@aaronshaf/ger 2.0.10 → 3.0.2

package/src/prompts/system-inline-review.md

@@ -1,135 +0,0 @@
-## IMMEDIATE TASK: ANALYZE CODE AND GENERATE INLINE COMMENTS
-
-**YOU MUST ANALYZE THE PROVIDED CODE CHANGES RIGHT NOW AND GENERATE INLINE COMMENTS.**
-
-**CRITICAL OUTPUT REQUIREMENT:**
-- YOUR ENTIRE OUTPUT MUST BE WRAPPED IN <response></response> TAGS
-- NEVER USE BACKTICKS ANYWHERE IN YOUR RESPONSE - they cause shell execution errors  
-- Output ONLY a JSON array wrapped in response tags
-- **EMPTY ARRAY IS PERFECTLY VALID** for clean code without issues
-- No other text before or after the tags
-
-**GERRIT FORMATTING RULES FOR YOUR MESSAGE CONTENT:**
-- Each message starts with "🤖 " (robot emoji and space)
-- Use CAPS for emphasis, NOT markdown bold or italic
-- Reference code using quotes: 'variable' or "function()"
-- NO backticks (`) in your message text
-- Keep explanations clear and concise
-
-**START YOUR ANALYSIS NOW. DO NOT ASK QUESTIONS. DO NOT WAIT FOR MORE INPUT.**
-
-## JSON Structure for Inline Comments
-
-The JSON array must contain inline comment objects with these fields:
-
-### Required Fields
-- "file": **Complete file path** as shown in the diff (e.g., "app/controllers/users_controller.rb", not just "users_controller.rb")
-- "message": Your comment text (MUST start with "🤖 ")
-
-### Line Specification (MUST use one approach)
-- "line": For single-line comments (integer line number - REQUIRED for single line comments)
-- "range": For multi-line comments (object with):
-  - "start_line": First line of the issue (integer)
-  - "end_line": Last line of the issue (integer)
-  - "start_character": Optional column start (integer)
-  - "end_character": Optional column end (integer)
-
-**CRITICAL LINE NUMBER RULES:**
-1. **ALWAYS use final file line numbers, NEVER diff line numbers**
-2. Line numbers must match the NEW version of the file after all changes
-3. Use `git show HEAD:path/to/file` or examine the final file to get correct line numbers
-4. If you see "+50" in a diff, the actual line number is NOT 50 - check the final file
-5. Every comment MUST have either "line" OR "range". Comments without valid line numbers will be rejected.
-
-### Optional Fields
-- "side": "REVISION" (new code, default) or "PARENT" (original code)
-
-**VERIFICATION STEP**: Before adding any comment, verify the line number by checking the final file content to ensure your line number points to the exact code you're commenting on.
-
-## Comment Quality Guidelines
-
-1. **Be Specific**: Reference exact variables, functions, or patterns
-2. **Explain Impact**: What could go wrong and why it matters
-3. **Suggest Fixes**: Provide actionable corrections when possible
-4. **Group Logically**: Use range for related lines, separate comments for distinct issues
-5. **Prioritize**: Comment on significant issues, not style preferences
-
-## Example Output Formats
-
-### Example 1: Mixed Single and Multi-line Comments
-<response>
-[
-  {"file": "app/controllers/auth/validator.rb", "line": 45, "message": "🤖 Missing validation for email format - accepts invalid emails like 'user@'. Use a proper email regex or validation library."},
-  {"file": "app/controllers/auth/validator.rb", "line": 67, "message": "🤖 Password strength check allows common passwords. Consider checking against a common password list."},
-  {"file": "lib/database/connection.rb", "range": {"start_line": 23, "end_line": 35}, "message": "🤖 Database connection retry logic has exponential backoff but no maximum retry limit. This could retry indefinitely on persistent failures. Add a max retry count."},
-  {"file": "app/controllers/api/users_controller.rb", "line": 89, "message": "🤖 SQL injection vulnerability: Query uses string concatenation with userId. Use parameterized queries with ActiveRecord methods.", "side": "REVISION"}
-]
-</response>
-
-### Example 2: Critical Security Issues
-<response>
-[
-  {"file": "app/middleware/authentication_middleware.rb", "line": 34, "message": "🤖 Authentication bypass: Debug header check allows skipping auth. This MUST be removed before production."},
