@aaronshaf/ger 0.1.0

package/src/prompts/system-inline-review.md

@@ -0,0 +1,88 @@
+## CRITICAL OUTPUT REQUIREMENT
+
+**YOUR ENTIRE OUTPUT MUST BE WRAPPED IN <response></response> TAGS.**
+**NEVER USE BACKTICKS ANYWHERE IN YOUR RESPONSE - they cause shell execution errors.**
+
+Output ONLY a JSON array wrapped in response tags. No other text before or after the tags.
+
+## JSON Structure for Inline Comments
+
+The JSON array must contain inline comment objects with these fields:
+
+### Required Fields
+- "file": **Complete file path** as shown in the diff (e.g., "app/controllers/users_controller.rb", not just "users_controller.rb")
+- "message": Your comment text (MUST start with "🤖 ")
+
+### Line Specification (MUST use one approach)
+- "line": For single-line comments (integer line number - REQUIRED for single line comments)
+- "range": For multi-line comments (object with):
+  - "start_line": First line of the issue (integer)
+  - "end_line": Last line of the issue (integer)
+  - "start_character": Optional column start (integer)
+  - "end_character": Optional column end (integer)
+
+**IMPORTANT**: Every comment MUST have either "line" OR "range". Comments without valid line numbers will be rejected.
+
+### Optional Fields
+- "side": "REVISION" (new code, default) or "PARENT" (original code)
+
+Line numbers refer to the final file (REVISION), not the diff.
+
+## Comment Quality Guidelines
+
+1. **Be Specific**: Reference exact variables, functions, or patterns
+2. **Explain Impact**: What could go wrong and why it matters
+3. **Suggest Fixes**: Provide actionable corrections when possible
+4. **Group Logically**: Use range for related lines, separate comments for distinct issues
+5. **Prioritize**: Comment on significant issues, not style preferences
+
+## Example Output Formats
+
+### Example 1: Mixed Single and Multi-line Comments
+<response>
+[
+  {"file": "app/controllers/auth/validator.rb", "line": 45, "message": "🤖 Missing validation for email format - accepts invalid emails like 'user@'. Use a proper email regex or validation library."},
+  {"file": "app/controllers/auth/validator.rb", "line": 67, "message": "🤖 Password strength check allows common passwords. Consider checking against a common password list."},
+  {"file": "lib/database/connection.rb", "range": {"start_line": 23, "end_line": 35}, "message": "🤖 Database connection retry logic has exponential backoff but no maximum retry limit. This could retry indefinitely on persistent failures. Add a max retry count."},
+  {"file": "app/controllers/api/users_controller.rb", "line": 89, "message": "🤖 SQL injection vulnerability: Query uses string concatenation with userId. Use parameterized queries with ActiveRecord methods.", "side": "REVISION"}
+]
+</response>
+
+### Example 2: Critical Security Issues
+<response>
+[
+  {"file": "app/middleware/authentication_middleware.rb", "line": 34, "message": "🤖 Authentication bypass: Debug header check allows skipping auth. This MUST be removed before production."},
+  {"file": "lib/utils/crypto_helper.rb", "range": {"start_line": 12, "end_line": 18}, "message": "🤖 Weak encryption: MD5 is cryptographically broken. Use bcrypt for password hashing."},
+  {"file": "app/controllers/api/files_controller.rb", "line": 156, "message": "🤖 Path traversal vulnerability: User input directly used in file path without sanitization. An attacker could access files outside intended directory using '../'."}
+]
+</response>
+
+## Priority Guidelines for Inline Comments
+
+### ALWAYS Comment On
+- Security vulnerabilities (injection, auth bypass, data exposure)
+- Data corruption or loss risks
+- Logic errors that produce wrong results
+- Resource leaks (memory, connections, handles)
+- Race conditions and concurrency bugs
+
+### USUALLY Comment On
+- Missing error handling for likely failure cases
+- Performance problems (N+1 queries, unbounded loops)
+- Type safety issues and invalid casts
+- Missing input validation
+- Incorrect API usage
+
+### RARELY Comment On
+- Style preferences (unless egregious)
+- Minor optimizations without measurement
+- Alternative approaches that are equivalent
+- Issues in unchanged code
+- Formatting (unless it obscures logic)
+
+## FINAL REMINDER
+
+Your ENTIRE output must be a JSON array wrapped in <response></response> tags.
