dirname16(filePath).toLowerCase();
   if (dirPath.includes("test") || dirPath.includes("spec") || dirPath.includes("__tests__")) {
     return true;
   }
@@ -9335,13 +10185,13 @@ function generateTestFileInventory(graph) {
   return output;
 }
 function matchTestToSource(testFile) {
-  const testFileName = basename8(testFile);
-  const testDir = dirname15(testFile);
+  const testFileName = basename9(testFile);
+  const testDir = dirname16(testFile);
   let sourceFileName = testFileName.replace(/\.test\./g, ".").replace(/\.spec\./g, ".").replace(/_test\./g, ".").replace(/_spec\./g, ".");
   const possiblePaths = [];
   possiblePaths.push(testDir + "/" + sourceFileName);
   if (testDir.endsWith("/test") || testDir.endsWith("/tests") || testDir.endsWith("/__tests__")) {
-    const parentDir = dirname15(testDir);
+    const parentDir = dirname16(testDir);
     possiblePaths.push(parentDir + "/" + sourceFileName);
   }
   if (testDir.includes("test")) {
@@ -9497,7 +10347,7 @@ function generateTestCoverageMap(graph) {
   const rows = mappings.slice(0, 30).map((m) => [
     `\`${m.sourceFile}\``,
     m.hasTest ? "\u2705" : "\u274C",
-    m.testFile ? `\`${basename8(m.testFile)}\`` : "-",
+    m.testFile ? `\`${basename9(m.testFile)}\`` : "-",
     formatNumber(m.symbolCount)
   ]);
   let output = table(headers, rows);
@@ -9538,7 +10388,7 @@ function generateTestStatistics(graph) {
 `;
   const dirTestCoverage = /* @__PURE__ */ new Map();
   for (const sourceFile of sourceFiles) {
-    const dir = dirname15(sourceFile).split("/")[0];
+    const dir = dirname16(sourceFile).split("/")[0];
     if (!dirTestCoverage.has(dir)) {
       dirTestCoverage.set(dir, { total: 0, tested: 0 });
     }
@@ -9561,7 +10411,7 @@ function generateTestStatistics(graph) {
 }
 
 // src/docs/history.ts
-import { dirname as dirname16 } from "path";
+import { dirname as dirname17 } from "path";
 import { execSync } from "child_process";
 function generateHistory(graph, projectRoot, version) {
   let output = "";
@@ -9842,7 +10692,7 @@ function generateFeatureClusters(graph) {
   const dirFiles = /* @__PURE__ */ new Map();
   const fileEdges = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname16(attrs.filePath);
+    const dir = dirname17(attrs.filePath);
     if (!dirFiles.has(dir)) {
       dirFiles.set(dir, /* @__PURE__ */ new Set());
     }
@@ -9924,7 +10774,7 @@ function capitalizeFirst3(str) {
 }
 
 // src/docs/current.ts
-import { dirname as dirname17 } from "path";
+import { dirname as dirname18 } from "path";
 function generateCurrent(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -10062,7 +10912,7 @@ function generateCompleteFileIndex(graph) {
   fileInfos.sort((a, b) => a.filePath.localeCompare(b.filePath));
   const dirGroups = /* @__PURE__ */ new Map();
   for (const info of fileInfos) {
-    const dir = dirname17(info.filePath);
+    const dir = dirname18(info.filePath);
     const topDir = dir === "." ? "root" : dir.split("/")[0];
     if (!dirGroups.has(topDir)) {
       dirGroups.set(topDir, []);
@@ -10273,8 +11123,8 @@ function getTopLevelDir2(filePath) {
 }
 
