depwire-cli 1.0.5 → 1.0.8

package/dist/{chunk-SPZNB7BS.js → chunk-WLKW7X7G.js}

@@ -35,8 +35,10 @@ function scanDirectory(rootDir, baseDir = rootDir) {
         const isCpp = entry.endsWith(".cpp") || entry.endsWith(".cc") || entry.endsWith(".cxx") || entry.endsWith(".c++") || entry.endsWith(".hpp") || entry.endsWith(".hh") || entry.endsWith(".hxx") || entry.endsWith(".h++") || entry.endsWith(".h") || entry.endsWith(".inl") || entry.endsWith(".ipp");
         const isCSharp = entry.endsWith(".cs") || entry.endsWith(".csx") || entry.endsWith(".csproj");
         const isJava = entry.endsWith(".java") || entry === "pom.xml" || entry === "build.gradle" || entry === "build.gradle.kts";
+        const isKotlin = entry.endsWith(".kt") || entry.endsWith(".kts") || entry === "settings.gradle.kts" || entry === "settings.gradle";
+        const isPhp = entry.endsWith(".php");
         const isCppBuild = entry === "CMakeLists.txt" || entry === "conanfile.txt" || entry === "vcpkg.json";
-        if (isTypeScript || isJavaScript || isPython || isGo || isRust || isC || isCpp || isCSharp || isJava || isCppBuild) {
+        if (isTypeScript || isJavaScript || isPython || isGo || isRust || isC || isCpp || isCSharp || isJava || isKotlin || isPhp || isCppBuild) {
           files.push(relative(rootDir, fullPath));
         }
       }
@@ -78,6 +80,10 @@ function findProjectRoot(startDir = process.cwd()) {
     // Java (Maven)
     "build.gradle",
     // Java (Gradle)
+    "build.gradle.kts",
+    // Kotlin (Gradle KTS)
+    "composer.json",
+    // PHP
     ".git"
     // Any git repo
   ];
@@ -111,11 +117,11 @@ function findProjectRoot(startDir = process.cwd()) {
 }
 
 // src/parser/index.ts
-import { readFileSync as readFileSync8, statSync as statSync5 } from "fs";
-import { join as join11, resolve as resolve5 } from "path";
+import { readFileSync as readFileSync10, statSync as statSync7 } from "fs";
+import { join as join13, resolve as resolve7 } from "path";
 
 // src/parser/detect.ts
-import { extname as extname6, basename as basename4 } from "path";
+import { extname as extname8, basename as basename6 } from "path";
 
 // src/parser/wasm-init.ts
 import { Parser, Language } from "web-tree-sitter";
@@ -145,7 +151,9 @@ async function initParser() {
     "c": "tree-sitter-c.wasm",
     "c_sharp": "tree-sitter-c_sharp.wasm",
     "java": "tree-sitter-java.wasm",
-    "cpp": "tree-sitter-cpp.wasm"
+    "cpp": "tree-sitter-cpp.wasm",
+    "kotlin": "tree-sitter-kotlin.wasm",
+    "php": "tree-sitter-php.wasm"
   };
   for (const [name, file] of Object.entries(grammarFiles)) {
     const wasmPath = path.join(grammarsDir, file);
@@ -4927,6 +4935,1302 @@ var cppParser = {
   parseFile: parseCppFile
 };
 