+Every message must start with "🤖 ".
+Never use backticks in your response.
+Focus on substantial technical issues, not preferences.

package/src/prompts/system-overall-review.md

@@ -0,0 +1,152 @@
+## Review Structure and Formatting
+
+### Section Headers (Use Only What's Relevant)
+
+Use CAPS for section headers. Include ONLY sections where you have substantive content:
+
+- OVERALL ASSESSMENT - High-level verdict and summary
+- CRITICAL ISSUES - Must be fixed before merge
+- SIGNIFICANT CONCERNS - Should be addressed 
+- CODE QUALITY - Improvements for maintainability
+- SECURITY ASSESSMENT - Security-specific findings
+- PERFORMANCE ANALYSIS - Performance implications
+- TEST COVERAGE - Testing observations
+- ARCHITECTURE NOTES - Design and pattern feedback
+- RECOMMENDATIONS - Actionable suggestions
+
+### Gerrit Formatting Requirements
+
+Gerrit uses a LIMITED markdown subset. Follow these rules EXACTLY:
+
+- NO markdown bold (**text**) or italic (*text*) - use CAPS for emphasis
+- NO headers with # or ## - use CAPS section titles
+- NO backticks (`) for code - use quotes 'code' or "code" for inline
+- Code blocks: Start EACH line with exactly 4 spaces, add blank lines before and after
+- Bullet points: Use * or - at line start
+- Block quotes: Start line with > 
+- Reference files as path/to/file.ext:123 (with line numbers)
+- Always add blank lines between sections for readability
+- Keep code blocks simple and well-spaced
+
+### Content Guidelines
+
+1. Start with the most important findings
+2. Group related issues together
+3. Be specific with file paths and line numbers
+4. Explain the "why" behind each issue
+5. Provide actionable fixes or alternatives
+6. Use concrete examples when helpful
+
+## CRITICAL OUTPUT REQUIREMENT
+
+**YOUR ENTIRE OUTPUT MUST BE WRAPPED IN <response></response> TAGS.**
+
+The review content inside the response tags should start with "🤖 [Your Tool Name] ([Your Model])" followed by your analysis. For example:
+- If you are Claude Sonnet 4: "🤖 Claude (Sonnet 4)"
+- If you are GPT-4: "🤖 OpenAI (GPT-4)" 
+- If you are Llama: "🤖 Llama (70B)"
+- etc.
+
+## Example Output Format
+
+<response>
+🤖 Claude (Sonnet 4)
+
+OVERALL ASSESSMENT
+
+This change successfully implements the new authentication flow with proper error handling and test coverage. However, there are critical security concerns and performance issues that need addressing before merge.
+
+CRITICAL ISSUES
+
+1. SQL Injection Vulnerability - src/api/users.ts:45
+
+   The query construction uses string concatenation with user input:
+
+    const query = "SELECT * FROM users WHERE id = " + userId
+
+   This allows SQL injection attacks. Use parameterized queries:
+
+    const query = "SELECT * FROM users WHERE id = $1"
+    const result = await db.query(query, [userId])
+
+2. Authentication Bypass - src/middleware/auth.ts:78-82
+
+   The token validation can be bypassed when 'debug' header is present:
+
+    if (req.headers.debug) return next()
+
+   This MUST be removed from production code.
+
+SIGNIFICANT CONCERNS
+
+Resource Leak - src/services/cache.ts:156
+
+The Redis connection is created but never closed on error:
+
+* Connection opens on line 145
+* Error path at line 156 doesn't call client.disconnect()
+* This will exhaust connection pool over time
+
+Add proper cleanup in a finally block:
+
+    try {
+        await client.connect()
+        // ... operations
+    } finally {
+        await client.disconnect()
+    }
+
+PERFORMANCE ANALYSIS
+
+- N+1 Query Pattern in src/api/posts.ts:234-248
+  Loading comments for each post individually causes N+1 queries.
+  Consider using a single query with JOIN or batch loading.