 // src/docs/status.ts
-import { readFileSync as readFileSync13, existsSync as existsSync13 } from "fs";
-import { resolve as resolve9 } from "path";
+import { readFileSync as readFileSync14, existsSync as existsSync14 } from "fs";
+import { resolve as resolve10 } from "path";
 function generateStatus(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -10307,16 +11157,16 @@ function getFileCount11(graph) {
 }
 function extractComments(projectRoot, filePath) {
   const comments = [];
-  const resolvedRoot = resolve9(projectRoot);
-  const fullPath = resolve9(resolvedRoot, filePath);
+  const resolvedRoot = resolve10(projectRoot);
+  const fullPath = resolve10(resolvedRoot, filePath);
   if (!fullPath.startsWith(resolvedRoot)) {
     return comments;
   }
-  if (!existsSync13(fullPath)) {
+  if (!existsSync14(fullPath)) {
     return comments;
   }
   try {
-    const content = readFileSync13(fullPath, "utf-8");
+    const content = readFileSync14(fullPath, "utf-8");
     const lines = content.split("\n");
     const patterns = [
       { type: "TODO", regex: /(?:\/\/|#|\/\*)\s*TODO:?\s*(.+)/i },
@@ -10895,16 +11745,16 @@ function generateConfidenceSection(title, description, symbols, projectRoot) {
 }
 
 // src/docs/metadata.ts
-import { existsSync as existsSync14, readFileSync as readFileSync14, writeFileSync as writeFileSync2 } from "fs";
-import { resolve as resolve10 } from "path";
+import { existsSync as existsSync15, readFileSync as readFileSync15, writeFileSync as writeFileSync2 } from "fs";
+import { resolve as resolve11 } from "path";
 function loadMetadata(outputDir) {
-  const resolvedDir = resolve10(outputDir);
-  const metadataPath = resolve10(resolvedDir, "metadata.json");
-  if (!metadataPath.startsWith(resolvedDir) || !existsSync14(metadataPath)) {
+  const resolvedDir = resolve11(outputDir);
+  const metadataPath = resolve11(resolvedDir, "metadata.json");
+  if (!metadataPath.startsWith(resolvedDir) || !existsSync15(metadataPath)) {
     return null;
   }
   try {
-    const content = readFileSync14(metadataPath, "utf-8");
+    const content = readFileSync15(metadataPath, "utf-8");
     return JSON.parse(content);
   } catch (err) {
     console.error("Failed to load metadata:", err);
@@ -10912,8 +11762,8 @@ function loadMetadata(outputDir) {
   }
 }
 function saveMetadata(outputDir, metadata) {
-  const resolvedDir = resolve10(outputDir);
-  const metadataPath = resolve10(resolvedDir, "metadata.json");
+  const resolvedDir = resolve11(outputDir);
+  const metadataPath = resolve11(resolvedDir, "metadata.json");
   if (!metadataPath.startsWith(resolvedDir)) {
     throw new Error(`Path traversal attempt blocked: ${metadataPath}`);
   }
@@ -10959,7 +11809,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
   const generated = [];
   const errors = [];
   try {
-    if (!existsSync15(options.outputDir)) {
+    if (!existsSync16(options.outputDir)) {
       mkdirSync2(options.outputDir, { recursive: true });
       if (options.verbose) {
         console.log(`Created output directory: ${options.outputDir}`);
@@ -10998,7 +11848,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating ARCHITECTURE.md...");
           const content = generateArchitecture(graph, projectRoot, version, parseTime);
-          const filePath = join17(options.outputDir, "ARCHITECTURE.md");
+          const filePath = join18(options.outputDir, "ARCHITECTURE.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("ARCHITECTURE.md");
         } catch (err) {
@@ -11009,7 +11859,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating CONVENTIONS.md...");
           const content = generateConventions(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "CONVENTIONS.md");
+          const filePath = join18(options.outputDir, "CONVENTIONS.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("CONVENTIONS.md");
         } catch (err) {
@@ -11020,7 +11870,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating DEPENDENCIES.md...");
