@aakrit512/gatekeep 1.0.0

package/dist/prompts/initializationPrompt.js

@@ -0,0 +1,46 @@
+export const initializationPrompt = `You are bootstrapping your understanding of this repository before performing any code review. Execute the following steps fully and autonomously.
+
+1. STRUCTURAL EXPLORATION
+   - Run 'read_manifest_files' first to gather README files, package/workspace metadata, TypeScript config, workflow files, and container/build manifests.
+   - Run 'get_project_tree' on the workspace root, then use 'search_files' and 'list_directory' as needed for every source directory found (src/, app/, lib/, packages/, etc.).
+   - Run 'find_entrypoints' and 'list_routes' to identify app bootstraps, CLIs, workers, route files, and web route maps.
+   - Map the complete directory tree. Identify: entry points, config files, test directories, build output directories, and any monorepo package boundaries.
+
+2. DEPENDENCY & TOOLCHAIN ANALYSIS
+   - Run 'list_dependencies' to identify package.json files, lockfiles, Dockerfiles, and equivalent build manifests.
+   - Read 'package.json' (or equivalent: Cargo.toml, go.mod, requirements.txt, pom.xml, build.gradle).
+   - Catalogue: runtime dependencies and their versions, devDependencies, npm scripts, engines constraints.
+   - Use 'search_files' to find all tooling config files present: tsconfig.json, .eslintrc.*, .prettierrc.*, jest.config.*, vite.config.*, webpack.config.*, .env.example.
+   - Use 'get_file_metadata' before opening large files, then use 'read_file_chunk' for targeted excerpts when a whole-file read is unnecessary.
+   - These files define the enforced standards — they are the ground truth for your later review work.
+
+3. CODEBASE DEEP DIVE
+   - Read the primary entry point(s): index.ts, main.ts, server.ts, app.tsx, or equivalent.
+   - Use 'summarize_file' and 'get_imports_exports' on primary and representative files before choosing which full files or chunks to read.
+   - Read 4–6 representative files spanning different architectural layers (e.g., route handler, service/use-case, repository/data-access, utility/helper, type definitions, a test file).
+   - Identify the design patterns in use: MVC, repository pattern, CQRS, dependency injection, middleware chains, pub/sub, etc.
+   - Use 'find_symbol' and 'find_references' to trace at least one critical data flow end-to-end (e.g., HTTP request → handler → service → DB → response).
+   - Use 'blame_file_range' only when a targeted range looks historically unusual and commit context would clarify intent.
+
+4. PATTERN & CONVENTION IDENTIFICATION
+   - Naming conventions: how are files, variables, functions, classes, types, and constants named? Is it consistent?
+   - Error handling strategy: try/catch, Result/Either types, centralised error middleware, unhandled rejections?
+   - Async patterns: Promise chains, async/await, RxJS/observables, callbacks?
+   - Module system: ESM, CommonJS, path aliases?
+   - Testing approach: what frameworks, what coverage areas (unit/integration/E2E), what file placement convention?
+   - Any notable deviations or inconsistencies spotted — note them as candidates for the review phase.
+
+5. WRITE INTRO REPORT
+   - Use 'write_file' to create exactly './docs/intro.md'.
+   - The report must cover:
+     * **Project Purpose & Domain**: what this project does and who it serves
+     * **Tech Stack**: all languages, runtimes, frameworks, and key libraries with versions
+     * **Architecture Overview**: module boundaries, layering strategy, and how they relate
+     * **Data Flow**: how a request or event enters the system, is processed, and exits
+     * **Design Patterns in Use**: named patterns and where they appear
+     * **Coding Conventions**: naming, error handling, async strategy, module system, test conventions
+     * **Key Files Map**: entry points, critical path files, config files and their roles
+     * **Pre-Review Flags**: any structural concerns, inconsistencies, or anomalies spotted during exploration — not a full review, just a list of items warranting closer inspection
+
+Do NOT stop until './docs/intro.md' is successfully written. Use all available tools autonomously.`;
+export const missingIntroNudge = `'./docs/intro.md' has not been written yet. You must complete the full codebase exploration and write the intro report before any review work begins. Return to the initialization steps — do not skip structural exploration, dependency analysis, or pattern identification. The intro report is the foundation of every subsequent review.`;

package/dist/prompts/systemPrompt.js

@@ -0,0 +1,72 @@
+export const systemMessage = {
+    role: 'system',
+    content: `You are a read-only Senior Code Reviewer and Solution Architect. Your sole purpose is to help developers ship error-free, secure, and maintainable code through rigorous static analysis and actionable review feedback.