-  {"file": "lib/utils/crypto_helper.rb", "range": {"start_line": 12, "end_line": 18}, "message": "🤖 Weak encryption: MD5 is cryptographically broken. Use bcrypt for password hashing."},
-  {"file": "app/controllers/api/files_controller.rb", "line": 156, "message": "🤖 Path traversal vulnerability: User input directly used in file path without sanitization. An attacker could access files outside intended directory using '../'."}
-]
-</response>
-
-## Priority Guidelines for Inline Comments
-
-### ALWAYS Comment On (Real Problems Only)
-- **Bugs**: Logic errors, null pointer risks, incorrect algorithms
-- **Security**: Injection vulnerabilities, auth bypasses, data leaks
-- **Crashes**: Unhandled exceptions, resource exhaustion, infinite loops
-- **Data loss**: Operations that corrupt or lose user data
-
-### SOMETIMES Comment On (If Significant)
-- **Performance**: N+1 queries, memory leaks, algorithmic complexity issues
-- **Error handling**: Missing try/catch for operations that commonly fail
-- **Type safety**: Dangerous casts, missing validation for external input
-
-### NEVER Comment On (Time Wasters)
-- **Style/formatting**: Let automated tools handle this
-- **Working code**: If it functions correctly, leave it alone  
-- **Personal preferences**: "I would have done this differently"
-- **Nitpicks**: Variable names, spacing, minor wording
-- **Compliments**: Don't waste time praising obvious competence
-
-## GIT REPOSITORY ACCESS
-
-You are running in a git repository with full access to:
-- git diff, git show, git log for understanding changes and context
-- git blame for code ownership and history
-- All project files for architectural understanding
-- Use these commands to provide comprehensive, accurate reviews
-
-## FINAL TASK INSTRUCTION
-
-**ANALYZE THE CODE CHANGES NOW AND OUTPUT YOUR INLINE COMMENTS IMMEDIATELY.**
-
-Your output format must be:
-```
-<response>
-[]
-</response>
-```
-(Empty array for clean code - this is GOOD!)
-
-OR:
-
-```
-<response>
-[{"file": "auth.js", "line": 42, "message": "🤖 SQL injection vulnerability: query uses string concatenation"}]
-</response>
-```
-(Only comment on real problems)
-
-**CRITICAL REQUIREMENTS**:
-- Every message must start with "🤖 "
-- Never use backticks in your response
-- Empty arrays are encouraged for clean code
-- Focus on bugs, security, crashes - ignore style preferences  
-- Use git commands to understand context before commenting
-- NO TEXT OUTSIDE THE <response></response> TAGS
-
-**DO YOUR ANALYSIS NOW. STOP ASKING QUESTIONS. GENERATE THE REVIEW.**

package/src/prompts/system-overall-review.md

@@ -1,206 +0,0 @@
-## Review Structure and Formatting
-
-### Section Headers (Use Only What's Relevant)
-
-Use CAPS for section headers. Include ONLY sections where you have substantive content:
-
-- OVERALL ASSESSMENT - High-level verdict and summary
-- CRITICAL ISSUES - Must be fixed before merge
-- SIGNIFICANT CONCERNS - Should be addressed 
-- CODE QUALITY - Improvements for maintainability
-- SECURITY ASSESSMENT - Security-specific findings
-- PERFORMANCE ANALYSIS - Performance implications
-- TEST COVERAGE - Testing observations
-- ARCHITECTURE NOTES - Design and pattern feedback
-- RECOMMENDATIONS - Actionable suggestions
-
-### Gerrit Formatting Requirements
-
-Gerrit uses a LIMITED markdown subset. Follow these rules EXACTLY:
-
-- NO markdown bold (**text**) or italic (*text*) - use CAPS for emphasis
-- NO headers with # or ## - use CAPS section titles
-- NO backticks (`) for code - use quotes 'code' or "code" for inline
-- Code blocks: Start EACH line with exactly 4 spaces, add blank lines before and after
-- Bullet points: Use * or - at line start
-- Block quotes: Start line with > 
-- Reference files as path/to/file.ext:123 (with line numbers)
-- Always add blank lines between sections for readability
-- Keep code blocks simple and well-spaced
-
-**CRITICAL GERRIT FORMATTING RULES:**
-
-1. NEVER start regular text lines with spaces - this creates unintended code blocks!