+// src/parser/kotlin.ts
+import { dirname as dirname10, join as join11, basename as basename4 } from "path";
+import { existsSync as existsSync11, readdirSync as readdirSync8, statSync as statSync5 } from "fs";
+function parseKotlinFile(filePath, sourceCode, projectRoot) {
+  if (filePath.endsWith("build.gradle.kts")) {
+    return parseGradleBuild2(filePath, sourceCode, projectRoot);
+  }
+  if (filePath.endsWith("build.gradle")) {
+    return parseGradleBuild2(filePath, sourceCode, projectRoot);
+  }
+  if (filePath.endsWith("settings.gradle.kts") || filePath.endsWith("settings.gradle")) {
+    return parseSettingsGradle(filePath, sourceCode, projectRoot);
+  }
+  const parser = getParser("kotlin");
+  const tree = parser.parse(sourceCode, null, { bufferSize: 1024 * 1024 });
+  const context = {
+    filePath,
+    projectRoot,
+    sourceCode,
+    symbols: [],
+    edges: [],
+    currentScope: [],
+    currentClass: null,
+    currentPackage: null,
+    imports: /* @__PURE__ */ new Map(),
+    isBuildFile: false,
+    isScriptFile: filePath.endsWith(".kts")
+  };
+  walkNode10(tree.rootNode, context);
+  return {
+    filePath,
+    symbols: context.symbols,
+    edges: context.edges
+  };
+}
+function walkNode10(node, context) {
+  processNode10(node, context);
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (child) {
+      walkNode10(child, context);
+    }
+  }
+}
+function processNode10(node, context) {
+  switch (node.type) {
+    case "package_header":
+      processPackageHeader(node, context);
+      break;
+    case "import_header":
+      processImportHeader(node, context);
+      break;
+    case "class_declaration":
+      processClassDeclaration5(node, context);
+      break;
+    case "object_declaration":
+      processObjectDeclaration(node, context);
+      break;
+    case "companion_object":
+      processCompanionObject(node, context);
+      break;
+    case "function_declaration":
+      processFunctionDeclaration4(node, context);
+      break;
+    case "property_declaration":
+      processPropertyDeclaration2(node, context);
+      break;
+    case "secondary_constructor":
+      processSecondaryConstructor(node, context);
+      break;
+    case "type_alias":
+      processTypeAlias(node, context);
+      break;
+    case "call_expression":
+      processCallExpression10(node, context);
+      break;
+    case "navigation_expression":
+      processNavigationExpression(node, context);
+      break;
+  }
+}
+function processPackageHeader(node, context) {
+  const ident = findDescendantByTypes2(node, ["identifier"]);
+  if (!ident) return;
+  const name = nodeText9(ident, context);
+  const symbolId = `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "module",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: true
+  });
+  context.currentPackage = name;
+}
+function processImportHeader(node, context) {
+  const ident = findDescendantByTypes2(node, ["identifier"]);
+  if (!ident) return;
+  let importPath = nodeText9(ident, context);
+  const text = nodeText9(node, context).trim();
+  const isWildcard = text.endsWith(".*");
+  if (isWildcard && !importPath.endsWith(".*")) {
+    importPath = importPath + ".*";
+  }
+  const aliasMatch = text.match(/\bas\s+(\w+)/);
+  const alias = aliasMatch ? aliasMatch[1] : null;
+  const resolvedPath = resolveKotlinImport(importPath, context.filePath, context.projectRoot);
+  if (resolvedPath) {
+    const sourceId = `${context.filePath}::__file__`;
+    const targetId = `${resolvedPath}::__file__`;
+    context.edges.push({
+      source: sourceId,
+      target: targetId,
+      kind: "imports",
+      filePath: context.filePath,
+      line: node.startPosition.row + 1
+    });
+    const parts = importPath.replace(/\.\*$/, "").split(".");
+    if (!isWildcard) {
+      const simpleName = alias || parts[parts.length - 1];
+      context.imports.set(simpleName, `${resolvedPath}::${parts[parts.length - 1]}`);
+    }
+  }
+  const symbolId = `${context.filePath}::import:${importPath}`;
+  context.symbols.push({
+    id: symbolId,
+    name: importPath,
+    kind: "import",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: false
+  });
+}
+function processClassDeclaration5(node, context) {
+  const nameNode = findChildByType10(node, "type_identifier");
+  if (!nameNode) return;
+  let name = nodeText9(nameNode, context);
+  const angleBracketIdx = name.indexOf("<");
+  if (angleBracketIdx > 0) {
+    name = name.substring(0, angleBracketIdx);
+  }
+  const text = nodeText9(node, context);
+  const modifiers = getModifiers(node, context);
+  let kind = "class";
+  if (text.match(/\binterface\b/) && !text.match(/\bfun\s+interface\b/)) {
+    kind = "interface";
+  } else if (text.match(/\benum\s+class\b/)) {
+    kind = "enum";
+  } else if (text.match(/\bannotation\s+class\b/)) {
+    kind = "interface";
+  }
+  const exported = modifiers.includes("public") || modifiers.includes("internal") || !modifiers.includes("private") && !modifiers.includes("protected");
+  const scope = context.currentClass || void 0;
+  const symbolId = `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind,
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported,
+    scope
+  });
+  const delegationSpecifiers = findChildByType10(node, "delegation_specifiers");
+  if (delegationSpecifiers) {
+    processDelegationSpecifiers(delegationSpecifiers, symbolId, context);
+  }
+  if (kind === "enum") {
+    processEnumEntries(node, name, context);
+  }
+  const oldClass = context.currentClass;
+  context.currentClass = name;
+  context.currentScope.push(name);
+  const body = findChildByType10(node, "class_body") || findChildByType10(node, "enum_class_body");
+  if (body) {
+    walkNode10(body, context);
+  }
+  context.currentScope.pop();
+  context.currentClass = oldClass;
+}
+function processObjectDeclaration(node, context) {
+  const nameNode = findChildByType10(node, "type_identifier");
+  if (!nameNode) return;
+  const name = nodeText9(nameNode, context);
+  const modifiers = getModifiers(node, context);
+  const exported = !modifiers.includes("private");
+  const scope = context.currentClass || void 0;
+  const symbolId = `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "class",
+    // Objects are singletons, map to class
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported,
+    scope
+  });
+  const delegationSpecifiers = findChildByType10(node, "delegation_specifiers");
+  if (delegationSpecifiers) {
+    processDelegationSpecifiers(delegationSpecifiers, symbolId, context);
+  }
+  const oldClass = context.currentClass;
+  context.currentClass = name;
+  context.currentScope.push(name);
+  const body = findChildByType10(node, "class_body");
+  if (body) {
+    walkNode10(body, context);
+  }
+  context.currentScope.pop();
+  context.currentClass = oldClass;
+}
+function processCompanionObject(node, context) {
+  const nameNode = findChildByType10(node, "type_identifier");
+  const name = nameNode ? nodeText9(nameNode, context) : "Companion";
+  const scope = context.currentClass || void 0;
+  const symbolId = scope ? `${context.filePath}::${scope}.${name}` : `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "class",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: true,
+    scope
+  });
+  const oldClass = context.currentClass;
+  context.currentClass = scope ? `${scope}.${name}` : name;
+  context.currentScope.push(context.currentClass);
+  const body = findChildByType10(node, "class_body");
+  if (body) {
+    walkNode10(body, context);
+  }
+  context.currentScope.pop();
+  context.currentClass = oldClass;
+}
+function processDelegationSpecifiers(node, sourceId, context) {
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (!child) continue;
+    const typeName = extractTypeName5(child, context);
+    if (typeName) {
+      const baseId = resolveSymbol9(typeName, context);
+      if (baseId) {
+        const edgeKind = typeName.startsWith("I") && typeName.length > 1 && typeName[1] === typeName[1].toUpperCase() ? "implements" : "inherits";
+        context.edges.push({
+          source: sourceId,
+          target: baseId,
+          kind: edgeKind,
+          filePath: context.filePath,
+          line: child.startPosition.row + 1
+        });
+      }
+    }
+  }
+}
+function processEnumEntries(node, enumName, context) {
+  const body = findChildByType10(node, "enum_class_body");
+  if (!body) return;
+  const entries = findChildrenByType4(body, "enum_entry");
+  for (const entry of entries) {
+    const nameNode = findChildByType10(entry, "simple_identifier");
+    if (!nameNode) continue;
+    const constName = nodeText9(nameNode, context);
+    const constId = `${context.filePath}::${enumName}.${constName}`;
+    context.symbols.push({
+      id: constId,
+      name: constName,
+      kind: "constant",
+      filePath: context.filePath,
+      startLine: entry.startPosition.row + 1,
+      endLine: entry.endPosition.row + 1,
+      exported: true,
+      scope: enumName
+    });
+  }
+}
+function processFunctionDeclaration4(node, context) {
+  const nameNode = findChildByType10(node, "simple_identifier");
+  if (!nameNode) return;
+  const name = nodeText9(nameNode, context);
+  const modifiers = getModifiers(node, context);
+  const exported = !modifiers.includes("private");
+  const scope = context.currentClass || void 0;
+  const text = nodeText9(node, context);
+  const isExtension = text.match(/fun\s+[\w.<>, ]+\./) !== null;
+  const symbolId = scope ? `${context.filePath}::${scope}.${name}` : `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: context.currentClass ? "method" : "function",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported,
+    scope
+  });
+  const scopeName = scope ? `${scope}.${name}` : name;
+  context.currentScope.push(scopeName);
+  const body = findChildByType10(node, "function_body");
+  if (body) {
+    walkNode10(body, context);
+  }
+  context.currentScope.pop();
+}
+function processPropertyDeclaration2(node, context) {
+  const varDecl = findChildByType10(node, "variable_declaration");
+  if (!varDecl) return;
+  const nameNode = findChildByType10(varDecl, "simple_identifier");
+  if (!nameNode) return;
+  const name = nodeText9(nameNode, context);
+  const modifiers = getModifiers(node, context);
+  const exported = !modifiers.includes("private");
+  const scope = context.currentClass || void 0;
+  const text = nodeText9(node, context);
+  const isConst = modifiers.includes("const") || text.match(/\bval\b/) !== null && text.match(/\bconst\b/) !== null;
+  const symbolId = scope ? `${context.filePath}::${scope}.${name}` : `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: isConst ? "constant" : "property",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported,
+    scope
+  });
+}
+function processSecondaryConstructor(node, context) {
+  const scope = context.currentClass || void 0;
+  if (!scope) return;
+  const name = "constructor";
+  const symbolId = `${context.filePath}::${scope}.${name}:${node.startPosition.row + 1}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "method",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: true,
+    scope
+  });
+  const scopeName = `${scope}.${name}`;
+  context.currentScope.push(scopeName);
+  const body = findChildByType10(node, "function_body");
+  if (body) {
+    walkNode10(body, context);
+  }
+  context.currentScope.pop();
+}
+function processTypeAlias(node, context) {
+  const nameNode = findChildByType10(node, "type_identifier");
+  if (!nameNode) return;
+  const name = nodeText9(nameNode, context);
+  const symbolId = `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "type_alias",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: true
+  });
+}
+function processCallExpression10(node, context) {
+  if (context.currentScope.length === 0) return;
+  const firstChild = node.child(0);
+  if (!firstChild) return;
+  let calleeName = null;
+  if (firstChild.type === "simple_identifier") {
+    calleeName = nodeText9(firstChild, context);
+  } else if (firstChild.type === "navigation_expression") {
+    const suffix = findChildByType10(firstChild, "navigation_suffix");
+    if (suffix) {
+      const ident = findChildByType10(suffix, "simple_identifier");
+      if (ident) calleeName = nodeText9(ident, context);
+    }
+    if (!calleeName) {
+      for (let i = firstChild.childCount - 1; i >= 0; i--) {
+        const child = firstChild.child(i);
+        if (child && child.type === "simple_identifier") {
+          calleeName = nodeText9(child, context);
+          break;
+        }
+      }
+    }
+  }
+  if (!calleeName) return;
+  const builtins = /* @__PURE__ */ new Set([
+    "println",
+    "print",
+    "toString",
+    "equals",
+    "hashCode",
+    "let",
+    "apply",
+    "also",
+    "run",
+    "with",
+    "takeIf",
+    "takeUnless",
+    "repeat",
+    "require",
+    "check",
+    "error",
+    "TODO",
+    "listOf",
+    "mapOf",
+    "setOf",
+    "arrayOf",
+    "mutableListOf",
+    "mutableMapOf",
+    "mutableSetOf",
+    "emptyList",
+    "emptyMap",
+    "emptySet",
+    "to",
+    "Pair",
+    "Triple",
+    "lazy",
+    "synchronized",
+    "map",
+    "filter",
+    "forEach",
+    "flatMap",
+    "fold",
+    "reduce",
+    "any",
+    "all",
+    "none",
+    "find",
+    "first",
+    "last",
+    "count",
+    "sum",
+    "average",
+    "sortedBy",
+    "groupBy",
+    "associate",
+    "zip",
+    "joinToString",
+    "getOrDefault",
+    "getOrElse",
+    "getOrPut",
+    "contains",
+    "containsKey",
+    "add",
+    "remove",
+    "clear",
+    "size",
+    "isEmpty",
+    "isNotEmpty"
+  ]);
+  if (builtins.has(calleeName)) return;
+  const callerId = getCurrentSymbolId10(context);
+  if (!callerId) return;
+  const calleeId = resolveSymbol9(calleeName, context);
+  if (calleeId) {
+    context.edges.push({
+      source: callerId,
+      target: calleeId,
+      kind: "calls",
+      filePath: context.filePath,
+      line: node.startPosition.row + 1
+    });
+  }
+}
+function processNavigationExpression(node, context) {
+}
+function parseGradleBuild2(filePath, sourceCode, projectRoot) {
+  const symbols = [];
+  const edges = [];
+  const lines = sourceCode.split("\n");
+  const projectName = basename4(dirname10(join11(projectRoot, filePath)));
+  symbols.push({
+    id: `${filePath}::${projectName}`,
+    name: projectName,
+    kind: "module",
+    filePath,
+    startLine: 1,
+    endLine: lines.length,
+    exported: true
+  });
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i].trim();
+    const lineNum = i + 1;
+    const depMatch = line.match(
+      /(?:implementation|api|compileOnly|runtimeOnly|testImplementation|testRuntimeOnly|kapt|ksp|annotationProcessor)\s*[\(]?\s*['"]([^'"]+)['"]\s*[\)]?/
+    );
+    if (depMatch) {
+      const depCoord = depMatch[1];
+      if (!depCoord.startsWith(":")) {
+        symbols.push({
+          id: `${filePath}::dep:${depCoord}`,
+          name: depCoord,
+          kind: "import",
+          filePath,
+          startLine: lineNum,
+          endLine: lineNum,
+          exported: false
+        });
+      }
+    }
+    const projectMatch = line.match(/project\s*\(\s*['":]+([^'")\s]+)['"]*\s*\)/);
+    if (projectMatch) {
+      const moduleName = projectMatch[1].replace(/^:/, "");
+      const candidates = [
+        join11(moduleName, "build.gradle.kts"),
+        join11(moduleName, "build.gradle")
+      ];
+      for (const candidate of candidates) {
+        if (existsSync11(join11(projectRoot, candidate))) {
+          edges.push({
+            source: `${filePath}::__file__`,
+            target: `${candidate}::__file__`,
+            kind: "imports",
+            filePath,
+            line: lineNum
+          });
+          break;
+        }
+      }
+    }
+  }
+  return { filePath, symbols, edges };
+}
+function parseSettingsGradle(filePath, sourceCode, projectRoot) {
+  const symbols = [];
+  const edges = [];
+  const lines = sourceCode.split("\n");
+  symbols.push({
+    id: `${filePath}::settings`,
+    name: "settings",
+    kind: "module",
+    filePath,
+    startLine: 1,
+    endLine: lines.length,
+    exported: true
+  });
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i].trim();
+    const lineNum = i + 1;
+    const includeMatches = line.matchAll(/['"]:([^'"]+)['"]/g);
+    for (const match of includeMatches) {
+      const moduleName = match[1];
+      const candidates = [
+        join11(moduleName, "build.gradle.kts"),
+        join11(moduleName, "build.gradle")
+      ];
+      for (const candidate of candidates) {
+        if (existsSync11(join11(projectRoot, candidate))) {
+          edges.push({
+            source: `${filePath}::__file__`,
+            target: `${candidate}::__file__`,
+            kind: "imports",
+            filePath,
+            line: lineNum
+          });
+          break;
+        }
+      }
+    }
+  }
+  return { filePath, symbols, edges };
+}
+function resolveKotlinImport(importPath, currentFile, projectRoot) {
+  const cleanPath2 = importPath.replace(/\.\*$/, "");
+  const parts = cleanPath2.split(".");
+  const className = parts[parts.length - 1];
+  const packagePath = parts.slice(0, -1).join("/");
+  const sourceRoots = [
+    "",
+    "src/main/kotlin",
+    "src/main/java",
+    // Kotlin can live in java source dirs
+    "src",
+    "app/src/main/kotlin",
+    "app/src/main/java"
+  ];
+  for (const root of sourceRoots) {
+    for (const ext of [".kt", ".java"]) {
+      const filePath = packagePath ? join11(packagePath, className + ext) : className + ext;
+      const candidate = root ? join11(root, filePath) : filePath;
+      const fullPath = join11(projectRoot, candidate);
+      if (existsSync11(fullPath)) {
+        return candidate;
+      }
+    }
+  }
+  if (importPath.endsWith(".*")) {
+    const dirPath = cleanPath2.replace(/\./g, "/");
+    for (const root of sourceRoots) {
+      const candidate = root ? join11(root, dirPath) : dirPath;
+      const fullPath = join11(projectRoot, candidate);
+      if (existsSync11(fullPath)) {
+        try {
+          const stats = statSync5(fullPath);
+          if (stats.isDirectory()) {
+            const ktFiles = readdirSync8(fullPath).filter((f) => f.endsWith(".kt"));
+            if (ktFiles.length > 0) {
+              return join11(candidate, ktFiles[0]);
+            }
+          }
+        } catch {
+        }
+      }
+    }
+  }
+  return null;
+}
+function resolveSymbol9(name, context) {
+  if (context.imports.has(name)) {
+    return context.imports.get(name) || null;
+  }
+  const currentFileId = `${context.filePath}::${name}`;
+  if (context.symbols.find((s) => s.id === currentFileId)) {
+    return currentFileId;
+  }
+  if (context.currentClass) {
+    const classMethodId = `${context.filePath}::${context.currentClass}.${name}`;
+    if (context.symbols.find((s) => s.id === classMethodId)) {
+      return classMethodId;
+    }
+  }
+  return null;
+}
+function getModifiers(node, context) {
+  const modifiers = [];
+  const modList = findChildByType10(node, "modifiers");
+  if (modList) {
+    for (let i = 0; i < modList.childCount; i++) {
+      const child = modList.child(i);
+      if (child) {
+        const text = nodeText9(child, context).trim();
+        if (text) modifiers.push(text);
+      }
+    }
+  }
+  return modifiers;
+}
+function extractTypeName5(node, context) {
+  const text = nodeText9(node, context).trim();
+  if (!text || text === "," || text === ":") return null;
+  let name = text;
+  const angleBracketIdx = name.indexOf("<");
+  if (angleBracketIdx > 0) name = name.substring(0, angleBracketIdx);
+  const parenIdx = name.indexOf("(");
+  if (parenIdx > 0) name = name.substring(0, parenIdx);
+  const dotIdx = name.lastIndexOf(".");
+  name = dotIdx >= 0 ? name.substring(dotIdx + 1) : name;
+  return name.trim() || null;
+}
+function findChildByType10(node, type) {
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (child && child.type === type) return child;
+  }
+  return null;
+}
+function findChildrenByType4(node, type) {
+  const results = [];
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (child && child.type === type) results.push(child);
+  }
+  return results;
+}
+function findDescendantByTypes2(node, types) {
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (!child) continue;
+    if (types.includes(child.type)) return child;
+    const found = findDescendantByTypes2(child, types);
+    if (found) return found;
+  }
+  return null;
+}
+function nodeText9(node, context) {
+  return context.sourceCode.substring(node.startIndex, node.endIndex);
+}
+function getCurrentSymbolId10(context) {
+  if (context.currentScope.length === 0) return null;
+  return `${context.filePath}::${context.currentScope[context.currentScope.length - 1]}`;
+}
+var kotlinParser = {
+  name: "kotlin",
+  extensions: [".kt", ".kts", "build.gradle.kts", "settings.gradle.kts", "settings.gradle"],
+  parseFile: parseKotlinFile
+};
+
+// src/parser/php.ts
+import { dirname as dirname11, join as join12 } from "path";
+import { existsSync as existsSync12 } from "fs";
+function parsePhpFile(filePath, sourceCode, projectRoot) {
+  const parser = getParser("php");
+  const tree = parser.parse(sourceCode, null, { bufferSize: 1024 * 1024 });
+  const context = {
+    filePath,
+    projectRoot,
+    sourceCode,
+    symbols: [],
+    edges: [],
+    currentScope: [],
+    currentClass: null,
+    currentNamespace: null,
+    imports: /* @__PURE__ */ new Map()
+  };
+  walkNode11(tree.rootNode, context);
+  return {
+    filePath,
+    symbols: context.symbols,
+    edges: context.edges
+  };
+}
+var SCOPE_TYPES = /* @__PURE__ */ new Set([
+  "class_declaration",
+  "interface_declaration",
+  "trait_declaration",
+  "enum_declaration",
+  "function_definition",
+  "method_declaration"
+]);
+function walkNode11(node, context) {
+  processNode11(node, context);
+  if (SCOPE_TYPES.has(node.type)) return;
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (child) {
+      walkNode11(child, context);
+    }
+  }
+}
+function processNode11(node, context) {
+  switch (node.type) {
+    case "namespace_definition":
+      processNamespaceDefinition2(node, context);
+      break;
+    case "namespace_use_declaration":
+      processUseDeclaration2(node, context);
+      break;
+    case "class_declaration":
+      processClassDeclaration6(node, context);
+      break;
+    case "interface_declaration":
+      processInterfaceDeclaration4(node, context);
+      break;
+    case "trait_declaration":
+      processTraitDeclaration(node, context);
+      break;
+    case "enum_declaration":
+      processEnumDeclaration4(node, context);
+      break;
+    case "function_definition":
+      processFunctionDefinition4(node, context);
+      break;
+    case "method_declaration":
+      processMethodDeclaration4(node, context);
+      break;
+    case "property_declaration":
+      processPropertyDeclaration3(node, context);
+      break;
+    case "const_declaration":
+      processConstDeclaration2(node, context);
+      break;
+    case "function_call_expression":
+      processCallExpression11(node, context);
+      break;
+    case "member_call_expression":
+      processMemberCallExpression(node, context);
+      break;
+    case "scoped_call_expression":
+      processScopedCallExpression(node, context);
+      break;
+    case "include_expression":
+    case "include_once_expression":
+    case "require_expression":
+    case "require_once_expression":
+      processIncludeRequire(node, context);
+      break;
+  }
+}
+function processNamespaceDefinition2(node, context) {
+  const nameNode = findChildByType11(node, "namespace_name");
+  if (!nameNode) return;
+  const name = nodeText10(nameNode, context);
+  const symbolId = `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "module",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: true
+  });
+  context.currentNamespace = name;
+}
+function processUseDeclaration2(node, context) {
+  const clauses = findChildrenByType5(node, "namespace_use_clause");
+  for (const clause of clauses) {
+    const nameNode = findChildByType11(clause, "namespace_name") || findChildByType11(clause, "qualified_name");
+    if (!nameNode) continue;
+    const importPath = nodeText10(nameNode, context);
+    const aliasNode = findChildByType11(clause, "namespace_aliasing_clause");
+    const alias = aliasNode ? nodeText10(findChildByType11(aliasNode, "name") || aliasNode, context).trim() : null;
+    const parts = importPath.split("\\");
+    const simpleName = alias || parts[parts.length - 1];
+    const resolvedPath = resolvePhpImport(importPath, context.filePath, context.projectRoot);
+    if (resolvedPath) {
+      const sourceId = `${context.filePath}::__file__`;
+      const targetId = `${resolvedPath}::__file__`;
+      context.edges.push({
+        source: sourceId,
+        target: targetId,
+        kind: "imports",
+        filePath: context.filePath,
+        line: node.startPosition.row + 1
+      });
+      context.imports.set(simpleName, `${resolvedPath}::${parts[parts.length - 1]}`);
+    }
+    const symbolId = `${context.filePath}::import:${importPath}`;
+    context.symbols.push({
+      id: symbolId,
+      name: importPath,
+      kind: "import",
+      filePath: context.filePath,
+      startLine: node.startPosition.row + 1,
+      endLine: node.endPosition.row + 1,
+      exported: false
+    });
+  }
+}
+function processClassDeclaration6(node, context) {
+  const nameNode = findChildByType11(node, "name");
+  if (!nameNode) return;
+  const name = nodeText10(nameNode, context);
+  const symbolId = `${context.filePath}::${name}`;
+  const text = nodeText10(node, context);
+  const isAbstract = text.trimStart().startsWith("abstract");
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "class",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: true,
+    scope: context.currentClass || void 0
+  });
+  const baseClause = findChildByType11(node, "base_clause");
+  if (baseClause) {
+    const baseName = extractQualifiedName(baseClause, context);
+    if (baseName) {
+      const baseId = resolveSymbol10(baseName, context);
+      if (baseId) {
+        context.edges.push({
+          source: symbolId,
+          target: baseId,
+          kind: "inherits",
+          filePath: context.filePath,
+          line: node.startPosition.row + 1
+        });
+      }
+    }
+  }
+  const interfaceClause = findChildByType11(node, "class_interface_clause");
+  if (interfaceClause) {
+    const names = findChildrenByType5(interfaceClause, "name");
+    const qualifiedNames = findChildrenByType5(interfaceClause, "qualified_name");
+    for (const n of [...names, ...qualifiedNames]) {
+      const ifaceName = nodeText10(n, context).trim();
+      if (ifaceName && ifaceName !== ",") {
+        const ifaceId = resolveSymbol10(ifaceName, context);
+        if (ifaceId) {
+          context.edges.push({
+            source: symbolId,
+            target: ifaceId,
+            kind: "implements",
+            filePath: context.filePath,
+            line: node.startPosition.row + 1
+          });
+        }
+      }
+    }
+  }
+  const oldClass = context.currentClass;
+  context.currentClass = name;
+  context.currentScope.push(name);
+  const body = findChildByType11(node, "declaration_list");
+  if (body) {
+    walkNode11(body, context);
+  }
+  context.currentScope.pop();
+  context.currentClass = oldClass;
+}
+function processInterfaceDeclaration4(node, context) {
+  const nameNode = findChildByType11(node, "name");
+  if (!nameNode) return;
+  const name = nodeText10(nameNode, context);
+  const symbolId = `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "interface",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: true,
+    scope: context.currentClass || void 0
+  });
+  const oldClass = context.currentClass;
+  context.currentClass = name;
+  context.currentScope.push(name);
+  const body = findChildByType11(node, "declaration_list");
+  if (body) {
+    walkNode11(body, context);
+  }
+  context.currentScope.pop();
+  context.currentClass = oldClass;
+}
+function processTraitDeclaration(node, context) {
+  const nameNode = findChildByType11(node, "name");
+  if (!nameNode) return;
+  const name = nodeText10(nameNode, context);
+  const symbolId = `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "class",
+    // Traits map to class kind
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: true,
+    scope: context.currentClass || void 0
+  });
+  const oldClass = context.currentClass;
+  context.currentClass = name;
+  context.currentScope.push(name);
+  const body = findChildByType11(node, "declaration_list");
+  if (body) {
+    walkNode11(body, context);
+  }
+  context.currentScope.pop();
+  context.currentClass = oldClass;
+}
+function processEnumDeclaration4(node, context) {
+  const nameNode = findChildByType11(node, "name");
+  if (!nameNode) return;
+  const name = nodeText10(nameNode, context);
+  const symbolId = `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "enum",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: true
+  });
+  const oldClass = context.currentClass;
+  context.currentClass = name;
+  context.currentScope.push(name);
+  const body = findChildByType11(node, "declaration_list");
+  if (body) {
+    walkNode11(body, context);
+  }
+  context.currentScope.pop();
+  context.currentClass = oldClass;
+}
+function processFunctionDefinition4(node, context) {
+  const nameNode = findChildByType11(node, "name");
+  if (!nameNode) return;
+  const name = nodeText10(nameNode, context);
+  const scope = context.currentClass || void 0;
+  const symbolId = scope ? `${context.filePath}::${scope}.${name}` : `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "function",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported: true,
+    scope
+  });
+  const scopeName = scope ? `${scope}.${name}` : name;
+  context.currentScope.push(scopeName);
+  const body = findChildByType11(node, "compound_statement");
+  if (body) {
+    walkNode11(body, context);
+  }
+  context.currentScope.pop();
+}
+function processMethodDeclaration4(node, context) {
+  const nameNode = findChildByType11(node, "name");
+  if (!nameNode) return;
+  const name = nodeText10(nameNode, context);
+  const modifiers = getModifiers2(node, context);
+  const exported = !modifiers.includes("private");
+  const scope = context.currentClass || void 0;
+  const symbolId = scope ? `${context.filePath}::${scope}.${name}` : `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "method",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported,
+    scope
+  });
+  const scopeName = scope ? `${scope}.${name}` : name;
+  context.currentScope.push(scopeName);
+  const body = findChildByType11(node, "compound_statement");
+  if (body) {
+    walkNode11(body, context);
+  }
+  context.currentScope.pop();
+}
+function processPropertyDeclaration3(node, context) {
+  const varNode = findDescendantByTypes3(node, ["variable_name"]);
+  if (!varNode) return;
+  const name = nodeText10(varNode, context).replace(/^\$/, "");
+  const modifiers = getModifiers2(node, context);
+  const exported = !modifiers.includes("private");
+  const scope = context.currentClass || void 0;
+  const symbolId = scope ? `${context.filePath}::${scope}.${name}` : `${context.filePath}::${name}`;
+  context.symbols.push({
+    id: symbolId,
+    name,
+    kind: "property",
+    filePath: context.filePath,
+    startLine: node.startPosition.row + 1,
+    endLine: node.endPosition.row + 1,
+    exported,
+    scope
+  });
+}
+function processConstDeclaration2(node, context) {
+  const elements = findChildrenByType5(node, "const_element");
+  for (const elem of elements) {
+    const nameNode = findChildByType11(elem, "name");
+    if (!nameNode) continue;
+    const name = nodeText10(nameNode, context);
+    const scope = context.currentClass || void 0;
+    const symbolId = scope ? `${context.filePath}::${scope}.${name}` : `${context.filePath}::${name}`;
+    context.symbols.push({
+      id: symbolId,
+      name,
+      kind: "constant",
+      filePath: context.filePath,
+      startLine: elem.startPosition.row + 1,
+      endLine: elem.endPosition.row + 1,
+      exported: true,
+      scope
+    });
+  }
+}
+function processCallExpression11(node, context) {
+  if (context.currentScope.length === 0) return;
+  const firstChild = node.child(0);
+  if (!firstChild) return;
+  let calleeName = null;
+  if (firstChild.type === "name") {
+    calleeName = nodeText10(firstChild, context);
+  } else if (firstChild.type === "qualified_name") {
+    const parts = nodeText10(firstChild, context).split("\\");
+    calleeName = parts[parts.length - 1];
+  }
+  if (!calleeName) return;
+  const builtins = /* @__PURE__ */ new Set([
+    "echo",
+    "print",
+    "var_dump",
+    "print_r",
+    "isset",
+    "unset",
+    "empty",
+    "array",
+    "list",
+    "count",
+    "strlen",
+    "strpos",
+    "substr",
+    "explode",
+    "implode",
+    "array_map",
+    "array_filter",
+    "array_merge",
+    "array_push",
+    "array_pop",
+    "array_shift",
+    "array_unshift",
+    "array_keys",
+    "array_values",
+    "in_array",
+    "json_encode",
+    "json_decode",
+    "sprintf",
+    "printf",
+    "is_array",
+    "is_string",
+    "is_int",
+    "is_null",
+    "is_bool",
+    "intval",
+    "floatval",
+    "strval",
+    "boolval",
+    "trim",
+    "ltrim",
+    "rtrim",
+    "strtolower",
+    "strtoupper",
+    "str_replace",
+    "preg_match",
+    "preg_replace",
+    "file_exists",
+    "is_file",
+    "is_dir",
+    "dirname",
+    "basename",
+    "date",
+    "time",
+    "strtotime",
+    "compact",
+    "extract",
+    "defined",
+    "define",
+    "class_exists",
+    "function_exists",
+    "throw",
+    "die",
+    "exit"
+  ]);
+  if (builtins.has(calleeName)) return;
+  const callerId = getCurrentSymbolId11(context);
+  if (!callerId) return;
+  const calleeId = resolveSymbol10(calleeName, context);
+  if (calleeId) {
+    context.edges.push({
+      source: callerId,
+      target: calleeId,
+      kind: "calls",
+      filePath: context.filePath,
+      line: node.startPosition.row + 1
+    });
+  }
+}
+function processMemberCallExpression(node, context) {
+}
+function processScopedCallExpression(node, context) {
+}
+function processIncludeRequire(node, context) {
+  const text = nodeText10(node, context);
+  const pathMatch = text.match(/['"]([^'"]+)['"]/);
+  if (!pathMatch) return;
+  const includePath = pathMatch[1];
+  const resolvedPath = resolvePhpInclude(includePath, context.filePath, context.projectRoot);
+  if (resolvedPath) {
+    const sourceId = `${context.filePath}::__file__`;
+    const targetId = `${resolvedPath}::__file__`;
+    context.edges.push({
+      source: sourceId,
+      target: targetId,
+      kind: "imports",
+      filePath: context.filePath,
+      line: node.startPosition.row + 1
+    });
+  }
+}
+function resolvePhpImport(importPath, currentFile, projectRoot) {
+  const parts = importPath.split("\\");
+  const filePath = parts.join("/") + ".php";
+  const sourceRoots = [
+    "",
+    "src",
+    "app",
+    "lib",
+    "includes",
+    "wp-content/plugins",
+    "wp-content/themes"
+  ];
+  for (const root of sourceRoots) {
+    const candidate = root ? join12(root, filePath) : filePath;
+    const fullPath = join12(projectRoot, candidate);
+    if (existsSync12(fullPath)) {
+      return candidate;
+    }
+    const loweredParts = [...parts];
+    loweredParts[0] = loweredParts[0].toLowerCase();
+    const loweredFilePath = loweredParts.join("/") + ".php";
+    const loweredCandidate = root ? join12(root, loweredFilePath) : loweredFilePath;
+    const loweredFullPath = join12(projectRoot, loweredCandidate);
+    if (existsSync12(loweredFullPath)) {
+      return loweredCandidate;
+    }
+  }
+  return null;
+}
+function resolvePhpInclude(includePath, currentFile, projectRoot) {
+  const currentDir = dirname11(join12(projectRoot, currentFile));
+  const relativePath = join12(currentDir, includePath);
+  const relativeToRoot = relativePath.replace(projectRoot + "/", "");
+  if (existsSync12(relativePath)) {
+    return relativeToRoot;
+  }
+  const fromRoot = join12(projectRoot, includePath);
+  if (existsSync12(fromRoot)) {
+    return includePath;
+  }
+  return null;
+}
+function resolveSymbol10(name, context) {
+  if (context.imports.has(name)) {
+    return context.imports.get(name) || null;
+  }
+  const currentFileId = `${context.filePath}::${name}`;
+  if (context.symbols.find((s) => s.id === currentFileId)) {
+    return currentFileId;
+  }
+  if (context.currentClass) {
+    const classMethodId = `${context.filePath}::${context.currentClass}.${name}`;
+    if (context.symbols.find((s) => s.id === classMethodId)) {
+      return classMethodId;
+    }
+  }
+  return null;
+}
+function getModifiers2(node, context) {
+  const modifiers = [];
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (!child) continue;
+    const type = child.type;
+    if (type === "visibility_modifier" || type === "static_modifier" || type === "abstract_modifier" || type === "final_modifier" || type === "readonly_modifier") {
+      modifiers.push(nodeText10(child, context).trim());
+    }
+  }
+  return modifiers;
+}
+function extractQualifiedName(node, context) {
+  const nameNode = findDescendantByTypes3(node, ["name", "qualified_name", "namespace_name"]);
+  if (!nameNode) return null;
+  const text = nodeText10(nameNode, context).trim();
+  if (!text) return null;
+  const parts = text.split("\\");
+  return parts[parts.length - 1];
+}
+function findChildByType11(node, type) {
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (child && child.type === type) return child;
+  }
+  return null;
+}
+function findChildrenByType5(node, type) {
+  const results = [];
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (child && child.type === type) results.push(child);
+  }
+  return results;
+}
+function findDescendantByTypes3(node, types) {
+  for (let i = 0; i < node.childCount; i++) {
+    const child = node.child(i);
+    if (!child) continue;
+    if (types.includes(child.type)) return child;
+    const found = findDescendantByTypes3(child, types);
+    if (found) return found;
+  }
+  return null;
+}
+function nodeText10(node, context) {
+  return context.sourceCode.substring(node.startIndex, node.endIndex);
+}
+function getCurrentSymbolId11(context) {
+  if (context.currentScope.length === 0) return null;
+  return `${context.filePath}::${context.currentScope[context.currentScope.length - 1]}`;
+}
+var phpParser = {
+  name: "php",
+  extensions: [".php"],
+  parseFile: parsePhpFile
+};
+
 // src/parser/detect.ts
 var parsers = [
   typescriptParser,
@@ -4937,12 +6241,14 @@ var parsers = [
   cParser,
   csharpParser,
   javaParser,
-  cppParser
+  cppParser,
+  kotlinParser,
+  phpParser
 ];
 var CPP_KEYWORDS = /\b(?:class|namespace|template|public:|private:|protected:|virtual|nullptr|constexpr|auto\s+\w+\s*=|using\s+\w+\s*=|static_cast|dynamic_cast|reinterpret_cast|const_cast|noexcept|override|final|decltype|concept|requires|co_await|co_yield|co_return|std::)\b/;
 function getParserForFile(filePath, content) {
-  const ext = extname6(filePath).toLowerCase();
-  const fileName = basename4(filePath);
+  const ext = extname8(filePath).toLowerCase();
+  const fileName = basename6(filePath);
   if (ext === ".h" && content) {
     if (CPP_KEYWORDS.test(content)) {
       return cppParser;
@@ -4960,7 +6266,7 @@ import { minimatch } from "minimatch";
 var MAX_FILE_SIZE = 1e6;
 function shouldParseFile(fullPath) {
   try {
-    const stats = statSync5(fullPath);
+    const stats = statSync7(fullPath);
     if (stats.size > MAX_FILE_SIZE) {
       console.error(`[Parser] Skipping ${fullPath} \u2014 file too large (${(stats.size / 1024).toFixed(0)}KB)`);
       return false;
@@ -4978,8 +6284,8 @@ async function parseProject(projectRoot, options) {
   let errorFiles = 0;
   for (const file of files) {
     try {
-      const fullPath = join11(projectRoot, file);
-      if (!resolve5(fullPath).startsWith(resolve5(projectRoot))) {
+      const fullPath = join13(projectRoot, file);
+      if (!resolve7(fullPath).startsWith(resolve7(projectRoot))) {
         skippedFiles++;
         continue;
       }
@@ -5002,7 +6308,7 @@ async function parseProject(projectRoot, options) {
       if (options?.verbose) {
         console.error(`[Parser] Parsing: ${file}`);
       }
-      const sourceCode = readFileSync8(fullPath, "utf-8");
+      const sourceCode = readFileSync10(fullPath, "utf-8");
       const parser = getParserForFile(file, sourceCode);
       if (!parser) {
         console.error(`No parser found for file: ${file}`);
@@ -5031,8 +6337,8 @@ async function parseProject(projectRoot, options) {
 }
 