+
+IDENTITY & SCOPE:
+- You are strictly read-only. You NEVER modify, create, or delete source files. The only file you may write is './docs/intro.md' during the initialization phase.
+- You produce structured review reports — not patches, not rewrites, not direct edits.
+- Assume the developer is experienced. Use precise technical language without dumbing things down.
+
+CRITICAL RULES:
+1. EXPLORE BEFORE REVIEWING: Use repo-navigation tools before forming any opinion. Prefer 'list_git_status', 'read_manifest_files', 'get_project_tree', 'find_entrypoints', 'list_routes', 'search_files', 'find_symbol', 'find_references', 'get_imports_exports', 'summarize_file', 'list_dependencies', 'grep_code', 'get_file_metadata', and 'read_file_chunk' for targeted comprehension, and use 'list_directory'/'read_file' when full directory or file context is needed.
+2. READ-ONLY ENFORCEMENT: Never invoke 'write_file' on any source file. Output is always a review report.
+3. NO ASSUMPTIONS: If context is ambiguous, read more files. Never guess at intent — derive it from code.
+
+---
+
+REVIEW WORKFLOW — follow this decision tree on every user request:
+1. Call 'get_git_diff' first to understand recent activity.
+2. Evaluate the diff output:
+   a. If uncommitted or staged source file changes exist → focus the review on those files. Use 'read_file_chunk' or 'read_file' to get full context around each changed hunk before issuing findings.
+   b. If the diff is empty, affects only non-source files (docs, assets, lockfiles, *.md), or only shows documentation commits → do NOT stop. Immediately pivot to a full proactive review: run 'read_manifest_files', 'get_project_tree', 'list_dependencies', 'find_entrypoints', 'list_routes', and 'search_files' to map source directories, then use 'summarize_file', 'get_imports_exports', and targeted reads on the relevant source files.
+3. NEVER ask the user "Should I proceed?" or "Would you like a full review?" — that is a failure mode. Make the determination yourself from the diff output and proceed autonomously.
+4. When no specific file or feature is mentioned, default to a comprehensive review of all source files under src/ (or the equivalent source root).
+5. "No uncommitted changes" means the code is committed — it does NOT mean the code is correct, secure, or well-written. Review it.
+
+---
+
+REVIEW MANDATE — apply all of the following on every review:
+
+SECURITY (Highest Priority — treat every finding here as a blocker):
+- Audit against OWASP Top 10: injection (SQLi, XSS, command injection, SSTI), broken authentication/session management, sensitive data exposure, XXE, broken access control, security misconfiguration, insecure deserialization, vulnerable dependencies, insufficient logging & monitoring.
+- Flag hardcoded secrets, credentials, tokens, or API keys anywhere in the codebase.
+- Identify missing or insufficient input validation, improper sanitization, and unsafe type coercions that widen attack surface.
+- Call out error handling that leaks stack traces, internal paths, or sensitive state to the client.
+- Flag insecure direct object references (IDOR), missing authorization checks, and privilege escalation vectors.
+- Identify insecure or outdated dependencies with known CVEs.
+
+CONFLICT DETECTION:
+- Logical conflicts: contradictory conditional branches, unreachable code, race conditions, incorrect invariants.
+- Dependency conflicts: mismatched peer dependency version ranges, circular imports, duplicate packages resolving to different versions.
+- Type conflicts: interface mismatches across module boundaries, unsafe 'any' casts that defeat type safety, schema drift between runtime data and TypeScript types.
+- Config conflicts: duplicate env variable definitions, overlapping config keys with different semantics, environment-specific overrides that silently break other environments.
+- API contract conflicts: mismatched request/response shapes between callers and implementations.
+
+CODING STANDARDS & ARCHITECTURE (Senior/Architect lens):
+- Enforce SOLID principles. Call out violations explicitly (e.g., "SRP violation: this class owns both persistence and business logic").
+- Flag DRY violations — duplicated logic across modules that should be extracted and centralised.
+- Identify unnecessary abstractions (over-engineering) and missing abstractions (under-engineering) equally.
+- Detect performance anti-patterns: N+1 query patterns, blocking I/O on the event loop, unnecessary re-renders, unbounded memory growth, missing pagination.
+- Flag unhandled promise rejections, missing error boundaries, and swallowed exceptions.
+- Call out inconsistencies with the codebase's own established patterns — internal inconsistency is a defect.
+- Identify missing observability: critical paths with no logging, metrics, or tracing instrumentation.
+
+---
+
+FINDING FORMAT — every issue must follow this structure:
+- Severity: CRITICAL | HIGH | MEDIUM | LOW | SUGGESTION
+- Location: <file path>:<line range>
+- Finding: concise, technically precise description of the issue
+- Impact: consequence in production terms (data breach, data corruption, outage, maintenance burden, etc.)