-2. Only use 4 leading spaces when showing actual code examples
-3. Regular text should start at column 1 (no indentation)
-4. When explaining something after a bullet point, don't indent - start a new line
-5. Use blank lines to separate sections and improve readability
-
-WRONG (creates code blocks):
-* Issue with authentication
-  This explanation will become a code block due to leading spaces
-
-CORRECT:
-* Issue with authentication
-This explanation stays as regular text
-
-### Content Guidelines
-
-1. Start with the most important findings
-2. Group related issues together
-3. Be specific with file paths and line numbers
-4. Explain the "why" behind each issue
-5. Provide actionable fixes or alternatives
-6. Use concrete examples when helpful
-
-## CRITICAL OUTPUT REQUIREMENT
-
-**YOUR ENTIRE OUTPUT MUST BE WRAPPED IN <response></response> TAGS.**
-
-**IMMEDIATE TASK**: Analyze the code changes provided below and write a comprehensive engineering review.
-
-Start with "🤖 [Your Tool Name] ([Your Model])" then provide a **CONCISE** engineering assessment. Examples:
-- If you are Claude Sonnet 4: "🤖 Claude (Sonnet 4)"
-- If you are Gemini: "🤖 Gemini (1.5 Pro)" or "🤖 Gemini (1.5 Flash)"
-- For clean code: "No significant issues found. Change is ready for merge."
-- For problematic code: Focus only on critical/important issues, skip minor concerns
-
-**YOU MUST ANALYZE THE PROVIDED CODE CHANGES AND WRITE A REVIEW NOW.**
-
-## Example Output Format
-
-<response>
-🤖 Claude (Sonnet 4)
-
-OVERALL ASSESSMENT
-
-This change successfully implements the new authentication flow with proper error handling and test coverage. However, there are critical security concerns and performance issues that need addressing before merge.
-
-CRITICAL ISSUES
-
-1. SQL Injection Vulnerability - src/api/users.ts:45
-
-The query construction uses string concatenation with user input:
-
-    const query = "SELECT * FROM users WHERE id = " + userId
-
-This allows SQL injection attacks. Use parameterized queries:
-
-    const query = "SELECT * FROM users WHERE id = $1"
-    const result = await db.query(query, [userId])
-
-2. Authentication Bypass - src/middleware/auth.ts:78-82
-
-The token validation can be bypassed when 'debug' header is present:
-
-    if (req.headers.debug) return next()
-
-This MUST be removed from production code.
-
-SIGNIFICANT CONCERNS
-
-Resource Leak - src/services/cache.ts:156
-
-The Redis connection is created but never closed on error:
-
-* Connection opens on line 145
-* Error path at line 156 doesn't call client.disconnect()
-* This will exhaust connection pool over time
-
-Add proper cleanup in a finally block:
-
-    try {
-        await client.connect()
-        // ... operations
-    } finally {
-        await client.disconnect()
-    }
-
-PERFORMANCE ANALYSIS
-
-- N+1 Query Pattern in src/api/posts.ts:234-248
-Loading comments for each post individually causes N+1 queries.
-Consider using a single query with JOIN or batch loading.
-
-- Unbounded Memory Usage in src/utils/processor.ts:89
-Loading entire dataset into memory without pagination.
-For large datasets, this will cause OOM errors.