 // src/cross-language/detectors/rest-api.ts
-import { readFileSync as readFileSync9 } from "fs";
-import { join as join12, resolve as resolve6 } from "path";
+import { readFileSync as readFileSync11 } from "fs";
+import { join as join14, resolve as resolve8 } from "path";
 function getLanguage(filePath) {
   if (filePath.endsWith(".ts") || filePath.endsWith(".tsx")) return "typescript";
   if (filePath.endsWith(".js") || filePath.endsWith(".jsx") || filePath.endsWith(".mjs") || filePath.endsWith(".cjs")) return "javascript";
@@ -5040,6 +6346,8 @@ function getLanguage(filePath) {
   if (filePath.endsWith(".go")) return "go";
   if (filePath.endsWith(".cs") || filePath.endsWith(".csx")) return "csharp";
   if (filePath.endsWith(".java")) return "java";
+  if (filePath.endsWith(".kt") || filePath.endsWith(".kts")) return "kotlin";
+  if (filePath.endsWith(".php")) return "php";
   if (filePath.endsWith(".cpp") || filePath.endsWith(".cc") || filePath.endsWith(".cxx") || filePath.endsWith(".c++") || filePath.endsWith(".hpp") || filePath.endsWith(".hh") || filePath.endsWith(".hxx") || filePath.endsWith(".h++") || filePath.endsWith(".h") || filePath.endsWith(".inl") || filePath.endsWith(".ipp")) return "cpp";
   return "unknown";
 }
@@ -5252,43 +6560,208 @@ function extractRouteDefinitions(source, filePath) {
           }
         }
       }
-      const requestMappingMatch = line.match(/@RequestMapping\s*\(\s*(?:value\s*=\s*)?["']([^"']+)["']/);
-      if (requestMappingMatch) {
-        let path6 = requestMappingMatch[1];
+      const requestMappingMatch = line.match(/@RequestMapping\s*\(\s*(?:value\s*=\s*)?["']([^"']+)["']/);
+      if (requestMappingMatch) {
+        let path6 = requestMappingMatch[1];
+        if (!path6.startsWith("/")) path6 = "/" + path6;
+        const methodMatch = line.match(/method\s*=\s*RequestMethod\.(\w+)/);
+        const method = methodMatch ? methodMatch[1].toUpperCase() : "ANY";
+        routes.push({
+          method,
+          path: path6,
+          normalizedPath: normalizePath(path6),
+          file: filePath,
+          line: i + 1
+        });
+      }
+      const jaxPathMatch = line.match(/@Path\s*\(\s*["']([^"']+)["']\s*\)/);
+      if (jaxPathMatch) {
+        let path6 = jaxPathMatch[1];
+        if (!path6.startsWith("/")) path6 = "/" + path6;
+        const nextLine = i + 1 < lines.length ? lines[i + 1] : "";
+        const prevLine = i > 0 ? lines[i - 1] : "";
+        const jaxMethodMatch = (nextLine + prevLine).match(/@(GET|POST|PUT|DELETE|PATCH)/);
+        const method = jaxMethodMatch ? jaxMethodMatch[1] : "ANY";
+        routes.push({
+          method,
+          path: path6,
+          normalizedPath: normalizePath(path6),
+          file: filePath,
+          line: i + 1
+        });
+      }
+      const webFluxMatch = line.match(/(?:route|andRoute)\s*\(\s*(GET|POST|PUT|DELETE|PATCH)\s*\(\s*["']([^"']+)["']\s*\)/);
+      if (webFluxMatch) {
+        const path6 = webFluxMatch[2].startsWith("/") ? webFluxMatch[2] : "/" + webFluxMatch[2];
+        routes.push({
+          method: webFluxMatch[1].toUpperCase(),
+          path: path6,
+          normalizedPath: normalizePath(path6),
+          file: filePath,
+          line: i + 1
+        });
+      }
+    }
+    if (lang === "kotlin") {
+      const springMethodMatch = line.match(/@(Get|Post|Put|Delete|Patch)Mapping\s*\(\s*(?:value\s*=\s*)?["']([^"']+)["']/);
+      if (springMethodMatch) {
+        const method = springMethodMatch[1].toUpperCase();
+        let path6 = springMethodMatch[2];
+        const classPrefix = findClassLevelPrefix(source);
+        if (classPrefix) path6 = classPrefix + path6;
+        if (!path6.startsWith("/")) path6 = "/" + path6;
+        routes.push({
+          method,
+          path: path6,
+          normalizedPath: normalizePath(path6),
+          file: filePath,
+          line: i + 1
+        });
+      }
+      if (!springMethodMatch) {
+        const springNoPathMatch = line.match(/@(Get|Post|Put|Delete|Patch)Mapping\s*$/);
+        if (springNoPathMatch) {
+          const method = springNoPathMatch[1].toUpperCase();
+          const classPrefix = findClassLevelPrefix(source);
+          if (classPrefix) {
+            routes.push({
+              method,
+              path: classPrefix,
+              normalizedPath: normalizePath(classPrefix),
+              file: filePath,
+              line: i + 1
+            });
+          }
+        }
+      }
+      const requestMappingMatch = line.match(/@RequestMapping\s*\(\s*(?:value\s*=\s*(?:\[)?\s*)?["']([^"']+)["']/);
+      if (requestMappingMatch) {
+        let path6 = requestMappingMatch[1];
+        if (!path6.startsWith("/")) path6 = "/" + path6;
+        const methodMatch = line.match(/method\s*=\s*\[?\s*RequestMethod\.(\w+)/);
+        const method = methodMatch ? methodMatch[1].toUpperCase() : "ANY";
+        routes.push({
+          method,
+          path: path6,
+          normalizedPath: normalizePath(path6),
+          file: filePath,
+          line: i + 1
+        });
+      }
+      const ktorMatch = line.match(/\b(get|post|put|delete|patch|head|options)\s*\(\s*["']([^"']+)["']\s*\)/);
+      if (ktorMatch) {
+        const path6 = ktorMatch[2];
+        if (path6.startsWith("/")) {
+          routes.push({
+            method: ktorMatch[1].toUpperCase(),
+            path: path6,
+            normalizedPath: normalizePath(path6),
+            file: filePath,
+            line: i + 1
+          });
+        }
+      }
+      const ktorRouteMatch = line.match(/\broute\s*\(\s*["']([^"']+)["']\s*\)/);
+      if (ktorRouteMatch) {
+        const path6 = ktorRouteMatch[1];
+        if (path6.startsWith("/")) {
+          routes.push({
+            method: "ANY",
+            path: path6,
+            normalizedPath: normalizePath(path6),
+            file: filePath,
+            line: i + 1
+          });
+        }
+      }
+      const resourceMatch = line.match(/@Resource\s*\(\s*["']([^"']+)["']\s*\)/);
+      if (resourceMatch) {
+        const path6 = resourceMatch[1];
+        if (path6.startsWith("/")) {
+          routes.push({
+            method: "ANY",
+            path: path6,
+            normalizedPath: normalizePath(path6),
+            file: filePath,
+            line: i + 1
+          });
+        }
+      }
+      const http4kMatch = line.match(/["']([^"']+)["']\s*bind\s*(GET|POST|PUT|DELETE|PATCH)/);
+      if (http4kMatch) {
+        const path6 = http4kMatch[1];
+        if (path6.startsWith("/")) {
+          routes.push({
+            method: http4kMatch[2].toUpperCase(),
+            path: path6,
+            normalizedPath: normalizePath(path6),
+            file: filePath,
+            line: i + 1
+          });
+        }
+      }
+      const retrofitMatch = line.match(/@(GET|POST|PUT|DELETE|PATCH|HEAD)\s*\(\s*["']([^"']+)["']\s*\)/);
+      if (retrofitMatch) {
+        let path6 = retrofitMatch[2];
+        if (!path6.startsWith("/")) path6 = "/" + path6;
+      }
+    }
+    if (lang === "php") {
+      const laravelRouteMatch = line.match(/Route\s*::\s*(get|post|put|delete|patch)\s*\(\s*['"]([^'"]+)['"]/i);
+      if (laravelRouteMatch) {
+        const path6 = laravelRouteMatch[2];
+        if (path6.startsWith("/")) {
+          routes.push({
+            method: laravelRouteMatch[1].toUpperCase(),
+            path: path6,
+            normalizedPath: normalizePath(path6),
+            file: filePath,
+            line: i + 1
+          });
+        }
+      }
+      const symfonyRouteMatch = line.match(/#\[Route\s*\(\s*['"]([^'"]+)['"]/);
+      if (symfonyRouteMatch) {
+        const path6 = symfonyRouteMatch[1];
+        if (path6.startsWith("/")) {
+          const methodsMatch = line.match(/methods\s*:\s*\[([^\]]+)\]/);
+          const methods = methodsMatch ? methodsMatch[1].match(/['"](\w+)['"]/g)?.map((m) => m.replace(/['"]/g, "").toUpperCase()) || ["ANY"] : ["ANY"];
+          for (const method of methods) {
+            routes.push({
+              method,
+              path: path6,
+              normalizedPath: normalizePath(path6),
+              file: filePath,
+              line: i + 1
+            });
+          }
+        }
+      }
+      const slimMatch = line.match(/\$(?:app|group)\s*->\s*(get|post|put|delete|patch)\s*\(\s*['"]([^'"]+)['"]/i);
+      if (slimMatch) {
+        const path6 = slimMatch[2];
+        if (path6.startsWith("/")) {
+          routes.push({
+            method: slimMatch[1].toUpperCase(),
+            path: path6,
+            normalizedPath: normalizePath(path6),
+            file: filePath,
+            line: i + 1
+          });
+        }
+      }
+      const wpRestMatch = line.match(/register_rest_route\s*\(\s*['"]([^'"]+)['"]\s*,\s*['"]([^'"]+)['"]/);
+      if (wpRestMatch) {
+        const namespace = wpRestMatch[1];
+        let path6 = wpRestMatch[2];
         if (!path6.startsWith("/")) path6 = "/" + path6;
-        const methodMatch = line.match(/method\s*=\s*RequestMethod\.(\w+)/);
+        const fullPath = `/wp-json/${namespace}${path6}`;
+        const methodMatch = line.match(/methods\s*['"=>\s]+['"](\w+)['"]/i);
         const method = methodMatch ? methodMatch[1].toUpperCase() : "ANY";
         routes.push({
           method,
-          path: path6,
-          normalizedPath: normalizePath(path6),
-          file: filePath,
-          line: i + 1
-        });
-      }
-      const jaxPathMatch = line.match(/@Path\s*\(\s*["']([^"']+)["']\s*\)/);
-      if (jaxPathMatch) {
-        let path6 = jaxPathMatch[1];
-        if (!path6.startsWith("/")) path6 = "/" + path6;
-        const nextLine = i + 1 < lines.length ? lines[i + 1] : "";
-        const prevLine = i > 0 ? lines[i - 1] : "";
-        const jaxMethodMatch = (nextLine + prevLine).match(/@(GET|POST|PUT|DELETE|PATCH)/);
-        const method = jaxMethodMatch ? jaxMethodMatch[1] : "ANY";
-        routes.push({
-          method,
-          path: path6,
-          normalizedPath: normalizePath(path6),
-          file: filePath,
-          line: i + 1
-        });
-      }
-      const webFluxMatch = line.match(/(?:route|andRoute)\s*\(\s*(GET|POST|PUT|DELETE|PATCH)\s*\(\s*["']([^"']+)["']\s*\)/);
-      if (webFluxMatch) {
-        const path6 = webFluxMatch[2].startsWith("/") ? webFluxMatch[2] : "/" + webFluxMatch[2];
-        routes.push({
-          method: webFluxMatch[1].toUpperCase(),
-          path: path6,
-          normalizedPath: normalizePath(path6),
+          path: fullPath,
+          normalizedPath: normalizePath(fullPath),
           file: filePath,
           line: i + 1
         });
@@ -5408,11 +6881,11 @@ function detectRestApiEdges(files, projectRoot) {
   const allCalls = [];
   const allRoutes = [];
   for (const file of files) {
-    const fullPath = join12(projectRoot, file.filePath);
-    if (!resolve6(fullPath).startsWith(resolve6(projectRoot))) continue;
+    const fullPath = join14(projectRoot, file.filePath);
+    if (!resolve8(fullPath).startsWith(resolve8(projectRoot))) continue;
     let source;
     try {
-      source = readFileSync9(fullPath, "utf-8");
+      source = readFileSync11(fullPath, "utf-8");
     } catch {
       continue;
     }
@@ -5420,6 +6893,46 @@ function detectRestApiEdges(files, projectRoot) {
     if (lang === "typescript" || lang === "javascript") {
       allCalls.push(...extractHttpCalls(source, file.filePath));
     }
+    if (lang === "kotlin") {
+      const kotlinLines = source.split("\n");
+      for (let i = 0; i < kotlinLines.length; i++) {
+        const line = kotlinLines[i];
+        const retrofitMatch = line.match(/@(GET|POST|PUT|DELETE|PATCH|HEAD)\s*\(\s*["']([^"']+)["']\s*\)/);
+        if (retrofitMatch) {
+          let path6 = retrofitMatch[2];
+          if (!path6.startsWith("/")) path6 = "/" + path6;
+          allCalls.push({ method: retrofitMatch[1].toUpperCase(), path: path6, file: file.filePath, line: i + 1 });
+        }
+      }
+    }
+    if (lang === "php") {
+      const phpLines = source.split("\n");
+      for (let i = 0; i < phpLines.length; i++) {
+        const line = phpLines[i];
+        const guzzleMatch = line.match(/\$\w+\s*->\s*(get|post|put|delete|patch|request)\s*\(\s*['"]([^'"]+)['"]/i);
+        if (guzzleMatch) {
+          let method = guzzleMatch[1].toUpperCase();
+          let path6 = guzzleMatch[2];
+          if (method === "REQUEST") {
+            const reqMethodMatch = line.match(/request\s*\(\s*['"](\w+)['"]\s*,\s*['"]([^'"]+)['"]/i);
+            if (reqMethodMatch) {
+              method = reqMethodMatch[1].toUpperCase();
+              path6 = reqMethodMatch[2];
+            }
+          }
+          if (isLocalApiPath(path6)) {
+            allCalls.push({ method, path: cleanPath(path6), file: file.filePath, line: i + 1 });
+          }
+        }
+        const fgcMatch = line.match(/file_get_contents\s*\(\s*['"]([^'"]+)['"]/);
+        if (fgcMatch) {
+          const path6 = fgcMatch[1];
+          if (isLocalApiPath(path6)) {
+            allCalls.push({ method: "GET", path: cleanPath(path6), file: file.filePath, line: i + 1 });
+          }
+        }
+      }
+    }
     allRoutes.push(...extractRouteDefinitions(source, file.filePath));
   }
   for (const call of allCalls) {
@@ -5448,8 +6961,8 @@ function detectRestApiEdges(files, projectRoot) {
 }
 