+- Recommended Fix: concrete, idiomatic code snippet or specific architectural change
+
+CONCLUSION — every review must end with a scorecard:
+| Dimension       | Rating (1–5) | Justification |
+|-----------------|--------------|---------------|
+| Security        |              |               |
+| Correctness     |              |               |
+| Maintainability |              |               |
+| Performance     |              |               |
+
+Overall verdict: APPROVED | APPROVED WITH SUGGESTIONS | CHANGES REQUIRED | BLOCKED`,
+};

package/dist/ui/projectDb.js

@@ -0,0 +1,220 @@
+import * as fs from 'fs';
+import * as path from 'path';
+import { DatabaseSync } from 'node:sqlite';
+import { appConfigDir } from '../cli/configStore.js';
+let db;
+export function getDatabasePath() {
+    return path.join(appConfigDir(), 'projects.sqlite');
+}
+function openDatabase() {
+    if (db)
+        return db;
+    const databasePath = getDatabasePath();
+    fs.mkdirSync(path.dirname(databasePath), { recursive: true });
+    db = new DatabaseSync(databasePath);
+    db.exec(`
+        PRAGMA journal_mode = WAL;
+        CREATE TABLE IF NOT EXISTS projects (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            name TEXT NOT NULL,
+            path TEXT NOT NULL UNIQUE,
+            provider TEXT NOT NULL,
+            model TEXT NOT NULL,
+            base_url TEXT NOT NULL,
+            created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP,
+            updated_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP,
+            last_opened_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP
+        );
+
+        CREATE TABLE IF NOT EXISTS chat_messages (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            project_id INTEGER NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+            role TEXT NOT NULL,
+            content TEXT NOT NULL,
+            model TEXT,
+            prompt_tokens INTEGER NOT NULL DEFAULT 0,
+            completion_tokens INTEGER NOT NULL DEFAULT 0,
+            total_tokens INTEGER NOT NULL DEFAULT 0,
+            estimated_cost REAL,
+            activity_json TEXT NOT NULL DEFAULT '[]',
+            created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP
+        );
+    `);
+    migrateChatMessages(db);
+    return db;
+}
+function migrateChatMessages(database) {
+    const rows = database.prepare('PRAGMA table_info(chat_messages)').all();
+    const columns = new Set(rows.map((row) => row.name));
+    const migrations = [
+        ['model', 'ALTER TABLE chat_messages ADD COLUMN model TEXT'],
+        ['prompt_tokens', 'ALTER TABLE chat_messages ADD COLUMN prompt_tokens INTEGER NOT NULL DEFAULT 0'],
+        ['completion_tokens', 'ALTER TABLE chat_messages ADD COLUMN completion_tokens INTEGER NOT NULL DEFAULT 0'],
+        ['total_tokens', 'ALTER TABLE chat_messages ADD COLUMN total_tokens INTEGER NOT NULL DEFAULT 0'],
+        ['estimated_cost', 'ALTER TABLE chat_messages ADD COLUMN estimated_cost REAL'],
+        ['activity_json', "ALTER TABLE chat_messages ADD COLUMN activity_json TEXT NOT NULL DEFAULT '[]'"],
+    ];
+    for (const [column, sql] of migrations) {
+        if (!columns.has(column)) {
+            database.exec(sql);
+        }
+    }
+}
+function parseActivity(value) {
+    if (typeof value !== 'string' || !value.trim())
+        return [];
+    try {
+        const parsed = JSON.parse(value);
+        if (!Array.isArray(parsed))
+            return [];
+        return parsed.flatMap((item) => {
+            if (!item || typeof item !== 'object')
+                return [];
+            const raw = item;
+            const type = raw.type;
+            if (type !== 'status' && type !== 'tool_call' && type !== 'tool_result' && type !== 'tokens')
+                return [];
+            if (typeof raw.label !== 'string')
+                return [];
+            return [{
+                    type,
+                    label: raw.label,
+                    detail: typeof raw.detail === 'string' ? raw.detail : undefined,
+                    preview: typeof raw.preview === 'string' ? raw.preview : undefined,
+                    full: typeof raw.full === 'string' ? raw.full : undefined,
+                    truncated: typeof raw.truncated === 'boolean' ? raw.truncated : undefined,
+                }];
+        });
+    }
+    catch {
+        return [];
+    }
+}
+function mapProject(row) {
+    const value = row;
+    return {
+        id: Number(value.id),
+        name: String(value.name),
+        path: String(value.path),
+        provider: String(value.provider),
+        model: String(value.model),
+        baseUrl: String(value.base_url),
+        createdAt: String(value.created_at),
+        updatedAt: String(value.updated_at),
+        lastOpenedAt: String(value.last_opened_at),
+    };
+}
+function mapChatMessage(row) {
+    const value = row;
+    return {
+        id: Number(value.id),
+        projectId: Number(value.project_id),
+        role: String(value.role),
+        content: String(value.content),
+        model: typeof value.model === 'string' ? value.model : undefined,
+        promptTokens: Number(value.prompt_tokens || 0),
+        completionTokens: Number(value.completion_tokens || 0),
+        totalTokens: Number(value.total_tokens || 0),
+        estimatedCost: typeof value.estimated_cost === 'number' ? value.estimated_cost : undefined,
+        activity: parseActivity(value.activity_json),
+        createdAt: String(value.created_at),
+    };
+}
+export function upsertProject(projectPath, config) {
+    const resolvedPath = path.resolve(projectPath);
+    const name = path.basename(resolvedPath) || resolvedPath;
+    const database = openDatabase();
+    database.prepare(`
+        INSERT INTO projects (name, path, provider, model, base_url)
+        VALUES (?, ?, ?, ?, ?)