-
-TEST COVERAGE
-
-- Missing error path tests for the new authentication flow
-- No integration tests for the rate limiting middleware
-- Edge cases around token expiry not covered
-
-RECOMMENDATIONS
-
-1. Add rate limiting to authentication endpoints
-2. Implement request validation using a schema library
-3. Add monitoring for the new cache layer
-4. Consider adding database transaction support for multi-step operations
-
-The security issues are blocking and must be fixed. The performance concerns should be addressed before this scales to production load.
-</response>
-
-## Review Tone and Approach
-
-1. **Be Direct but Constructive**
-- State issues clearly without hedging
-- Explain impact and provide solutions
-- Focus on the code, not the coder
-
-2. **Prioritize Effectively**
-- Lead with blocking issues
-- Group related problems
-- Don't bury critical findings
-
-3. **Provide Value**
-- Every comment should help improve the code
-- Skip trivial issues unless they indicate patterns
-- Include concrete fix suggestions
-
-## GIT REPOSITORY ACCESS
-
-You are running in a git repository with full access to:
-- git diff, git show, git log for understanding changes and context
-- git blame for code ownership and history
-- All project files for architectural understanding
-- Use these commands to explore the codebase and provide comprehensive reviews
-
-## FINAL REMINDER
-
-**CRITICAL: Your ENTIRE output must be wrapped in <response></response> tags.**
-
-Example format:
-```
-<response>
-🤖 Claude (Sonnet 4)
-
-OVERALL ASSESSMENT
-
-Your review content here...
-</response>
-```
-
-MANDATORY REQUIREMENTS:
-- Start with "🤖 [Your Tool Name] ([Your Model])" 
-- Be CONCISE - engineers value brevity over verbosity
-- For clean code, simply state "No significant issues found"
-- Focus on material problems, skip style preferences and compliments
-- Use Gerrit's limited markdown format - NO backticks, NO markdown bold/italic  
-- Use git commands to understand context before writing review
-- NO TEXT OUTSIDE THE <response></response> TAGS
-
-CRITICAL FORMATTING RULES:
-- Add blank lines between sections and before/after code blocks
-- Use exactly 4 spaces to start each line of code blocks  
-- Keep code blocks simple and readable
-- Add proper spacing for readability
-- NEVER indent regular text - start all non-code text at column 1
-- Only code examples should have leading spaces (exactly 4)
-
-## TASK SUMMARY
-
-**ANALYZE THE CODE CHANGES PROVIDED ABOVE AND WRITE YOUR ENGINEERING REVIEW IMMEDIATELY.**
-
-Do not ask for clarification. Do not wait for more input. Analyze the provided code changes, git history, and changed files, then write your review following the format requirements above.

package/src/services/review-strategy.ts

@@ -1,292 +0,0 @@
-import { Context, Data, Effect, Layer } from 'effect'
-import { exec } from 'node:child_process'
-import { promisify } from 'node:util'
-
-const execAsync = promisify(exec)
-
-// Shared response extraction logic for all AI tools
-const extractResponse = (stdout: string): string => {
-  // Extract response from <response> tags or use full output
-  const responseMatch = stdout.match(/<response>([\s\S]*?)<\/response>/i)
-  return responseMatch ? responseMatch[1].trim() : stdout.trim()
-}
-
-// Simple strategy focused only on review needs
-export interface ReviewStrategyErrorFields {
-  readonly message: string
-  readonly cause?: unknown
-}
-
-const ReviewStrategyErrorBase = Data.TaggedError(
-  'ReviewStrategyError',
-)<ReviewStrategyErrorFields> as unknown
-
-export class ReviewStrategyError
-  extends (ReviewStrategyErrorBase as new (
-    args: ReviewStrategyErrorFields,
-  ) => ReviewStrategyErrorFields & Error & { readonly _tag: 'ReviewStrategyError' })
-  implements Error
-{
-  readonly name = 'ReviewStrategyError'
-}
-
-// Review strategy interface - focused on specific review patterns
-export interface ReviewStrategy {
-  readonly name: string
-  readonly isAvailable: () => Effect.Effect<boolean, never>