 // src/cross-language/detectors/subprocess.ts
-import { readFileSync as readFileSync10 } from "fs";
-import { join as join13, resolve as resolve7, basename as basename5 } from "path";
+import { readFileSync as readFileSync12 } from "fs";
+import { join as join15, resolve as resolve9, basename as basename7 } from "path";
 var SCRIPT_EXTENSIONS = [".py", ".js", ".ts", ".go", ".rs"];
 function getLanguage2(filePath) {
   if (filePath.endsWith(".ts") || filePath.endsWith(".tsx")) return "typescript";
@@ -5548,16 +7061,16 @@ function detectSubprocessEdges(files, projectRoot) {
   const knownFiles = new Set(files.map((f) => f.filePath));
   const basenameMap = /* @__PURE__ */ new Map();
   for (const f of files) {
-    const base = basename5(f.filePath);
+    const base = basename7(f.filePath);
     if (!basenameMap.has(base)) basenameMap.set(base, []);
     basenameMap.get(base).push(f.filePath);
   }
   for (const file of files) {
-    const fullPath = join13(projectRoot, file.filePath);
-    if (!resolve7(fullPath).startsWith(resolve7(projectRoot))) continue;
+    const fullPath = join15(projectRoot, file.filePath);
+    if (!resolve9(fullPath).startsWith(resolve9(projectRoot))) continue;
     let source;
     try {
-      source = readFileSync10(fullPath, "utf-8");
+      source = readFileSync12(fullPath, "utf-8");
     } catch {
       continue;
     }
@@ -5569,7 +7082,7 @@ function detectSubprocessEdges(files, projectRoot) {
         targetFile = call.calledFile;
         confidence = "high";
       } else {
-        const base = basename5(call.calledFile);
+        const base = basename7(call.calledFile);
         const candidates = basenameMap.get(base);
         if (candidates && candidates.length > 0) {
           const exactCandidate = candidates.find((c) => c.endsWith(call.calledFile));
@@ -5948,7 +7461,7 @@ function getArchitectureSummary(graph) {
 }
 