           const content = generateDependencies(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "DEPENDENCIES.md");
+          const filePath = join18(options.outputDir, "DEPENDENCIES.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("DEPENDENCIES.md");
         } catch (err) {
@@ -11031,7 +11881,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating ONBOARDING.md...");
           const content = generateOnboarding(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "ONBOARDING.md");
+          const filePath = join18(options.outputDir, "ONBOARDING.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("ONBOARDING.md");
         } catch (err) {
@@ -11042,7 +11892,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating FILES.md...");
           const content = generateFiles(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "FILES.md");
+          const filePath = join18(options.outputDir, "FILES.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("FILES.md");
         } catch (err) {
@@ -11053,7 +11903,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating API_SURFACE.md...");
           const content = generateApiSurface(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "API_SURFACE.md");
+          const filePath = join18(options.outputDir, "API_SURFACE.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("API_SURFACE.md");
         } catch (err) {
@@ -11064,7 +11914,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating ERRORS.md...");
           const content = generateErrors(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "ERRORS.md");
+          const filePath = join18(options.outputDir, "ERRORS.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("ERRORS.md");
         } catch (err) {
@@ -11075,7 +11925,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating TESTS.md...");
           const content = generateTests(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "TESTS.md");
+          const filePath = join18(options.outputDir, "TESTS.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("TESTS.md");
         } catch (err) {
@@ -11086,7 +11936,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating HISTORY.md...");
           const content = generateHistory(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "HISTORY.md");
+          const filePath = join18(options.outputDir, "HISTORY.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("HISTORY.md");
         } catch (err) {
@@ -11097,7 +11947,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating CURRENT.md...");
           const content = generateCurrent(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "CURRENT.md");
+          const filePath = join18(options.outputDir, "CURRENT.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("CURRENT.md");
         } catch (err) {
@@ -11108,7 +11958,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating STATUS.md...");
           const content = generateStatus(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "STATUS.md");
+          const filePath = join18(options.outputDir, "STATUS.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("STATUS.md");
         } catch (err) {
@@ -11119,7 +11969,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating HEALTH.md...");
           const content = generateHealth(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "HEALTH.md");
+          const filePath = join18(options.outputDir, "HEALTH.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("HEALTH.md");
         } catch (err) {
@@ -11130,7 +11980,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating DEAD_CODE.md...");
           const content = generateDeadCode(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "DEAD_CODE.md");
+          const filePath = join18(options.outputDir, "DEAD_CODE.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("DEAD_CODE.md");
         } catch (err) {
@@ -11174,7 +12024,7 @@ function getFileCount13(graph) {
 }
 