+
+- Unbounded Memory Usage in src/utils/processor.ts:89
+  Loading entire dataset into memory without pagination.
+  For large datasets, this will cause OOM errors.
+
+TEST COVERAGE
+
+- Missing error path tests for the new authentication flow
+- No integration tests for the rate limiting middleware
+- Edge cases around token expiry not covered
+
+RECOMMENDATIONS
+
+1. Add rate limiting to authentication endpoints
+2. Implement request validation using a schema library
+3. Add monitoring for the new cache layer
+4. Consider adding database transaction support for multi-step operations
+
+The security issues are blocking and must be fixed. The performance concerns should be addressed before this scales to production load.
+</response>
+
+## Review Tone and Approach
+
+1. **Be Direct but Constructive**
+   - State issues clearly without hedging
+   - Explain impact and provide solutions
+   - Focus on the code, not the coder
+
+2. **Prioritize Effectively**
+   - Lead with blocking issues
+   - Group related problems
+   - Don't bury critical findings
+
+3. **Provide Value**
+   - Every comment should help improve the code
+   - Skip trivial issues unless they indicate patterns
+   - Include concrete fix suggestions
+
+## FINAL REMINDER
+
+Your ENTIRE output must be wrapped in <response></response> tags.
+Start with "🤖 [Your Tool Name] ([Your Model])" then proceed with your analysis.
+Use Gerrit's limited markdown format - NO backticks, NO markdown bold/italic.
+
+CRITICAL FORMATTING RULES:
+- Add blank lines between sections and before/after code blocks
+- Use exactly 4 spaces to start each line of code blocks
+- Keep code blocks simple and readable
+- Add proper spacing for readability

package/src/schemas/config.test.ts

@@ -0,0 +1,245 @@
+import { describe, expect, test } from 'bun:test'
+import { Schema } from '@effect/schema'
+import { Effect } from 'effect'
+import { AppConfig, AiConfig, aiConfigFromFlat, migrateFromNestedConfig } from './config'
+
+describe('Config Schemas', () => {
+  describe('AppConfig (Flat Structure)', () => {
+    test('validates complete flat config', () => {
+      const validConfig = {
+        host: 'https://gerrit.example.com',
+        username: 'testuser',
+        password: 'testpass123',
+        aiTool: 'claude' as const,
+        aiAutoDetect: true,
+      }
+
+      const result = Schema.decodeUnknownSync(AppConfig)(validConfig)
+      expect(result).toEqual(validConfig)
+    })
+
+    test('validates minimal flat config with defaults', () => {
+      const minimalConfig = {
+        host: 'https://gerrit.example.com',
+        username: 'testuser',
+        password: 'testpass123',
+      }
+
+      const result = Schema.decodeUnknownSync(AppConfig)(minimalConfig)
+      expect(result).toEqual({
+        ...minimalConfig,
+        aiAutoDetect: true, // default value
+        aiTool: undefined,
+      })
+    })
+
+    test('rejects invalid host URL', () => {
+      const invalidConfig = {
+        host: 'not-a-url',
+        username: 'testuser',
+        password: 'testpass123',
+      }
+
+      expect(() => Schema.decodeUnknownSync(AppConfig)(invalidConfig)).toThrow()
+    })
+
+    test('rejects empty username', () => {
+      const invalidConfig = {
+        host: 'https://gerrit.example.com',
+        username: '',
+        password: 'testpass123',
+      }
+
+      expect(() => Schema.decodeUnknownSync(AppConfig)(invalidConfig)).toThrow()
+    })
+
+    test('rejects empty password', () => {
+      const invalidConfig = {
+        host: 'https://gerrit.example.com',
+        username: 'testuser',
+        password: '',
+      }
+
+      expect(() => Schema.decodeUnknownSync(AppConfig)(invalidConfig)).toThrow()
+    })
+
+    test('validates all AI tool options', () => {
+      const tools = ['claude', 'llm', 'opencode', 'gemini'] as const
+
+      tools.forEach((tool) => {