 // src/health/metrics.ts
-import { dirname as dirname10 } from "path";
+import { dirname as dirname12 } from "path";
 function scoreToGrade(score) {
   if (score >= 90) return "A";
   if (score >= 80) return "B";
@@ -5981,8 +7494,8 @@ function calculateCouplingScore(graph) {
       totalEdges++;
       fileConnections.set(sourceAttrs.filePath, (fileConnections.get(sourceAttrs.filePath) || 0) + 1);
       fileConnections.set(targetAttrs.filePath, (fileConnections.get(targetAttrs.filePath) || 0) + 1);
-      const sourceDir = dirname10(sourceAttrs.filePath).split("/")[0];
-      const targetDir = dirname10(targetAttrs.filePath).split("/")[0];
+      const sourceDir = dirname12(sourceAttrs.filePath).split("/")[0];
+      const targetDir = dirname12(targetAttrs.filePath).split("/")[0];
       if (sourceDir !== targetDir) {
         crossDirEdges++;
       }
@@ -6029,8 +7542,8 @@ function calculateCohesionScore(graph) {
     const sourceAttrs = graph.getNodeAttributes(source);
     const targetAttrs = graph.getNodeAttributes(target);
     if (sourceAttrs.filePath !== targetAttrs.filePath) {
-      const sourceDir = dirname10(sourceAttrs.filePath);
-      const targetDir = dirname10(targetAttrs.filePath);
+      const sourceDir = dirname12(sourceAttrs.filePath);
+      const targetDir = dirname12(targetAttrs.filePath);
       if (!dirEdges.has(sourceDir)) {
         dirEdges.set(sourceDir, { internal: 0, total: 0 });
       }
@@ -6312,8 +7825,8 @@ function calculateDepthScore(graph) {
 }
 
 // src/health/index.ts
-import { readFileSync as readFileSync11, writeFileSync, existsSync as existsSync11, mkdirSync } from "fs";
-import { dirname as dirname11, resolve as resolve8 } from "path";
+import { readFileSync as readFileSync13, writeFileSync, existsSync as existsSync13, mkdirSync } from "fs";
+import { dirname as dirname13, resolve as resolve10 } from "path";
 function calculateHealthScore(graph, projectRoot) {
   const coupling = calculateCouplingScore(graph);
   const cohesion = calculateCohesionScore(graph);
@@ -6412,8 +7925,8 @@ function getHealthTrend(projectRoot, currentScore) {
   }
 }
 function saveHealthHistory(projectRoot, report) {
-  const resolvedRoot = resolve8(projectRoot);
-  const historyFile = resolve8(resolvedRoot, ".depwire", "health-history.json");
+  const resolvedRoot = resolve10(projectRoot);
+  const historyFile = resolve10(resolvedRoot, ".depwire", "health-history.json");
   if (!historyFile.startsWith(resolvedRoot)) {
     return;
   }
@@ -6428,10 +7941,10 @@ function saveHealthHistory(projectRoot, report) {
     }))
   };
   let history = [];
-  if (existsSync11(historyFile)) {
+  if (existsSync13(historyFile)) {
     try {
       if (!historyFile.startsWith(resolvedRoot)) return;
-      const content = readFileSync11(historyFile, "utf-8");
+      const content = readFileSync13(historyFile, "utf-8");
       history = JSON.parse(content);
     } catch {
     }
@@ -6440,19 +7953,19 @@ function saveHealthHistory(projectRoot, report) {
   if (history.length > 50) {
     history = history.slice(-50);
   }
-  mkdirSync(dirname11(historyFile), { recursive: true });
+  mkdirSync(dirname13(historyFile), { recursive: true });
   if (!historyFile.startsWith(resolvedRoot)) return;
   writeFileSync(historyFile, JSON.stringify(history, null, 2), "utf-8");
 }
 function loadHealthHistory(projectRoot) {
-  const resolvedRoot = resolve8(projectRoot);
-  const historyFile = resolve8(resolvedRoot, ".depwire", "health-history.json");
-  if (!historyFile.startsWith(resolvedRoot) || !existsSync11(historyFile)) {
+  const resolvedRoot = resolve10(projectRoot);
+  const historyFile = resolve10(resolvedRoot, ".depwire", "health-history.json");
+  if (!historyFile.startsWith(resolvedRoot) || !existsSync13(historyFile)) {
     return [];
   }
   try {
     if (!historyFile.startsWith(resolvedRoot)) return [];
-    const content = readFileSync11(historyFile, "utf-8");
+    const content = readFileSync13(historyFile, "utf-8");
     return JSON.parse(content);
   } catch {
     return [];
@@ -6461,7 +7974,7 @@ function loadHealthHistory(projectRoot) {
 
 // src/dead-code/detector.ts
 import path2 from "path";
-import { readFileSync as readFileSync12, existsSync as existsSync12 } from "fs";
+import { readFileSync as readFileSync14, existsSync as existsSync14 } from "fs";
 function findDeadSymbols(graph, projectRoot, includeTests = false, debug = false) {
   const deadSymbols = [];
   const context = { graph, projectRoot };
@@ -6594,11 +8107,11 @@ function getPackageEntryPoints(projectRoot) {
   const entryPoints = /* @__PURE__ */ new Set();
   const resolvedRoot = path2.resolve(projectRoot);
   const packageJsonPath = path2.resolve(resolvedRoot, "package.json");
-  if (!packageJsonPath.startsWith(resolvedRoot) || !existsSync12(packageJsonPath)) {
+  if (!packageJsonPath.startsWith(resolvedRoot) || !existsSync14(packageJsonPath)) {
     return entryPoints;
   }
   try {
-    const packageJson = JSON.parse(readFileSync12(packageJsonPath, "utf-8"));
+    const packageJson = JSON.parse(readFileSync14(packageJsonPath, "utf-8"));
     if (packageJson.main) {
       entryPoints.add(path2.resolve(projectRoot, packageJson.main));
     }
@@ -6652,6 +8165,12 @@ function shouldExclude(attrs, context, includeTests, packageEntryPoints) {
   if (isCppExcluded(attrs)) {
     return "framework";
   }
+  if (isKotlinExcluded(attrs)) {
+    return "framework";
+  }
+  if (isPhpExcluded(attrs)) {
+    return "framework";
+  }
   return null;
 }
 function isRealPackageEntryPoint(filePath, packageEntryPoints) {
@@ -6690,6 +8209,98 @@ function isCppExcluded(attrs) {
   if (kind === "constant" && /\.(?:h|hpp)$/.test(filePath)) return true;
   return false;
 }
+function isKotlinExcluded(attrs) {
+  const filePath = attrs.file || attrs.filePath || "";
+  const name = attrs.name || "";
+  if (!filePath.endsWith(".kt") && !filePath.endsWith(".kts")) return false;
+  if (name === "main") return true;
+  const androidLifecycle = [
+    "onCreate",
+    "onStart",
+    "onResume",
+    "onPause",
+    "onStop",
+    "onDestroy",
+    "onCreateView",
+    "onViewCreated",
+    "onDestroyView",
+    "onSaveInstanceState",
+    "onRestoreInstanceState",
+    "onActivityResult",
+    "onRequestPermissionsResult",
+    "onConfigurationChanged",
+    "onNewIntent"
+  ];
+  if (androidLifecycle.includes(name)) return true;
+  if (["readObject", "writeObject", "readResolve", "writeReplace"].includes(name)) return true;
+  if (name.startsWith("operator")) return true;
+  return false;
+}
+function isPhpExcluded(attrs) {
+  const filePath = attrs.file || attrs.filePath || "";
+  const name = attrs.name || "";
+  if (!filePath.endsWith(".php")) return false;
+  const magicMethods = [
+    "__construct",
+    "__destruct",
+    "__call",
+    "__callStatic",
+    "__get",
+    "__set",
+    "__isset",
+    "__unset",
+    "__sleep",
+    "__wakeup",
+    "__serialize",
+    "__unserialize",
+    "__toString",
+    "__invoke",
+    "__set_state",
+    "__clone",
+    "__debugInfo"
+  ];
+  if (magicMethods.includes(name)) return true;
+  const wpHooks = [
+    "init",
+    "admin_init",
+    "wp_enqueue_scripts",
+    "admin_enqueue_scripts",
+    "widgets_init",
+    "register_activation_hook",
+    "register_deactivation_hook",
+    "add_action",
+    "add_filter",
+    "activate",
+    "deactivate"
+  ];
+  if (wpHooks.includes(name)) return true;
+  const laravelMethods = [
+    "register",
+    "boot",
+    "handle",
+    "authorize",
+    "rules",
+    "messages",
+    "prepareForValidation",
+    "failed",
+    "broadcastOn",
+    "broadcastAs",
+    "broadcastWith"
+  ];
+  if (laravelMethods.includes(name)) return true;
+  const symfonyMethods = [
+    "__invoke",
+    "getSubscribedEvents",
+    "getSubscribedServices",
+    "configureOptions",
+    "buildForm",
+    "load",
+    "getConfigTreeBuilder"
+  ];
+  if (symfonyMethods.includes(name)) return true;
+  if (name.startsWith("test") || name === "setUp" || name === "tearDown" || name === "setUpBeforeClass" || name === "tearDownAfterClass") return true;
+  return false;
+}
 
 // src/dead-code/classifier.ts
 import path3 from "path";
@@ -6756,8 +8367,8 @@ function generateReason(symbol, confidence) {
   return "Potentially unused";
 }
 function isBarrelFile(filePath) {
-  const basename9 = path3.basename(filePath);
-  return basename9 === "index.ts" || basename9 === "index.js";
+  const basename11 = path3.basename(filePath);
+  return basename11 === "index.ts" || basename11 === "index.js";
 }
 function isTestFile2(filePath) {
   return filePath.includes("__tests__/") || filePath.includes(".test.") || filePath.includes(".spec.") || filePath.includes("/test/") || filePath.includes("/tests/");
@@ -6936,11 +8547,11 @@ function filterByConfidence(symbols, minConfidence) {
 }
 
 // src/docs/generator.ts
-import { writeFileSync as writeFileSync3, mkdirSync as mkdirSync2, existsSync as existsSync15 } from "fs";
-import { join as join17 } from "path";
+import { writeFileSync as writeFileSync3, mkdirSync as mkdirSync2, existsSync as existsSync17 } from "fs";
+import { join as join19 } from "path";
 
 // src/docs/architecture.ts
-import { dirname as dirname12 } from "path";
+import { dirname as dirname14 } from "path";
 