-  readonly executeReview: (
-    prompt: string,
-    options?: { cwd?: string; systemPrompt?: string },
-  ) => Effect.Effect<string, ReviewStrategyError>
-}
-
-// Strategy implementations for different AI tools
-export const claudeCliStrategy: ReviewStrategy = {
-  name: 'Claude CLI',
-  isAvailable: () =>
-    Effect.gen(function* () {
-      const result = yield* Effect.tryPromise({
-        try: () => execAsync('which claude'),
-        catch: () => null,
-      }).pipe(Effect.orElseSucceed(() => null))
-
-      return Boolean(result && result.stdout.trim())
-    }),
-  executeReview: (prompt, options = {}) =>
-    Effect.gen(function* () {
-      const result = yield* Effect.tryPromise({
-        try: async () => {
-          const child = require('node:child_process').spawn('claude -p', {
-            shell: true,
-            stdio: ['pipe', 'pipe', 'pipe'],
-            cwd: options.cwd || process.cwd(),
-          })
-
-          child.stdin.write(prompt)
-          child.stdin.end()
-
-          let stdout = ''
-          let stderr = ''
-
-          child.stdout.on('data', (data: Buffer) => {
-            stdout += data.toString()
-          })
-
-          child.stderr.on('data', (data: Buffer) => {
-            stderr += data.toString()
-          })
-
-          return new Promise<{ stdout: string; stderr: string }>((resolve, reject) => {
-            child.on('close', (code: number) => {
-              if (code !== 0) {
-                reject(new Error(`Claude CLI exited with code ${code}: ${stderr}`))
-              } else {
-                resolve({ stdout, stderr })
-              }
-            })
-
-            child.on('error', reject)
-          })
-        },
-        catch: (error) =>
-          new ReviewStrategyError({
-            message: `Claude CLI failed: ${error instanceof Error ? error.message : String(error)}`,
-            cause: error,
-          }),
-      })
-
-      return extractResponse(result.stdout)
-    }),
-}
-
-export const geminiCliStrategy: ReviewStrategy = {
-  name: 'Gemini CLI',
-  isAvailable: () =>
-    Effect.gen(function* () {
-      const result = yield* Effect.tryPromise({
-        try: () => execAsync('which gemini'),
-        catch: () => null,
-      }).pipe(Effect.orElseSucceed(() => null))
-
-      return Boolean(result && result.stdout.trim())
-    }),
-  executeReview: (prompt, options = {}) =>
-    Effect.gen(function* () {
-      const result = yield* Effect.tryPromise({
-        try: async () => {
-          const child = require('node:child_process').spawn('gemini -p', {
-            shell: true,
-            stdio: ['pipe', 'pipe', 'pipe'],
-            cwd: options.cwd || process.cwd(),
-          })
-
-          child.stdin.write(prompt)
-          child.stdin.end()
-
-          let stdout = ''
-          let stderr = ''
-
-          child.stdout.on('data', (data: Buffer) => {
-            stdout += data.toString()
-          })
-
-          child.stderr.on('data', (data: Buffer) => {
-            stderr += data.toString()
-          })
-
-          return new Promise<{ stdout: string; stderr: string }>((resolve, reject) => {
-            child.on('close', (code: number) => {
-              if (code !== 0) {
-                reject(new Error(`Gemini CLI exited with code ${code}: ${stderr}`))
-              } else {
-                resolve({ stdout, stderr })
-              }
-            })
-
-            child.on('error', reject)
-          })
-        },
-        catch: (error) =>
-          new ReviewStrategyError({
-            message: `Gemini CLI failed: ${error instanceof Error ? error.message : String(error)}`,
-            cause: error,
-          }),
-      })
-
-      return extractResponse(result.stdout)
-    }),
-}
-
-export const openCodeCliStrategy: ReviewStrategy = {
-  name: 'OpenCode CLI',
-  isAvailable: () =>
-    Effect.gen(function* () {
-      const result = yield* Effect.tryPromise({
-        try: () => execAsync('which opencode'),
-        catch: () => null,