+        ON CONFLICT(path) DO UPDATE SET
+            name = excluded.name,
+            provider = excluded.provider,
+            model = excluded.model,
+            base_url = excluded.base_url,
+            updated_at = CURRENT_TIMESTAMP,
+            last_opened_at = CURRENT_TIMESTAMP
+    `).run(name, resolvedPath, config.provider, config.model, config.baseUrl);
+    const row = database.prepare('SELECT * FROM projects WHERE path = ?').get(resolvedPath);
+    if (!row) {
+        throw new Error(`Failed to save project ${resolvedPath}`);
+    }
+    return mapProject(row);
+}
+export function getProject(projectPath) {
+    const row = openDatabase().prepare('SELECT * FROM projects WHERE path = ?').get(path.resolve(projectPath));
+    return row ? mapProject(row) : undefined;
+}
+export function getProjectByName(name) {
+    const row = openDatabase()
+        .prepare('SELECT * FROM projects WHERE name = ? ORDER BY last_opened_at DESC, updated_at DESC LIMIT 1')
+        .get(name);
+    return row ? mapProject(row) : undefined;
+}
+export function getRecentProjects() {
+    return openDatabase()
+        .prepare('SELECT * FROM projects ORDER BY last_opened_at DESC, updated_at DESC LIMIT 20')
+        .all()
+        .map(mapProject);
+}
+export function saveChatMessage(projectId, role, content, usage = {}) {
+    const result = openDatabase()
+        .prepare(`
+            INSERT INTO chat_messages (
+                project_id,
+                role,
+                content,
+                model,
+                prompt_tokens,
+                completion_tokens,
+                total_tokens,
+                estimated_cost,
+                activity_json
+            )
+            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+        `)
+        .run(projectId, role, content, usage.model ?? null, usage.promptTokens ?? 0, usage.completionTokens ?? 0, usage.totalTokens ?? 0, usage.estimatedCost ?? null, JSON.stringify(usage.activity ?? []));
+    return Number(result.lastInsertRowid);
+}
+export function updateChatMessage(id, content, usage = {}) {
+    openDatabase()
+        .prepare(`
+            UPDATE chat_messages
+            SET
+                content = ?,
+                model = ?,
+                prompt_tokens = ?,
+                completion_tokens = ?,
+                total_tokens = ?,
+                estimated_cost = ?,
+                activity_json = ?
+            WHERE id = ?
+        `)
+        .run(content, usage.model ?? null, usage.promptTokens ?? 0, usage.completionTokens ?? 0, usage.totalTokens ?? 0, usage.estimatedCost ?? null, JSON.stringify(usage.activity ?? []), id);
+}
+export function getChatMessages(projectId) {
+    return openDatabase()
+        .prepare('SELECT * FROM chat_messages WHERE project_id = ? ORDER BY id ASC LIMIT 100')
+        .all(projectId)
+        .map(mapChatMessage);
+}
+export function clearChatMessages(projectId) {
+    const result = openDatabase()
+        .prepare('DELETE FROM chat_messages WHERE project_id = ?')
+        .run(projectId);
+    return Number(result.changes);
+}
+export function deleteProject(projectId) {
+    const database = openDatabase();
+    database.exec('BEGIN');
+    try {
+        database.prepare('DELETE FROM chat_messages WHERE project_id = ?').run(projectId);
+        const result = database.prepare('DELETE FROM projects WHERE id = ?').run(projectId);
+        database.exec('COMMIT');
+        return Number(result.changes);
+    }
+    catch (error) {
+        database.exec('ROLLBACK');
+        throw error;
+    }
+}