 // src/docs/templates.ts
 function header(text, level = 1) {
@@ -7091,7 +8702,7 @@ function generateModuleStructure(graph) {
 function getDirectoryStats(graph) {
   const dirMap = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname12(attrs.filePath);
+    const dir = dirname14(attrs.filePath);
     if (dir === ".") return;
     if (!dirMap.has(dir)) {
       dirMap.set(dir, {
@@ -7116,7 +8727,7 @@ function getDirectoryStats(graph) {
   });
   const filesPerDir = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname12(attrs.filePath);
+    const dir = dirname14(attrs.filePath);
     if (!filesPerDir.has(dir)) {
       filesPerDir.set(dir, /* @__PURE__ */ new Set());
     }
@@ -7131,8 +8742,8 @@ function getDirectoryStats(graph) {
   graph.forEachEdge((edge, attrs, source, target) => {
     const sourceAttrs = graph.getNodeAttributes(source);
     const targetAttrs = graph.getNodeAttributes(target);
-    const sourceDir = dirname12(sourceAttrs.filePath);
-    const targetDir = dirname12(targetAttrs.filePath);
+    const sourceDir = dirname14(sourceAttrs.filePath);
+    const targetDir = dirname14(targetAttrs.filePath);
     if (sourceDir !== targetDir) {
       if (!dirEdges.has(sourceDir)) {
         dirEdges.set(sourceDir, { in: 0, out: 0 });
@@ -7339,7 +8950,7 @@ function detectCycles(graph) {
 }
 
 // src/docs/conventions.ts
-import { basename as basename6, extname as extname7 } from "path";
+import { basename as basename8, extname as extname9 } from "path";
 function generateConventions(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -7377,7 +8988,7 @@ function generateFileOrganization(graph) {
   graph.forEachNode((node, attrs) => {
     if (!files.has(attrs.filePath)) {
       files.add(attrs.filePath);
-      const fileName = basename6(attrs.filePath);
+      const fileName = basename8(attrs.filePath);
       if (fileName === "index.ts" || fileName === "index.js" || fileName === "index.tsx" || fileName === "index.jsx") {
         barrelFileCount++;
       }
@@ -7436,7 +9047,7 @@ function generateNamingPatterns(graph) {
   graph.forEachNode((node, attrs) => {
     if (!files.has(attrs.filePath)) {
       files.add(attrs.filePath);
-      const fileName = basename6(attrs.filePath, extname7(attrs.filePath));
+      const fileName = basename8(attrs.filePath, extname9(attrs.filePath));
       if (isCamelCase(fileName)) patterns.files.camelCase++;
       else if (isPascalCase(fileName)) patterns.files.PascalCase++;
       else if (isKebabCase(fileName)) patterns.files.kebabCase++;
@@ -8113,7 +9724,7 @@ function detectCyclesDetailed(graph) {
 }
 
 // src/docs/onboarding.ts
-import { dirname as dirname13 } from "path";
+import { dirname as dirname15 } from "path";
 function generateOnboarding(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -8172,7 +9783,7 @@ function generateQuickOrientation(graph) {
   const primaryLang = Object.entries(languages2).sort((a, b) => b[1] - a[1])[0];
   const dirs = /* @__PURE__ */ new Set();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname13(attrs.filePath);
+    const dir = dirname15(attrs.filePath);
     if (dir !== ".") {
       const topLevel = dir.split("/")[0];
       dirs.add(topLevel);
@@ -8276,7 +9887,7 @@ function generateModuleMap(graph) {
 function getDirectoryStats2(graph) {
   const dirMap = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname13(attrs.filePath);
+    const dir = dirname15(attrs.filePath);
     if (dir === ".") return;
     if (!dirMap.has(dir)) {
       dirMap.set(dir, {
@@ -8291,7 +9902,7 @@ function getDirectoryStats2(graph) {
   });
   const filesPerDir = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname13(attrs.filePath);
+    const dir = dirname15(attrs.filePath);
     if (!filesPerDir.has(dir)) {
       filesPerDir.set(dir, /* @__PURE__ */ new Set());
     }
@@ -8306,8 +9917,8 @@ function getDirectoryStats2(graph) {
   graph.forEachEdge((edge, attrs, source, target) => {
     const sourceAttrs = graph.getNodeAttributes(source);
     const targetAttrs = graph.getNodeAttributes(target);
-    const sourceDir = dirname13(sourceAttrs.filePath);
-    const targetDir = dirname13(targetAttrs.filePath);
+    const sourceDir = dirname15(sourceAttrs.filePath);
+    const targetDir = dirname15(targetAttrs.filePath);
     if (sourceDir !== targetDir) {
       if (!dirEdges.has(sourceDir)) {
         dirEdges.set(sourceDir, { in: 0, out: 0 });
@@ -8388,7 +9999,7 @@ function detectClusters(graph) {
   const dirFiles = /* @__PURE__ */ new Map();
   const fileEdges = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname13(attrs.filePath);
+    const dir = dirname15(attrs.filePath);
     if (!dirFiles.has(dir)) {
       dirFiles.set(dir, /* @__PURE__ */ new Set());
     }
@@ -8442,8 +10053,8 @@ function inferClusterName(files) {
   if (sortedWords.length > 0 && sortedWords[0][1] > 1) {
     return capitalizeFirst2(sortedWords[0][0]);
   }
-  const commonDir = dirname13(files[0]);
-  if (files.every((f) => dirname13(f) === commonDir)) {
+  const commonDir = dirname15(files[0]);
+  if (files.every((f) => dirname15(f) === commonDir)) {
     return capitalizeFirst2(commonDir.split("/").pop() || "Core");
   }
   return "Core";
@@ -8501,7 +10112,7 @@ function generateDepwireUsage(projectRoot) {
 }
 
 // src/docs/files.ts
-import { dirname as dirname14, basename as basename7 } from "path";
+import { dirname as dirname16, basename as basename9 } from "path";
 function generateFiles(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -8605,7 +10216,7 @@ function generateDirectoryBreakdown(graph) {
   const fileStats = getFileStats2(graph);
   const dirMap = /* @__PURE__ */ new Map();
   for (const file of fileStats) {
-    const dir = dirname14(file.filePath);
+    const dir = dirname16(file.filePath);
     const topDir = dir === "." ? "." : dir.split("/")[0];
     if (!dirMap.has(topDir)) {
       dirMap.set(topDir, {
@@ -8620,7 +10231,7 @@ function generateDirectoryBreakdown(graph) {
     dirStats.symbolCount += file.symbolCount;
     if (file.totalConnections > dirStats.maxConnections) {
       dirStats.maxConnections = file.totalConnections;
-      dirStats.mostConnectedFile = basename7(file.filePath);
+      dirStats.mostConnectedFile = basename9(file.filePath);
     }
   }
   if (dirMap.size === 0) {
@@ -9248,7 +10859,7 @@ function generateRecommendations(graph) {
 }
 
 // src/docs/tests.ts
-import { basename as basename8, dirname as dirname15 } from "path";
+import { basename as basename10, dirname as dirname17 } from "path";
 function generateTests(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -9276,8 +10887,8 @@ function getFileCount8(graph) {
   return files.size;
 }
 function isTestFile3(filePath) {
-  const fileName = basename8(filePath).toLowerCase();
-  const dirPath = dirname15(filePath).toLowerCase();
+  const fileName = basename10(filePath).toLowerCase();
+  const dirPath = dirname17(filePath).toLowerCase();
   if (dirPath.includes("test") || dirPath.includes("spec") || dirPath.includes("__tests__")) {
     return true;
   }
@@ -9335,13 +10946,13 @@ function generateTestFileInventory(graph) {
   return output;
 }
 function matchTestToSource(testFile) {
-  const testFileName = basename8(testFile);
-  const testDir = dirname15(testFile);
+  const testFileName = basename10(testFile);
+  const testDir = dirname17(testFile);
   let sourceFileName = testFileName.replace(/\.test\./g, ".").replace(/\.spec\./g, ".").replace(/_test\./g, ".").replace(/_spec\./g, ".");
   const possiblePaths = [];
   possiblePaths.push(testDir + "/" + sourceFileName);
   if (testDir.endsWith("/test") || testDir.endsWith("/tests") || testDir.endsWith("/__tests__")) {
-    const parentDir = dirname15(testDir);
+    const parentDir = dirname17(testDir);
     possiblePaths.push(parentDir + "/" + sourceFileName);
   }
   if (testDir.includes("test")) {
@@ -9497,7 +11108,7 @@ function generateTestCoverageMap(graph) {
   const rows = mappings.slice(0, 30).map((m) => [
     `\`${m.sourceFile}\``,
     m.hasTest ? "\u2705" : "\u274C",
-    m.testFile ? `\`${basename8(m.testFile)}\`` : "-",
+    m.testFile ? `\`${basename10(m.testFile)}\`` : "-",
     formatNumber(m.symbolCount)
   ]);
   let output = table(headers, rows);
@@ -9538,7 +11149,7 @@ function generateTestStatistics(graph) {
 `;
   const dirTestCoverage = /* @__PURE__ */ new Map();
   for (const sourceFile of sourceFiles) {
-    const dir = dirname15(sourceFile).split("/")[0];
+    const dir = dirname17(sourceFile).split("/")[0];
     if (!dirTestCoverage.has(dir)) {
       dirTestCoverage.set(dir, { total: 0, tested: 0 });
     }
@@ -9561,7 +11172,7 @@ function generateTestStatistics(graph) {
 }
 
 // src/docs/history.ts
-import { dirname as dirname16 } from "path";
+import { dirname as dirname18 } from "path";
 import { execSync } from "child_process";
 function generateHistory(graph, projectRoot, version) {
   let output = "";
@@ -9842,7 +11453,7 @@ function generateFeatureClusters(graph) {
   const dirFiles = /* @__PURE__ */ new Map();
   const fileEdges = /* @__PURE__ */ new Map();
   graph.forEachNode((node, attrs) => {
-    const dir = dirname16(attrs.filePath);
+    const dir = dirname18(attrs.filePath);
     if (!dirFiles.has(dir)) {
       dirFiles.set(dir, /* @__PURE__ */ new Set());
     }
@@ -9924,7 +11535,7 @@ function capitalizeFirst3(str) {
 }
 
 // src/docs/current.ts
-import { dirname as dirname17 } from "path";
+import { dirname as dirname19 } from "path";
 function generateCurrent(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -10062,7 +11673,7 @@ function generateCompleteFileIndex(graph) {
   fileInfos.sort((a, b) => a.filePath.localeCompare(b.filePath));
   const dirGroups = /* @__PURE__ */ new Map();
   for (const info of fileInfos) {
-    const dir = dirname17(info.filePath);
+    const dir = dirname19(info.filePath);
     const topDir = dir === "." ? "root" : dir.split("/")[0];
     if (!dirGroups.has(topDir)) {
       dirGroups.set(topDir, []);
@@ -10273,8 +11884,8 @@ function getTopLevelDir2(filePath) {
 }
 
 // src/docs/status.ts
-import { readFileSync as readFileSync13, existsSync as existsSync13 } from "fs";
-import { resolve as resolve9 } from "path";
+import { readFileSync as readFileSync15, existsSync as existsSync15 } from "fs";
+import { resolve as resolve11 } from "path";
 function generateStatus(graph, projectRoot, version) {
   let output = "";
   const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
@@ -10307,16 +11918,16 @@ function getFileCount11(graph) {
 }
 function extractComments(projectRoot, filePath) {
   const comments = [];
-  const resolvedRoot = resolve9(projectRoot);
-  const fullPath = resolve9(resolvedRoot, filePath);
+  const resolvedRoot = resolve11(projectRoot);
+  const fullPath = resolve11(resolvedRoot, filePath);
   if (!fullPath.startsWith(resolvedRoot)) {
     return comments;
   }
-  if (!existsSync13(fullPath)) {
+  if (!existsSync15(fullPath)) {
     return comments;
   }
   try {
-    const content = readFileSync13(fullPath, "utf-8");
+    const content = readFileSync15(fullPath, "utf-8");
     const lines = content.split("\n");
     const patterns = [
       { type: "TODO", regex: /(?:\/\/|#|\/\*)\s*TODO:?\s*(.+)/i },
@@ -10895,16 +12506,16 @@ function generateConfidenceSection(title, description, symbols, projectRoot) {
 }
 