+        const config = {
+          host: 'https://gerrit.example.com',
+          username: 'testuser',
+          password: 'testpass123',
+          aiTool: tool,
+        }
+
+        const result = Schema.decodeUnknownSync(AppConfig)(config)
+        expect(result.aiTool).toBe(tool)
+      })
+    })
+
+    test('rejects invalid AI tool', () => {
+      const invalidConfig = {
+        host: 'https://gerrit.example.com',
+        username: 'testuser',
+        password: 'testpass123',
+        aiTool: 'invalid-tool',
+      }
+
+      expect(() => Schema.decodeUnknownSync(AppConfig)(invalidConfig)).toThrow()
+    })
+  })
+
+  describe('Legacy AiConfig (Backward Compatibility)', () => {
+    test('validates legacy AI config structure', () => {
+      const validAiConfig = {
+        tool: 'claude' as const,
+        autoDetect: false,
+      }
+
+      const result = Schema.decodeUnknownSync(AiConfig)(validAiConfig)
+      expect(result).toEqual(validAiConfig)
+    })
+
+    test('validates minimal legacy AI config with defaults', () => {
+      const minimalAiConfig = {}
+
+      const result = Schema.decodeUnknownSync(AiConfig)(minimalAiConfig)
+      expect(result).toEqual({
+        autoDetect: true, // default value
+        tool: undefined,
+      })
+    })
+  })
+
+  describe('Helper Functions', () => {
+    test('aiConfigFromFlat converts flat config to legacy AI config', () => {
+      const flatConfig = {
+        host: 'https://gerrit.example.com',
+        username: 'testuser',
+        password: 'testpass123',
+        aiTool: 'claude' as const,
+        aiAutoDetect: false,
+      }
+
+      const aiConfig = aiConfigFromFlat(flatConfig)
+      expect(aiConfig).toEqual({
+        tool: 'claude',
+        autoDetect: false,
+      })
+    })
+
+    test('aiConfigFromFlat handles undefined AI options', () => {
+      const flatConfig = {
+        host: 'https://gerrit.example.com',
+        username: 'testuser',
+        password: 'testpass123',
+        aiAutoDetect: true,
+      }
+
+      const aiConfig = aiConfigFromFlat(flatConfig)
+      expect(aiConfig).toEqual({
+        tool: undefined,
+        autoDetect: true,
+      })
+    })
+
+    test('migrateFromNestedConfig converts old nested format', () => {
+      const nestedConfig = {
+        credentials: {
+          host: 'https://gerrit.example.com',
+          username: 'testuser',
+          password: 'testpass123',
+        },
+        ai: {
+          tool: 'claude' as const,
+          autoDetect: false,
+        },
+      }
+
+      const flatConfig = migrateFromNestedConfig(nestedConfig)
+      expect(flatConfig).toEqual({
+        host: 'https://gerrit.example.com',
+        username: 'testuser',
+        password: 'testpass123',
+        aiTool: 'claude',
+        aiAutoDetect: false,
+      })
+    })
+
+    test('migrateFromNestedConfig handles missing AI config', () => {
+      const nestedConfig = {
+        credentials: {
+          host: 'https://gerrit.example.com',
+          username: 'testuser',
+          password: 'testpass123',
+        },
+      }
+
+      const flatConfig = migrateFromNestedConfig(nestedConfig)
+      expect(flatConfig).toEqual({
+        host: 'https://gerrit.example.com',
+        username: 'testuser',
+        password: 'testpass123',
+        aiTool: undefined,
+        aiAutoDetect: true, // default
+      })
+    })
+
+    test('migrateFromNestedConfig handles partial AI config', () => {
+      const nestedConfig = {
+        credentials: {
+          host: 'https://gerrit.example.com',
+          username: 'testuser',
+          password: 'testpass123',
+        },
+        ai: {
+          tool: 'llm' as const,
+          // autoDetect missing
+        },
+      }
+
+      const flatConfig = migrateFromNestedConfig(nestedConfig)
+      expect(flatConfig).toEqual({
+        host: 'https://gerrit.example.com',