 // src/simulation/engine.ts
-import { dirname as dirname18, join as join18 } from "path";
+import { dirname as dirname19, join as join19 } from "path";
 function normalizePath2(p) {
   return p.replace(/^\.\//, "").replace(/\/+$/, "");
 }
@@ -11306,7 +12156,7 @@ var SimulationEngine = class {
     }
   }
   applyRename(clone, target, newName, brokenImports) {
-    const destination = join18(dirname18(target), newName);
+    const destination = join19(dirname19(target), newName);
     this.applyMove(clone, target, destination, brokenImports);
   }
   applySplit(clone, target, newFile, symbols, brokenImports) {
@@ -11506,13 +12356,13 @@ var SimulationEngine = class {
 };
 
 // src/security/scanner.ts
-import { existsSync as existsSync17 } from "fs";
-import { join as join28 } from "path";
+import { existsSync as existsSync18 } from "fs";
+import { join as join29 } from "path";
 
 // src/security/checks/dependencies.ts
 import { execSync as execSync2 } from "child_process";
-import { existsSync as existsSync16, readFileSync as readFileSync15, readdirSync as readdirSync8 } from "fs";
-import { join as join19 } from "path";
+import { existsSync as existsSync17, readFileSync as readFileSync16, readdirSync as readdirSync9 } from "fs";
+import { join as join20 } from "path";
 function cvssToSeverity(score) {
   if (score >= 9) return "critical";
   if (score >= 7) return "high";
@@ -11522,18 +12372,18 @@ function cvssToSeverity(score) {
 async function checkDependencies(_files, projectRoot) {
   const findings = [];
   try {
-    if (existsSync16(join19(projectRoot, "package.json"))) {
+    if (existsSync17(join20(projectRoot, "package.json"))) {
       findings.push(...checkNpmAudit(projectRoot));
       findings.push(...checkPackageJsonPatterns(projectRoot));
       findings.push(...checkPostinstallScripts(projectRoot));
     }
-    if (existsSync16(join19(projectRoot, "requirements.txt")) || existsSync16(join19(projectRoot, "pyproject.toml"))) {
+    if (existsSync17(join20(projectRoot, "requirements.txt")) || existsSync17(join20(projectRoot, "pyproject.toml"))) {
       findings.push(...checkPipAudit(projectRoot));
     }
-    if (existsSync16(join19(projectRoot, "Cargo.toml"))) {
+    if (existsSync17(join20(projectRoot, "Cargo.toml"))) {
       findings.push(...checkCargoAudit(projectRoot));
     }
-    if (existsSync16(join19(projectRoot, "go.mod"))) {
+    if (existsSync17(join20(projectRoot, "go.mod"))) {
       findings.push(...checkGoVerify(projectRoot));
     }
   } catch (err) {
@@ -11622,8 +12472,8 @@ function checkNpmAudit(projectRoot) {
 function checkPackageJsonPatterns(projectRoot) {
   const findings = [];
   try {
-    const pkgPath = join19(projectRoot, "package.json");
-    const pkg = JSON.parse(readFileSync15(pkgPath, "utf-8"));
+    const pkgPath = join20(projectRoot, "package.json");
+    const pkg = JSON.parse(readFileSync16(pkgPath, "utf-8"));
     const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
     for (const [name, version] of Object.entries(allDeps)) {
       if (version.startsWith("^") || version.startsWith("~")) {
@@ -11645,15 +12495,15 @@ function checkPackageJsonPatterns(projectRoot) {
 }
 function checkPostinstallScripts(projectRoot) {
   const findings = [];
-  const nodeModules = join19(projectRoot, "node_modules");
-  if (!existsSync16(nodeModules)) return findings;
+  const nodeModules = join20(projectRoot, "node_modules");
+  if (!existsSync17(nodeModules)) return findings;
   try {
-    const topLevelDeps = readdirSync8(nodeModules).filter((d) => !d.startsWith("."));
+    const topLevelDeps = readdirSync9(nodeModules).filter((d) => !d.startsWith("."));
     for (const dep of topLevelDeps) {
-      const depPkgPath = join19(nodeModules, dep, "package.json");
-      if (!existsSync16(depPkgPath)) continue;
+      const depPkgPath = join20(nodeModules, dep, "package.json");
+      if (!existsSync17(depPkgPath)) continue;
       try {
-        const depPkg = JSON.parse(readFileSync15(depPkgPath, "utf-8"));
+        const depPkg = JSON.parse(readFileSync16(depPkgPath, "utf-8"));
         const scripts = depPkg.scripts || {};
         if (scripts.postinstall || scripts.preinstall || scripts.install) {
           const scriptName = scripts.postinstall ? "postinstall" : scripts.preinstall ? "preinstall" : "install";
@@ -11691,7 +12541,7 @@ function checkPipAudit(projectRoot) {
         id: "",
         severity: cvssToSeverity(vuln.cvss?.score || 5),
         vulnerabilityClass: "dependency-cve",
-        file: existsSync16(join19(projectRoot, "requirements.txt")) ? "requirements.txt" : "pyproject.toml",
+        file: existsSync17(join20(projectRoot, "requirements.txt")) ? "requirements.txt" : "pyproject.toml",
         title: `Vulnerable Python dependency: ${vuln.name}`,
         description: `${vuln.name}@${vuln.version} \u2014 ${vuln.id}: ${vuln.description || "Known vulnerability"}`,
         attackScenario: `An attacker could exploit the vulnerability in ${vuln.name}.`,
@@ -11788,8 +12638,8 @@ function checkGoVerify(projectRoot) {
 }
 