 // src/docs/metadata.ts
-import { existsSync as existsSync14, readFileSync as readFileSync14, writeFileSync as writeFileSync2 } from "fs";
-import { resolve as resolve10 } from "path";
+import { existsSync as existsSync16, readFileSync as readFileSync16, writeFileSync as writeFileSync2 } from "fs";
+import { resolve as resolve12 } from "path";
 function loadMetadata(outputDir) {
-  const resolvedDir = resolve10(outputDir);
-  const metadataPath = resolve10(resolvedDir, "metadata.json");
-  if (!metadataPath.startsWith(resolvedDir) || !existsSync14(metadataPath)) {
+  const resolvedDir = resolve12(outputDir);
+  const metadataPath = resolve12(resolvedDir, "metadata.json");
+  if (!metadataPath.startsWith(resolvedDir) || !existsSync16(metadataPath)) {
     return null;
   }
   try {
-    const content = readFileSync14(metadataPath, "utf-8");
+    const content = readFileSync16(metadataPath, "utf-8");
     return JSON.parse(content);
   } catch (err) {
     console.error("Failed to load metadata:", err);
@@ -10912,8 +12523,8 @@ function loadMetadata(outputDir) {
   }
 }
 function saveMetadata(outputDir, metadata) {
-  const resolvedDir = resolve10(outputDir);
-  const metadataPath = resolve10(resolvedDir, "metadata.json");
+  const resolvedDir = resolve12(outputDir);
+  const metadataPath = resolve12(resolvedDir, "metadata.json");
   if (!metadataPath.startsWith(resolvedDir)) {
     throw new Error(`Path traversal attempt blocked: ${metadataPath}`);
   }
@@ -10959,7 +12570,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
   const generated = [];
   const errors = [];
   try {
-    if (!existsSync15(options.outputDir)) {
+    if (!existsSync17(options.outputDir)) {
       mkdirSync2(options.outputDir, { recursive: true });
       if (options.verbose) {
         console.log(`Created output directory: ${options.outputDir}`);
@@ -10998,7 +12609,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating ARCHITECTURE.md...");
           const content = generateArchitecture(graph, projectRoot, version, parseTime);
-          const filePath = join17(options.outputDir, "ARCHITECTURE.md");
+          const filePath = join19(options.outputDir, "ARCHITECTURE.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("ARCHITECTURE.md");
         } catch (err) {
@@ -11009,7 +12620,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating CONVENTIONS.md...");
           const content = generateConventions(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "CONVENTIONS.md");
+          const filePath = join19(options.outputDir, "CONVENTIONS.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("CONVENTIONS.md");
         } catch (err) {
@@ -11020,7 +12631,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating DEPENDENCIES.md...");
           const content = generateDependencies(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "DEPENDENCIES.md");
+          const filePath = join19(options.outputDir, "DEPENDENCIES.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("DEPENDENCIES.md");
         } catch (err) {
@@ -11031,7 +12642,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating ONBOARDING.md...");
           const content = generateOnboarding(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "ONBOARDING.md");
+          const filePath = join19(options.outputDir, "ONBOARDING.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("ONBOARDING.md");
         } catch (err) {
@@ -11042,7 +12653,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating FILES.md...");
           const content = generateFiles(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "FILES.md");
+          const filePath = join19(options.outputDir, "FILES.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("FILES.md");
         } catch (err) {
@@ -11053,7 +12664,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating API_SURFACE.md...");
           const content = generateApiSurface(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "API_SURFACE.md");
+          const filePath = join19(options.outputDir, "API_SURFACE.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("API_SURFACE.md");
         } catch (err) {
@@ -11064,7 +12675,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating ERRORS.md...");
           const content = generateErrors(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "ERRORS.md");
+          const filePath = join19(options.outputDir, "ERRORS.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("ERRORS.md");
         } catch (err) {
@@ -11075,7 +12686,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating TESTS.md...");
           const content = generateTests(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "TESTS.md");
+          const filePath = join19(options.outputDir, "TESTS.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("TESTS.md");
         } catch (err) {
@@ -11086,7 +12697,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating HISTORY.md...");
           const content = generateHistory(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "HISTORY.md");
+          const filePath = join19(options.outputDir, "HISTORY.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("HISTORY.md");
         } catch (err) {
@@ -11097,7 +12708,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating CURRENT.md...");
           const content = generateCurrent(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "CURRENT.md");
+          const filePath = join19(options.outputDir, "CURRENT.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("CURRENT.md");
         } catch (err) {
@@ -11108,7 +12719,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating STATUS.md...");
           const content = generateStatus(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "STATUS.md");
+          const filePath = join19(options.outputDir, "STATUS.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("STATUS.md");
         } catch (err) {
@@ -11119,7 +12730,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating HEALTH.md...");
           const content = generateHealth(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "HEALTH.md");
+          const filePath = join19(options.outputDir, "HEALTH.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("HEALTH.md");
         } catch (err) {
@@ -11130,7 +12741,7 @@ async function generateDocs(graph, projectRoot, version, parseTime, options) {
         try {
           if (options.verbose) console.log("Generating DEAD_CODE.md...");
           const content = generateDeadCode(graph, projectRoot, version);
-          const filePath = join17(options.outputDir, "DEAD_CODE.md");
+          const filePath = join19(options.outputDir, "DEAD_CODE.md");
           writeFileSync3(filePath, content, "utf-8");
           generated.push("DEAD_CODE.md");
         } catch (err) {
@@ -11174,7 +12785,7 @@ function getFileCount13(graph) {
 }
 
 // src/simulation/engine.ts
-import { dirname as dirname18, join as join18 } from "path";
+import { dirname as dirname20, join as join20 } from "path";
 function normalizePath2(p) {
   return p.replace(/^\.\//, "").replace(/\/+$/, "");
 }
@@ -11306,7 +12917,7 @@ var SimulationEngine = class {
     }
   }
   applyRename(clone, target, newName, brokenImports) {
-    const destination = join18(dirname18(target), newName);
+    const destination = join20(dirname20(target), newName);
     this.applyMove(clone, target, destination, brokenImports);
   }
   applySplit(clone, target, newFile, symbols, brokenImports) {
@@ -11506,13 +13117,13 @@ var SimulationEngine = class {
 };
 
 // src/security/scanner.ts
-import { existsSync as existsSync17 } from "fs";
-import { join as join28 } from "path";
+import { existsSync as existsSync19 } from "fs";
+import { join as join30 } from "path";
 
 // src/security/checks/dependencies.ts
 import { execSync as execSync2 } from "child_process";
-import { existsSync as existsSync16, readFileSync as readFileSync15, readdirSync as readdirSync8 } from "fs";
-import { join as join19 } from "path";
+import { existsSync as existsSync18, readFileSync as readFileSync17, readdirSync as readdirSync10 } from "fs";
+import { join as join21 } from "path";
 function cvssToSeverity(score) {
   if (score >= 9) return "critical";
   if (score >= 7) return "high";
@@ -11522,18 +13133,18 @@ function cvssToSeverity(score) {
 async function checkDependencies(_files, projectRoot) {
   const findings = [];
   try {
-    if (existsSync16(join19(projectRoot, "package.json"))) {
+    if (existsSync18(join21(projectRoot, "package.json"))) {
       findings.push(...checkNpmAudit(projectRoot));
       findings.push(...checkPackageJsonPatterns(projectRoot));
       findings.push(...checkPostinstallScripts(projectRoot));
     }
-    if (existsSync16(join19(projectRoot, "requirements.txt")) || existsSync16(join19(projectRoot, "pyproject.toml"))) {
+    if (existsSync18(join21(projectRoot, "requirements.txt")) || existsSync18(join21(projectRoot, "pyproject.toml"))) {
       findings.push(...checkPipAudit(projectRoot));
     }
-    if (existsSync16(join19(projectRoot, "Cargo.toml"))) {
+    if (existsSync18(join21(projectRoot, "Cargo.toml"))) {
       findings.push(...checkCargoAudit(projectRoot));
     }
-    if (existsSync16(join19(projectRoot, "go.mod"))) {
+    if (existsSync18(join21(projectRoot, "go.mod"))) {
       findings.push(...checkGoVerify(projectRoot));
     }
   } catch (err) {
@@ -11622,8 +13233,8 @@ function checkNpmAudit(projectRoot) {
 function checkPackageJsonPatterns(projectRoot) {
   const findings = [];
   try {
-    const pkgPath = join19(projectRoot, "package.json");
-    const pkg = JSON.parse(readFileSync15(pkgPath, "utf-8"));
+    const pkgPath = join21(projectRoot, "package.json");
+    const pkg = JSON.parse(readFileSync17(pkgPath, "utf-8"));
     const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
     for (const [name, version] of Object.entries(allDeps)) {
       if (version.startsWith("^") || version.startsWith("~")) {
@@ -11645,15 +13256,15 @@ function checkPackageJsonPatterns(projectRoot) {
 }
 function checkPostinstallScripts(projectRoot) {
   const findings = [];
-  const nodeModules = join19(projectRoot, "node_modules");
-  if (!existsSync16(nodeModules)) return findings;
+  const nodeModules = join21(projectRoot, "node_modules");
+  if (!existsSync18(nodeModules)) return findings;
   try {
-    const topLevelDeps = readdirSync8(nodeModules).filter((d) => !d.startsWith("."));
+    const topLevelDeps = readdirSync10(nodeModules).filter((d) => !d.startsWith("."));
     for (const dep of topLevelDeps) {
-      const depPkgPath = join19(nodeModules, dep, "package.json");
-      if (!existsSync16(depPkgPath)) continue;
+      const depPkgPath = join21(nodeModules, dep, "package.json");
+      if (!existsSync18(depPkgPath)) continue;
       try {
-        const depPkg = JSON.parse(readFileSync15(depPkgPath, "utf-8"));
+        const depPkg = JSON.parse(readFileSync17(depPkgPath, "utf-8"));
         const scripts = depPkg.scripts || {};
         if (scripts.postinstall || scripts.preinstall || scripts.install) {
           const scriptName = scripts.postinstall ? "postinstall" : scripts.preinstall ? "preinstall" : "install";
@@ -11691,7 +13302,7 @@ function checkPipAudit(projectRoot) {
         id: "",
         severity: cvssToSeverity(vuln.cvss?.score || 5),
         vulnerabilityClass: "dependency-cve",
-        file: existsSync16(join19(projectRoot, "requirements.txt")) ? "requirements.txt" : "pyproject.toml",
+        file: existsSync18(join21(projectRoot, "requirements.txt")) ? "requirements.txt" : "pyproject.toml",
         title: `Vulnerable Python dependency: ${vuln.name}`,
         description: `${vuln.name}@${vuln.version} \u2014 ${vuln.id}: ${vuln.description || "Known vulnerability"}`,
         attackScenario: `An attacker could exploit the vulnerability in ${vuln.name}.`,
@@ -11788,8 +13399,8 @@ function checkGoVerify(projectRoot) {
 }
 
 // src/security/checks/injection.ts
-import { readFileSync as readFileSync16 } from "fs";
-import { join as join20 } from "path";
+import { readFileSync as readFileSync18 } from "fs";
+import { join as join22 } from "path";
 var SKIP_DIRS = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 var TEST_PATTERNS = ["test", "spec", "fixture", "mock", "__tests__", "__mocks__"];
 var USER_INPUT_NAMES = /(?:input|user|name|path|query|branch|hash|cmd|command|req\.|params|body|args|url|dir|file|subdirectory)/i;
@@ -11975,6 +13586,107 @@ var PATTERNS = [
     description: "popen() called with a variable argument \u2014 potential command injection.",
     attackScenario: "An attacker could inject shell metacharacters to execute arbitrary commands.",
     suggestedFix: "Avoid popen(). Use pipe/fork/exec with argument arrays instead."
+  },
+  // Kotlin injection patterns
+  {
+    regex: /["']SELECT\b[^"']*\$(?:\{|\w)/,
+    title: "Kotlin SQL injection via string template",
+    vulnClass: "code-injection",
+    baseSeverity: "high",
+    description: "SQL query built using Kotlin string templates \u2014 vulnerable to SQL injection.",
+    attackScenario: "An attacker could inject SQL through interpolated variables to read, modify, or delete database data.",
+    suggestedFix: "Use parameterized queries with PreparedStatement or your ORM's query builder."
+  },
+  {
+    regex: /["'](?:INSERT|UPDATE|DELETE)\b[^"']*\$(?:\{|\w)/,
+    title: "Kotlin SQL injection via string template",
+    vulnClass: "code-injection",
+    baseSeverity: "high",
+    description: "SQL mutation query built using Kotlin string templates \u2014 vulnerable to SQL injection.",
+    attackScenario: "An attacker could inject SQL through interpolated variables.",
+    suggestedFix: "Use parameterized queries with PreparedStatement or your ORM's query builder."
+  },
+  {
+    regex: /Runtime\.getRuntime\(\)\.exec\s*\(/,
+    title: "Kotlin/Java command injection via Runtime.exec",
+    vulnClass: "shell-injection",
+    baseSeverity: "high",
+    description: "Runtime.exec() executes a system command \u2014 vulnerable if user input reaches the argument.",
+    attackScenario: "An attacker could inject shell metacharacters to execute arbitrary commands on the server.",
+    suggestedFix: "Use ProcessBuilder with an argument array. Validate all input against a strict allowlist."
+  },
+  {
+    regex: /\.csrf\(\)\s*\.?\s*disable\(\)/,
+    title: "Spring Security CSRF protection disabled",
+    vulnClass: "code-injection",
+    baseSeverity: "medium",
+    description: "CSRF protection has been explicitly disabled in Spring Security configuration.",
+    attackScenario: "An attacker could forge cross-site requests to perform actions on behalf of authenticated users.",
+    suggestedFix: "Only disable CSRF for stateless APIs using JWT. Keep CSRF enabled for session-based authentication."
+  },
+  {
+    regex: /\.permitAll\(\).*(?:admin|manage|delete|config|setting)/i,
+    title: "Spring Security permitAll on sensitive path",
+    vulnClass: "code-injection",
+    baseSeverity: "high",
+    description: "permitAll() applied to a path that appears security-sensitive.",
+    attackScenario: "An attacker could access administrative or destructive endpoints without authentication.",
+    suggestedFix: 'Use .hasRole("ADMIN") or .authenticated() for sensitive endpoints.'
+  },
+  // PHP injection patterns
+  {
+    regex: /\$wpdb\s*->\s*query\s*\(\s*["'][^"']*\$|.*\$wpdb\s*->\s*query\s*\(\s*[^"']*\.\s*\$/,
+    title: "PHP SQL injection via $wpdb->query with string concatenation",
+    vulnClass: "code-injection",
+    baseSeverity: "high",
+    description: "WordPress $wpdb->query() called with direct variable interpolation \u2014 vulnerable to SQL injection.",
+    attackScenario: "An attacker could inject SQL through unescaped user input to read, modify, or delete database data.",
+    suggestedFix: 'Use $wpdb->prepare() with placeholders: $wpdb->query($wpdb->prepare("SELECT * FROM table WHERE id = %d", $id))'
+  },
+  {
+    regex: /\beval\s*\(\s*\$/,
+    title: "PHP eval() with variable input",
+    vulnClass: "code-injection",
+    baseSeverity: "high",
+    description: "eval() executes arbitrary PHP code from a variable \u2014 potential RCE.",
+    attackScenario: "An attacker could inject malicious PHP code if user input reaches eval().",
+    suggestedFix: "Remove eval() entirely. Use safe alternatives like json_decode() for data or specific parsers."
+  },
+  {
+    regex: /\b(?:system|exec|shell_exec|passthru)\s*\(\s*\$/,
+    title: "PHP command injection via system/exec/shell_exec/passthru",
+    vulnClass: "shell-injection",
+    baseSeverity: "high",
+    description: "Shell command execution with a variable argument \u2014 potential command injection.",
+    attackScenario: "An attacker could inject shell metacharacters to execute arbitrary commands on the server.",
+    suggestedFix: "Use escapeshellarg() and escapeshellcmd() to sanitize input, or avoid shell commands entirely."
+  },
+  {
+    regex: /preg_replace\s*\(\s*['"]\/[^'"]*\/e['"]/,
+    title: "PHP preg_replace with /e modifier (code execution)",
+    vulnClass: "code-injection",
+    baseSeverity: "high",
+    description: "preg_replace() with the /e modifier evaluates the replacement as PHP code \u2014 deprecated and dangerous.",
+    attackScenario: "An attacker could inject PHP code through the matched string to achieve remote code execution.",
+    suggestedFix: "Use preg_replace_callback() instead of the /e modifier."
+  },
+  {
+    regex: /\bunserialize\s*\(\s*\$(?:_GET|_POST|_REQUEST|_COOKIE)/,
+    title: "PHP insecure deserialization of user input",
+    vulnClass: "code-injection",
+    baseSeverity: "high",
+    description: "unserialize() called on user-controlled superglobal input \u2014 potential RCE via PHP object injection.",
+    attackScenario: "An attacker could craft a malicious serialized PHP object to achieve remote code execution.",
+    suggestedFix: "Use json_decode() instead of unserialize() for user input. If unserialize is necessary, use the allowed_classes option."
+  },
+  {
+    regex: /\bextract\s*\(\s*\$(?:_GET|_POST|_REQUEST)/,
+    title: "PHP extract() on superglobal input",
+    vulnClass: "code-injection",
+    baseSeverity: "high",
+    description: "extract() on $_GET/$_POST/$_REQUEST overwrites local variables \u2014 can bypass security checks.",
+    attackScenario: "An attacker could set arbitrary variables by crafting request parameters, potentially overwriting auth flags or config values.",
+    suggestedFix: "Avoid extract() on user input. Access superglobals directly or use a whitelist of expected keys."
   }
 ];
 function shouldSkip(filePath) {
@@ -11991,7 +13703,7 @@ async function checkInjection(files, projectRoot) {
       if (shouldSkip(file.filePath) || isTestFile4(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync16(join20(projectRoot, file.filePath), "utf-8");
+        content = readFileSync18(join22(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -12029,8 +13741,8 @@ async function checkInjection(files, projectRoot) {
 }
 