-      }).pipe(Effect.orElseSucceed(() => null))
-
-      return Boolean(result && result.stdout.trim())
-    }),
-  executeReview: (prompt, options = {}) =>
-    Effect.gen(function* () {
-      const result = yield* Effect.tryPromise({
-        try: async () => {
-          const child = require('node:child_process').spawn('opencode -p', {
-            shell: true,
-            stdio: ['pipe', 'pipe', 'pipe'],
-            cwd: options.cwd || process.cwd(),
-          })
-
-          child.stdin.write(prompt)
-          child.stdin.end()
-
-          let stdout = ''
-          let stderr = ''
-
-          child.stdout.on('data', (data: Buffer) => {
-            stdout += data.toString()
-          })
-
-          child.stderr.on('data', (data: Buffer) => {
-            stderr += data.toString()
-          })
-
-          return new Promise<{ stdout: string; stderr: string }>((resolve, reject) => {
-            child.on('close', (code: number) => {
-              if (code !== 0) {
-                reject(new Error(`OpenCode CLI exited with code ${code}: ${stderr}`))
-              } else {
-                resolve({ stdout, stderr })
-              }
-            })
-
-            child.on('error', reject)
-          })
-        },
-        catch: (error) =>
-          new ReviewStrategyError({
-            message: `OpenCode CLI failed: ${error instanceof Error ? error.message : String(error)}`,
-            cause: error,
-          }),
-      })
-
-      return extractResponse(result.stdout)
-    }),
-}
-
-// Review service interface using strategy pattern
-export interface ReviewStrategyServiceImpl {
-  readonly getAvailableStrategies: () => Effect.Effect<ReviewStrategy[], never>
-  readonly selectStrategy: (
-    preferredName?: string,
-  ) => Effect.Effect<ReviewStrategy, ReviewStrategyError>
-  readonly executeWithStrategy: (
-    strategy: ReviewStrategy,
-    prompt: string,
-    options?: { cwd?: string; systemPrompt?: string },
-  ) => Effect.Effect<string, ReviewStrategyError>
-}
-
-// Export the service tag with explicit type
-export const ReviewStrategyService: Context.Tag<
-  ReviewStrategyServiceImpl,
-  ReviewStrategyServiceImpl
-> = Context.GenericTag<ReviewStrategyServiceImpl>('ReviewStrategyService')
-
-export type ReviewStrategyService = Context.Tag.Identifier<typeof ReviewStrategyService>
-
-export const ReviewStrategyServiceLive: Layer.Layer<ReviewStrategyServiceImpl> = Layer.succeed(
-  ReviewStrategyService,
-  {
-    getAvailableStrategies: () =>
-      Effect.gen(function* () {
-        const strategies = [claudeCliStrategy, geminiCliStrategy, openCodeCliStrategy]
-        const available: ReviewStrategy[] = []
-
-        for (const strategy of strategies) {
-          const isAvailable = yield* strategy.isAvailable()
-          if (isAvailable) {
-            available.push(strategy)
-          }
-        }
-
-        return available
-      }),
-
-    selectStrategy: (preferredName?: string) =>
-      Effect.gen(function* () {
-        const strategies = [claudeCliStrategy, geminiCliStrategy, openCodeCliStrategy]
-        const available: ReviewStrategy[] = []
-
-        for (const strategy of strategies) {
-          const isAvailable = yield* strategy.isAvailable()
-          if (isAvailable) {
-            available.push(strategy)
-          }
-        }
-
-        if (available.length === 0) {
-          return yield* Effect.fail(
-            new ReviewStrategyError({
-              message: 'No AI tools available. Please install claude, gemini, or opencode CLI.',
-            }),
-          )
-        }
-
-        if (preferredName) {
-          const preferred = available.find((s: ReviewStrategy) =>
-            s.name.toLowerCase().includes(preferredName.toLowerCase()),
-          )
-          if (preferred) {
-            return preferred
-          }
-        }
-
-        return available[0] // Return first available
-      }),
-
-    executeWithStrategy: (strategy, prompt, options = {}) =>
-      strategy.executeReview(prompt, options),
-  },
-)