 // src/security/checks/injection.ts
-import { readFileSync as readFileSync16 } from "fs";
-import { join as join20 } from "path";
+import { readFileSync as readFileSync17 } from "fs";
+import { join as join21 } from "path";
 var SKIP_DIRS = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 var TEST_PATTERNS = ["test", "spec", "fixture", "mock", "__tests__", "__mocks__"];
 var USER_INPUT_NAMES = /(?:input|user|name|path|query|branch|hash|cmd|command|req\.|params|body|args|url|dir|file|subdirectory)/i;
@@ -11975,6 +12825,52 @@ var PATTERNS = [
     description: "popen() called with a variable argument \u2014 potential command injection.",
     attackScenario: "An attacker could inject shell metacharacters to execute arbitrary commands.",
     suggestedFix: "Avoid popen(). Use pipe/fork/exec with argument arrays instead."
+  },
+  // Kotlin injection patterns
+  {
+    regex: /["']SELECT\b[^"']*\$(?:\{|\w)/,
+    title: "Kotlin SQL injection via string template",
+    vulnClass: "code-injection",
+    baseSeverity: "high",
+    description: "SQL query built using Kotlin string templates \u2014 vulnerable to SQL injection.",
+    attackScenario: "An attacker could inject SQL through interpolated variables to read, modify, or delete database data.",
+    suggestedFix: "Use parameterized queries with PreparedStatement or your ORM's query builder."
+  },
+  {
+    regex: /["'](?:INSERT|UPDATE|DELETE)\b[^"']*\$(?:\{|\w)/,
+    title: "Kotlin SQL injection via string template",
+    vulnClass: "code-injection",
+    baseSeverity: "high",
+    description: "SQL mutation query built using Kotlin string templates \u2014 vulnerable to SQL injection.",
+    attackScenario: "An attacker could inject SQL through interpolated variables.",
+    suggestedFix: "Use parameterized queries with PreparedStatement or your ORM's query builder."
+  },
+  {
+    regex: /Runtime\.getRuntime\(\)\.exec\s*\(/,
+    title: "Kotlin/Java command injection via Runtime.exec",
+    vulnClass: "shell-injection",
+    baseSeverity: "high",
+    description: "Runtime.exec() executes a system command \u2014 vulnerable if user input reaches the argument.",
+    attackScenario: "An attacker could inject shell metacharacters to execute arbitrary commands on the server.",
+    suggestedFix: "Use ProcessBuilder with an argument array. Validate all input against a strict allowlist."
+  },
+  {
+    regex: /\.csrf\(\)\s*\.?\s*disable\(\)/,
+    title: "Spring Security CSRF protection disabled",
+    vulnClass: "code-injection",
+    baseSeverity: "medium",
+    description: "CSRF protection has been explicitly disabled in Spring Security configuration.",
+    attackScenario: "An attacker could forge cross-site requests to perform actions on behalf of authenticated users.",
+    suggestedFix: "Only disable CSRF for stateless APIs using JWT. Keep CSRF enabled for session-based authentication."
+  },
+  {
+    regex: /\.permitAll\(\).*(?:admin|manage|delete|config|setting)/i,
+    title: "Spring Security permitAll on sensitive path",
+    vulnClass: "code-injection",
+    baseSeverity: "high",
+    description: "permitAll() applied to a path that appears security-sensitive.",
+    attackScenario: "An attacker could access administrative or destructive endpoints without authentication.",
+    suggestedFix: 'Use .hasRole("ADMIN") or .authenticated() for sensitive endpoints.'
   }
 ];
 function shouldSkip(filePath) {
@@ -11991,7 +12887,7 @@ async function checkInjection(files, projectRoot) {
       if (shouldSkip(file.filePath) || isTestFile4(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync16(join20(projectRoot, file.filePath), "utf-8");
+        content = readFileSync17(join21(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -12029,8 +12925,8 @@ async function checkInjection(files, projectRoot) {
 }
 
 // src/security/checks/secrets.ts
-import { readFileSync as readFileSync17 } from "fs";
-import { join as join21 } from "path";
+import { readFileSync as readFileSync18 } from "fs";
+import { join as join22 } from "path";
 var SKIP_DIRS2 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 var TEST_PATTERNS2 = ["test", "spec", "fixture", "mock", "__tests__", "__mocks__", ".example", ".sample"];
 var SECRET_PATTERNS = [
@@ -12063,7 +12959,7 @@ async function checkSecrets(files, projectRoot) {
       if (shouldSkip2(file.filePath) || isTestFile5(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync17(join21(projectRoot, file.filePath), "utf-8");
+        content = readFileSync18(join22(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -12096,8 +12992,8 @@ async function checkSecrets(files, projectRoot) {
 }
 