 // src/security/checks/secrets.ts
-import { readFileSync as readFileSync17 } from "fs";
-import { join as join21 } from "path";
+import { readFileSync as readFileSync19 } from "fs";
+import { join as join23 } from "path";
 var SKIP_DIRS2 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 var TEST_PATTERNS2 = ["test", "spec", "fixture", "mock", "__tests__", "__mocks__", ".example", ".sample"];
 var SECRET_PATTERNS = [
@@ -12063,7 +13775,7 @@ async function checkSecrets(files, projectRoot) {
       if (shouldSkip2(file.filePath) || isTestFile5(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync17(join21(projectRoot, file.filePath), "utf-8");
+        content = readFileSync19(join23(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -12096,8 +13808,8 @@ async function checkSecrets(files, projectRoot) {
 }
 
 // src/security/checks/path-traversal.ts
-import { readFileSync as readFileSync18 } from "fs";
-import { join as join22 } from "path";
+import { readFileSync as readFileSync20 } from "fs";
+import { join as join24 } from "path";
 var SKIP_DIRS3 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 var USER_INPUT_VARS = /(?:req\.|params|query|body|input|path|dir|subdirectory|file|userInput|fileName|filePath)/i;
 var PATTERNS2 = [
@@ -12144,7 +13856,7 @@ async function checkPathTraversal(files, projectRoot) {
       if (shouldSkip3(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync18(join22(projectRoot, file.filePath), "utf-8");
+        content = readFileSync20(join24(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -12186,8 +13898,8 @@ async function checkPathTraversal(files, projectRoot) {
 }
 
 // src/security/checks/auth.ts
-import { readFileSync as readFileSync19 } from "fs";
-import { join as join23 } from "path";
+import { readFileSync as readFileSync21 } from "fs";
+import { join as join25 } from "path";
 var SKIP_DIRS4 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 function shouldSkip4(filePath) {
   return SKIP_DIRS4.some((d) => filePath.includes(d));
@@ -12203,7 +13915,7 @@ async function checkAuth(files, projectRoot) {
       if (shouldSkip4(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync19(join23(projectRoot, file.filePath), "utf-8");
+        content = readFileSync21(join25(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -12294,8 +14006,8 @@ async function checkAuth(files, projectRoot) {
 }
 
 // src/security/checks/input-validation.ts
-import { readFileSync as readFileSync20 } from "fs";
-import { join as join24 } from "path";
+import { readFileSync as readFileSync22 } from "fs";
+import { join as join26 } from "path";
 var SKIP_DIRS5 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 function shouldSkip5(filePath) {
   return SKIP_DIRS5.some((d) => filePath.includes(d));
@@ -12307,7 +14019,7 @@ async function checkInputValidation(files, projectRoot) {
       if (shouldSkip5(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync20(join24(projectRoot, file.filePath), "utf-8");
+        content = readFileSync22(join26(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -12384,8 +14096,8 @@ async function checkInputValidation(files, projectRoot) {
 }
 
 // src/security/checks/information-disclosure.ts
-import { readFileSync as readFileSync21 } from "fs";
-import { join as join25 } from "path";
+import { readFileSync as readFileSync23 } from "fs";
+import { join as join27 } from "path";
 var SKIP_DIRS6 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 function shouldSkip6(filePath) {
   return SKIP_DIRS6.some((d) => filePath.includes(d));
@@ -12397,7 +14109,7 @@ async function checkInformationDisclosure(files, projectRoot) {
       if (shouldSkip6(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync21(join25(projectRoot, file.filePath), "utf-8");
+        content = readFileSync23(join27(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -12467,8 +14179,8 @@ async function checkInformationDisclosure(files, projectRoot) {
 }
 
 // src/security/checks/cryptography.ts
-import { readFileSync as readFileSync22 } from "fs";
-import { join as join26 } from "path";
+import { readFileSync as readFileSync24 } from "fs";
+import { join as join28 } from "path";
 var SKIP_DIRS7 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 var USER_INPUT_NAMES2 = /(?:input|user|name|path|query|param|request|body|args|url)/i;
 function shouldSkip7(filePath) {
@@ -12485,7 +14197,7 @@ async function checkCryptography(files, projectRoot) {
       if (shouldSkip7(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync22(join26(projectRoot, file.filePath), "utf-8");
+        content = readFileSync24(join28(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -12613,6 +14325,136 @@ async function checkCryptography(files, projectRoot) {
             suggestedFix: "Load credentials from environment variables or a secure vault at runtime."
           });
         }
+        if (/(?:val|var)\s+(?:password|secret|apiKey|api_key|token)\s*=\s*["']/i.test(line)) {
+          findings.push({
+            id: "",
+            severity: "high",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "Hardcoded credentials in Kotlin source",
+            description: "A password, secret, or API key is hardcoded as a string literal.",
+            attackScenario: "An attacker with access to the binary or source could extract the credential.",
+            suggestedFix: "Load credentials from environment variables or a secure vault at runtime."
+          });
+        }
+        if (/\bRandom\s*\(\s*\)/.test(line) && isCryptoFile) {
+          findings.push({
+            id: "",
+            severity: "medium",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "Insecure random in Kotlin security context",
+            description: "kotlin.random.Random() is not cryptographically secure \u2014 its output can be predicted.",
+            attackScenario: "An attacker could predict random values to forge tokens or bypass security checks.",
+            suggestedFix: "Use java.security.SecureRandom for cryptographic purposes."
+          });
+        }
+        if (/!!\s*\./.test(line) && isCryptoFile) {
+          findings.push({
+            id: "",
+            severity: "medium",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "Not-null assertion (!!) in security-sensitive Kotlin code",
+            description: "The !! operator can throw NullPointerException, potentially bypassing security checks.",
+            attackScenario: "An attacker could trigger a null value to cause an exception that bypasses validation logic.",
+            suggestedFix: "Use safe calls (?.) with proper null handling instead of !! assertions."
+          });
+        }
+        if (/(?:val|var)\s+\w*[Uu]rl\w*\s*=\s*["']http:\/\/(?!(?:localhost|127\.))/.test(line)) {
+          findings.push({
+            id: "",
+            severity: "medium",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "Hardcoded HTTP URL in Kotlin source",
+            description: "An HTTP (not HTTPS) URL is hardcoded \u2014 data is transmitted unencrypted.",
+            attackScenario: "An attacker on the network path could intercept, read, or modify data in transit.",
+            suggestedFix: "Use HTTPS for all external URLs to ensure data confidentiality and integrity."
+          });
+        }
+        if (/\bmd5\s*\(/.test(line) && /password|passwd|pass|pwd/i.test(line)) {
+          findings.push({
+            id: "",
+            severity: "high",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "PHP md5() used for password hashing",
+            description: "md5() is cryptographically broken and should never be used for password hashing.",
+            attackScenario: "An attacker could crack MD5 password hashes in seconds using rainbow tables or GPU brute force.",
+            suggestedFix: "Use password_hash() with PASSWORD_BCRYPT or PASSWORD_ARGON2ID."
+          });
+        }
+        if (/\bsha1\s*\(/.test(line) && /password|passwd|pass|pwd/i.test(line)) {
+          findings.push({
+            id: "",
+            severity: "high",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "PHP sha1() used for password hashing",
+            description: "SHA-1 has known collision attacks and should not be used for password hashing.",
+            attackScenario: "An attacker could crack SHA-1 password hashes using precomputed tables.",
+            suggestedFix: "Use password_hash() with PASSWORD_BCRYPT or PASSWORD_ARGON2ID."
+          });
+        }
+        if (/\bcrypt\s*\(\s*[^,]+,\s*['"][\$]?[12a-zA-Z]{0,3}['"]/.test(line)) {
+          findings.push({
+            id: "",
+            severity: "medium",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "PHP crypt() with potentially weak salt",
+            description: "crypt() with a short or weak salt may use DES or MD5 algorithm.",
+            attackScenario: "An attacker could crack weakly-salted crypt() hashes using brute force.",
+            suggestedFix: "Use password_hash() instead of crypt(). It automatically uses a strong algorithm and salt."
+          });
+        }
+        if (/\bmcrypt_/.test(line)) {
+          findings.push({
+            id: "",
+            severity: "high",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "PHP deprecated mcrypt_* function",
+            description: "mcrypt extension was deprecated in PHP 7.1 and removed in PHP 7.2. It has known vulnerabilities.",
+            attackScenario: "An attacker could exploit known weaknesses in mcrypt implementations.",
+            suggestedFix: "Use openssl_encrypt()/openssl_decrypt() or the sodium extension (sodium_crypto_*)."
+          });
+        }
+        if (/\b(?:rand|mt_rand)\s*\(/.test(line) && isCryptoFile) {
+          findings.push({
+            id: "",
+            severity: "medium",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "PHP rand()/mt_rand() in security context",
+            description: "rand() and mt_rand() are not cryptographically secure \u2014 their output can be predicted.",
+            attackScenario: "An attacker could predict random values to forge tokens or bypass security checks.",
+            suggestedFix: "Use random_bytes() or random_int() for cryptographic purposes."
+          });
+        }
+        if (/\$(?:password|secret|api_?key|token)\s*=\s*['"][^'"]{4,}['"]/i.test(line)) {
+          findings.push({
+            id: "",
+            severity: "high",
+            vulnerabilityClass: "cryptography",
+            file: file.filePath,
+            line: i + 1,
+            title: "Hardcoded credentials in PHP source",
+            description: "A password, secret, or API key is hardcoded as a string literal.",
+            attackScenario: "An attacker with access to the source could extract the credential.",
+            suggestedFix: "Load credentials from environment variables using getenv() or $_ENV."
+          });
+        }
       }
     }
   } catch {
@@ -12621,8 +14463,8 @@ async function checkCryptography(files, projectRoot) {
 }
 
 // src/security/checks/frontend.ts
-import { readFileSync as readFileSync23 } from "fs";
-import { join as join27 } from "path";
+import { readFileSync as readFileSync25 } from "fs";
+import { join as join29 } from "path";
 var SKIP_DIRS8 = ["node_modules/", "dist/", ".git/", ".wrangler/", "src/security/checks/"];
 function shouldSkip8(filePath) {
   return SKIP_DIRS8.some((d) => filePath.includes(d));
@@ -12638,7 +14480,7 @@ async function checkFrontend(files, projectRoot) {
       if (!isFrontendFile(file.filePath)) continue;
       let content;
       try {
-        content = readFileSync23(join27(projectRoot, file.filePath), "utf-8");
+        content = readFileSync25(join29(projectRoot, file.filePath), "utf-8");
       } catch {
         continue;
       }
@@ -13098,13 +14940,13 @@ async function scanSecurity(projectRoot, graph, options = {}) {
   };
 }
 function detectPackageManager(projectRoot) {
-  if (existsSync17(join28(projectRoot, "package.json"))) return "npm";
-  if (existsSync17(join28(projectRoot, "requirements.txt"))) return "pip";
-  if (existsSync17(join28(projectRoot, "pyproject.toml"))) return "pip";
-  if (existsSync17(join28(projectRoot, "Cargo.toml"))) return "cargo";
-  if (existsSync17(join28(projectRoot, "go.mod"))) return "go";
-  if (existsSync17(join28(projectRoot, "pom.xml"))) return "maven";
-  if (existsSync17(join28(projectRoot, "build.gradle")) || existsSync17(join28(projectRoot, "build.gradle.kts"))) return "gradle";
+  if (existsSync19(join30(projectRoot, "package.json"))) return "npm";
+  if (existsSync19(join30(projectRoot, "requirements.txt"))) return "pip";
+  if (existsSync19(join30(projectRoot, "pyproject.toml"))) return "pip";
+  if (existsSync19(join30(projectRoot, "Cargo.toml"))) return "cargo";
+  if (existsSync19(join30(projectRoot, "go.mod"))) return "go";
+  if (existsSync19(join30(projectRoot, "pom.xml"))) return "maven";
+  if (existsSync19(join30(projectRoot, "build.gradle")) || existsSync19(join30(projectRoot, "build.gradle.kts"))) return "gradle";
   return "unknown";
 }