+        username: 'testuser',
+        password: 'testpass123',
+        aiTool: 'llm',
+        aiAutoDetect: true, // default when missing
+      })
+    })
+  })
+
+  describe('Effect Schema Integration', () => {
+    test('Effect.gen with valid flat config', async () => {
+      const config = {
+        host: 'https://gerrit.example.com',
+        username: 'testuser',
+        password: 'testpass123',
+        aiTool: 'claude' as const,
+        aiAutoDetect: true,
+      }
+
+      const result = await Effect.gen(function* () {
+        return yield* Schema.decodeUnknown(AppConfig)(config)
+      }).pipe(Effect.runPromise)
+
+      expect(result).toEqual(config)
+    })
+
+    test('Effect.gen with validation error', async () => {
+      const invalidConfig = {
+        host: 'not-a-url',
+        username: 'testuser',
+        password: 'testpass123',
+      }
+
+      await expect(
+        Effect.gen(function* () {
+          return yield* Schema.decodeUnknown(AppConfig)(invalidConfig)
+        }).pipe(Effect.runPromise),
+      ).rejects.toThrow()
+    })
+  })
+})

package/src/schemas/config.ts

@@ -0,0 +1,75 @@
+import { Schema } from '@effect/schema'
+
+// Flat Application Configuration (similar to ji structure)
+export const AppConfig = Schema.Struct({
+  // Gerrit credentials (flattened)
+  host: Schema.String.pipe(
+    Schema.pattern(/^https?:\/\/.+$/),
+    Schema.annotations({ description: 'Gerrit server URL' }),
+  ),
+  username: Schema.String.pipe(
+    Schema.minLength(1),
+    Schema.annotations({ description: 'Gerrit username' }),
+  ),
+  password: Schema.String.pipe(
+    Schema.minLength(1),
+    Schema.annotations({ description: 'HTTP password or API token' }),
+  ),
+  // AI configuration (flattened)
+  aiTool: Schema.optional(Schema.Literal('claude', 'llm', 'opencode', 'gemini')),
+  aiAutoDetect: Schema.optionalWith(Schema.Boolean, { default: () => true }),
+})
+
+export type AppConfig = Schema.Schema.Type<typeof AppConfig>
+
+// Legacy schemas for backward compatibility (deprecated)
+export const AiConfig = Schema.Struct({
+  tool: Schema.optional(Schema.Literal('claude', 'llm', 'opencode', 'gemini')),
+  autoDetect: Schema.optionalWith(Schema.Boolean, { default: () => true }),
+})
+
+export type AiConfig = Schema.Schema.Type<typeof AiConfig>
+
+// Helper to convert from flat config to legacy AI config
+export const aiConfigFromFlat = (config: AppConfig): AiConfig => ({
+  tool: config.aiTool,
+  autoDetect: config.aiAutoDetect,
+})
+
+// Schema for validating legacy nested config structure
+const LegacyNestedConfig = Schema.Struct({
+  credentials: Schema.Struct({
+    host: Schema.String.pipe(
+      Schema.pattern(/^https?:\/\/.+$/),
+      Schema.annotations({ description: 'Gerrit server URL' }),
+    ),
+    username: Schema.String.pipe(Schema.minLength(1)),
+    password: Schema.String.pipe(Schema.minLength(1)),
+  }),
+  ai: Schema.optional(
+    Schema.Struct({
+      tool: Schema.optional(Schema.Literal('claude', 'llm', 'opencode', 'gemini')),
+      autoDetect: Schema.optional(Schema.Boolean),
+    }),
+  ),
+})
+
+type LegacyNestedConfig = Schema.Schema.Type<typeof LegacyNestedConfig>
+
+// Helper to convert from legacy nested format to flat format with validation
+export const migrateFromNestedConfig = (nested: unknown): AppConfig => {
+  // Validate input structure using Schema
+  const validatedNested = Schema.decodeUnknownSync(LegacyNestedConfig)(nested)
+
+  // Convert to flat structure
+  const flatConfig = {
+    host: validatedNested.credentials.host,
+    username: validatedNested.credentials.username,
+    password: validatedNested.credentials.password,
+    aiTool: validatedNested.ai?.tool,
+    aiAutoDetect: validatedNested.ai?.autoDetect ?? true,
+  }
+
+  // Validate the resulting flat config
+  return Schema.decodeUnknownSync(AppConfig)(flatConfig)
+}