 // src/security/checks/path-traversal.ts
-import { readFileSync as readFileSync18 } from "fs";
-import { join as join22 } from "path";
+import { readFileSync as readFileSync19 } from "fs";
+import { join as join23 } from "path";
 var SKIP_DIRS3 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 var USER_INPUT_VARS = /(?:req\.|params|query|body|input|path|dir|subdirectory|file|userInput|fileName|filePath)/i;
 var PATTERNS2 = [
@@ -12144,7 +13040,7 @@ async function checkPathTraversal(files, projectRoot) {
       if (shouldSkip3(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync18(join22(projectRoot, file.filePath), "utf-8");
+        content = readFileSync19(join23(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -12186,8 +13082,8 @@ async function checkPathTraversal(files, projectRoot) {
 }
 
 // src/security/checks/auth.ts
-import { readFileSync as readFileSync19 } from "fs";
-import { join as join23 } from "path";
+import { readFileSync as readFileSync20 } from "fs";
+import { join as join24 } from "path";
 var SKIP_DIRS4 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 function shouldSkip4(filePath) {
   return SKIP_DIRS4.some((d) => filePath.includes(d));
@@ -12203,7 +13099,7 @@ async function checkAuth(files, projectRoot) {
       if (shouldSkip4(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync19(join23(projectRoot, file.filePath), "utf-8");
+        content = readFileSync20(join24(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -12294,8 +13190,8 @@ async function checkAuth(files, projectRoot) {
 }
 
 // src/security/checks/input-validation.ts
-import { readFileSync as readFileSync20 } from "fs";
-import { join as join24 } from "path";
+import { readFileSync as readFileSync21 } from "fs";
+import { join as join25 } from "path";
 var SKIP_DIRS5 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 function shouldSkip5(filePath) {
   return SKIP_DIRS5.some((d) => filePath.includes(d));
@@ -12307,7 +13203,7 @@ async function checkInputValidation(files, projectRoot) {
       if (shouldSkip5(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync20(join24(projectRoot, file.filePath), "utf-8");
+        content = readFileSync21(join25(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -12384,8 +13280,8 @@ async function checkInputValidation(files, projectRoot) {
 }
 
 // src/security/checks/information-disclosure.ts
-import { readFileSync as readFileSync21 } from "fs";
-import { join as join25 } from "path";
+import { readFileSync as readFileSync22 } from "fs";
+import { join as join26 } from "path";
 var SKIP_DIRS6 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 function shouldSkip6(filePath) {
   return SKIP_DIRS6.some((d) => filePath.includes(d));
@@ -12397,7 +13293,7 @@ async function checkInformationDisclosure(files, projectRoot) {
       if (shouldSkip6(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync21(join25(projectRoot, file.filePath), "utf-8");
+        content = readFileSync22(join26(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -12467,8 +13363,8 @@ async function checkInformationDisclosure(files, projectRoot) {
 }
 
 // src/security/checks/cryptography.ts
-import { readFileSync as readFileSync22 } from "fs";
-import { join as join26 } from "path";
+import { readFileSync as readFileSync23 } from "fs";
+import { join as join27 } from "path";
 var SKIP_DIRS7 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 var USER_INPUT_NAMES2 = /(?:input|user|name|path|query|param|request|body|args|url)/i;
 function shouldSkip7(filePath) {
@@ -12485,7 +13381,7 @@ async function checkCryptography(files, projectRoot) {
       if (shouldSkip7(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync22(join26(projectRoot, file.filePath), "utf-8");
+        content = readFileSync23(join27(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -12613,6 +13509,58 @@ async function checkCryptography(files, projectRoot) {
             suggestedFix: "Load credentials from environment variables or a secure vault at runtime."
           });
         }
+        if (/(?:val|var)\s+(?:password|secret|apiKey|api_key|token)\s*=\s*["']/i.test(line)) {
+          findings.push({
+            id: "",
+            severity: "high",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "Hardcoded credentials in Kotlin source",
+            description: "A password, secret, or API key is hardcoded as a string literal.",
+            attackScenario: "An attacker with access to the binary or source could extract the credential.",
+            suggestedFix: "Load credentials from environment variables or a secure vault at runtime."
+          });
+        }
+        if (/\bRandom\s*\(\s*\)/.test(line) && isCryptoFile) {
+          findings.push({
+            id: "",
+            severity: "medium",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "Insecure random in Kotlin security context",
+            description: "kotlin.random.Random() is not cryptographically secure \u2014 its output can be predicted.",
+            attackScenario: "An attacker could predict random values to forge tokens or bypass security checks.",
+            suggestedFix: "Use java.security.SecureRandom for cryptographic purposes."
+          });
+        }
+        if (/!!\s*\./.test(line) && isCryptoFile) {
+          findings.push({
+            id: "",
+            severity: "medium",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "Not-null assertion (!!) in security-sensitive Kotlin code",
+            description: "The !! operator can throw NullPointerException, potentially bypassing security checks.",
+            attackScenario: "An attacker could trigger a null value to cause an exception that bypasses validation logic.",
+            suggestedFix: "Use safe calls (?.) with proper null handling instead of !! assertions."
+          });
+        }
+        if (/(?:val|var)\s+\w*[Uu]rl\w*\s*=\s*["']http:\/\/(?!(?:localhost|127\.))/.test(line)) {
+          findings.push({
+            id: "",
+            severity: "medium",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "Hardcoded HTTP URL in Kotlin source",
+            description: "An HTTP (not HTTPS) URL is hardcoded \u2014 data is transmitted unencrypted.",
+            attackScenario: "An attacker on the network path could intercept, read, or modify data in transit.",
+            suggestedFix: "Use HTTPS for all external URLs to ensure data confidentiality and integrity."
+          });
+        }
       }
     }
   } catch {
@@ -12621,8 +13569,8 @@ async function checkCryptography(files, projectRoot) {
 }
 
 // src/security/checks/frontend.ts
-import { readFileSync as readFileSync23 } from "fs";
-import { join as join27 } from "path";
+import { readFileSync as readFileSync24 } from "fs";
+import { join as join28 } from "path";
 var SKIP_DIRS8 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 function shouldSkip8(filePath) {
   return SKIP_DIRS8.some((d) => filePath.includes(d));
@@ -12638,7 +13586,7 @@ async function checkFrontend(files, projectRoot) {
       if (!isFrontendFile(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync23(join27(projectRoot, file.filePath), "utf-8");
+        content = readFileSync24(join28(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -13098,13 +14046,13 @@ async function scanSecurity(projectRoot, graph, options = {}) {
   };
 }
 function detectPackageManager(projectRoot) {
-  if (existsSync17(join28(projectRoot, "package.json"))) return "npm";
-  if (existsSync17(join28(projectRoot, "requirements.txt"))) return "pip";
-  if (existsSync17(join28(projectRoot, "pyproject.toml"))) return "pip";
-  if (existsSync17(join28(projectRoot, "Cargo.toml"))) return "cargo";
-  if (existsSync17(join28(projectRoot, "go.mod"))) return "go";
-  if (existsSync17(join28(projectRoot, "pom.xml"))) return "maven";
-  if (existsSync17(join28(projectRoot, "build.gradle")) || existsSync17(join28(projectRoot, "build.gradle.kts"))) return "gradle";
+  if (existsSync18(join29(projectRoot, "package.json"))) return "npm";
+  if (existsSync18(join29(projectRoot, "requirements.txt"))) return "pip";
+  if (existsSync18(join29(projectRoot, "pyproject.toml"))) return "pip";
+  if (existsSync18(join29(projectRoot, "Cargo.toml"))) return "cargo";
+  if (existsSync18(join29(projectRoot, "go.mod"))) return "go";
+  if (existsSync18(join29(projectRoot, "pom.xml"))) return "maven";
+  if (existsSync18(join29(projectRoot, "build.gradle")) || existsSync18(join29(projectRoot, "build.gradle.kts"))) return "gradle";
   return "unknown";
 }